Privacy Policy
Last updated: November 07, 2025
1. Introduction
LinkLeap ("we", "our", "us", "our service") provides a URL shortening service at linkleap.space and associated domains (the "Service"). This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information. We are committed to protecting your privacy and being transparent about our practices.
2. Data We Collect
Account Data
Email address, hashed password (never stored in plaintext), account verification status, account creation and modification timestamps, and profile information you choose to provide.
Links & URL Data
Original target URLs, short codes (generated identifiers), visibility flags (public/private), creation timestamps, expiration settings, custom alias preferences, and link metadata you configure.
Safety Scan Data
Reputation provider results, risk scores and classifications, scan reasons and findings, threat indicators, audit logs of security scans, and caching of scan results for efficiency.
Usage & Analytics
Link click counts and statistics, HTTP referrer information (when available), basic device and network information (IP address, user agent, browser type), geographic location derived from IP addresses, click timestamps, and usage patterns.
Security Data
CAPTCHA challenge results and verification data, rate-limit counters and throttling logs, authentication and session tokens, and security-related events and activities.
3. How We Use Data
- Provide and operate the Service (create, manage, and resolve short links)
- Detect, prevent, and respond to malware, phishing, spam, adult content, and other abusive or illegal uses
- Improve service reliability and safety (analyze metrics, debug issues, and optimize performance)
- Communicate important changes to privacy policies, terms, or security actions affecting your links
- Generate analytics and usage reports for your account
- Enforce our Terms of Service and other legal agreements
- Comply with legal obligations and law enforcement requests
- Prevent fraud, unauthorized access, and malicious activities
4. Safety Scans & Third-Party Providers
We check submitted URLs against multiple security intelligence providers to identify malicious content. These providers include:
- Google Web Risk & Safe Browsing - detects phishing, malware, and unwanted software
- VirusTotal - performs multi-engine scanning for malicious files and URLs
- URLhaus - identifies URLs hosting malware and other threats
- AbuseIPDB - provides abuse reputation scores for IP addresses
When you submit a URL, we may send parts of the URL or the full URL to these services to obtain reputation verdicts. Their use is governed by their own privacy policies. We cache scan results to reduce data sharing and improve performance. The cache does not retain your personal account information — only the safety verdict and URL path.
5. Cookies & Similar Technologies
We use cookies and similar tracking technologies for essential functions:
- Session Cookies - authenticate you and maintain your login state
- Security Cookies - prevent CSRF attacks and support CAPTCHA challenges
- Preference Cookies - remember your theme and interface preferences
We do not use third-party advertising cookies or tracking pixels for marketing purposes. You can manage cookie preferences in your browser settings.
6. Data Retention
Links & Scan Logs
Retained while the link is active. After deletion or expiration, we retain logs for a limited audit period (typically 180 days) or as required by legal obligations. Scan logs are retained for security and compliance purposes.
Account Data
Retained while your account is active. Upon account deletion, we delete personal account data within 30 days, except where required by law or for legal investigation.
Analytics Data
Click analytics and usage data are retained for 12 months, allowing for historical trend analysis. Aggregated, anonymized data may be retained indefinitely.
7. Your Rights & Choices
- Request re-scans of your links for updated safety verdicts
- Set links to private to restrict visibility from public directories
- Delete individual links immediately or schedule them for deletion
- Request download of your account data in a portable format
- Request deletion of your account and associated links (subject to legal holds and abuse investigations)
- Opt-out of certain communications (while maintaining essential service notifications)
- Control cookie preferences through your browser
8. GDPR & International Privacy Rights
If you are located in the European Union, UK, or other jurisdictions with privacy laws (such as CCPA in California), you have additional rights:
- Right to Access - obtain a copy of your personal data
- Right to Rectification - correct inaccurate or incomplete data
- Right to Erasure - request deletion of your data
- Right to Restrict Processing - limit how we use your data
- Right to Data Portability - receive your data in a portable format
- Right to Object - object to certain processing activities
- Right to Lodge a Complaint - file a complaint with your local data protection authority
We process data with your consent or based on legitimate business interests. We process data in regions where our infrastructure and service providers operate. By using LinkLeap, you consent to such processing.
9. Data Security
We implement industry-standard security measures including:
- HTTPS/TLS encryption for all data in transit
- Hashed and salted passwords (never stored in plaintext)
- Database encryption at rest
- Regular security audits and vulnerability scanning
- Access controls and authentication mechanisms
- Rate limiting and DDoS protection
While we strive to protect your data, no security system is impenetrable. We cannot guarantee absolute security and urge you to use strong passwords and enable two-factor authentication.
10. Children's Privacy
LinkLeap is not directed to children under the age of 13 (or the legal age in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete such information and terminate the child's account immediately.
11. Third-Party Links & Services
LinkLeap contains links to third-party websites and services. We are not responsible for the privacy practices of external sites. We encourage you to review their privacy policies before providing personal information. Our Service may integrate with analytics platforms or security services; their use is governed by their own privacy policies.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with an updated "Last Updated" date. For significant changes, we may provide additional notice. Your continued use of LinkLeap after such changes constitutes your acceptance of the updated policy.
13. Contact Us
For privacy-related inquiries, data access requests, or complaints, please contact us:
We will respond to your requests within 30 days or as required by applicable law.
Legal Notice
This Privacy Policy is a general framework and should be reviewed in conjunction with our Terms of Service. This policy is not legal advice. For jurisdiction-specific compliance (including GDPR, CCPA, or local regulations), please consult with a qualified legal professional. LinkLeap operates globally and strives to comply with privacy laws in all jurisdictions where it operates.