Privacy Policy

This Privacy Policy explains how Door 24 Technologies LLC (“Door 24,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information in connection with the Just Link In Bio website, creator dashboard, public bio pages, and related services (collectively, the “Service”).

This Policy applies to creators, applicants, visitors to public bio pages, and anyone who contacts us. It does not apply to the practices of third parties we do not own or control, including partner applications you choose to engage with.

We collect the following categories of personal information:

• Account and application information. Name, email address, password (stored as a salted hash), preferred handle, social profile links, profile photo, biography, and any other information you submit when applying for or managing a creator account.
• Content you publish. Page content, links, captions, images, and other materials you choose to publish on your public bio page.
• Usage and analytics data. Pages and links viewed, click and conversion events, referrers, search terms, session timestamps, and other interactions with the Service.
• Device and log data. IP address, browser type and version, operating system, device identifiers, language settings, and approximate location derived from IP address.
• Cookies and similar technologies. First- and third-party cookies, local storage, pixels, and SDKs used for authentication, security, analytics, and measurement. See Cookies and tracking below.
• Communications. The contents of emails, support tickets, and other correspondence you send to us, including any attachments.
• Payment and tax information (creators). If you are eligible for payouts, we (or our payment processors) collect the information necessary to pay you and comply with tax law, which may include legal name, address, payout method details, and tax identification information.

We do not knowingly collect sensitive personal information (such as government identifiers, precise geolocation, biometric data, or information about health, race, religion, or sexual orientation) and ask that you not submit it through the Service.

We collect personal information:

• directly from you, when you apply, sign in, or use the Service;
• automatically, when you interact with the Service or open emails from us, through cookies, server logs, and similar technologies;
• from third parties, such as our authentication, hosting, analytics, and payment providers, and from partner applications you direct to share data with us (for example, when a click on your tracking link results in a partner conversion).

We use personal information to:

• operate, maintain, and improve the Service, including reviewing applications and onboarding approved creators;
• publish and serve your public bio page and the links it contains;
• measure clicks, conversions, and partner attribution, and calculate any payouts due to you;
• communicate with you about your account, security, product updates, and program announcements;
• personalize the Service, remember preferences, and recommend features;
• detect, investigate, and prevent fraud, abuse, security incidents, and other harmful or illegal activity;
• comply with legal obligations, enforce our Terms, and protect our rights, property, and safety and those of our users, partners, and the public;
• with your consent or where otherwise permitted by law, send marketing communications about Just Link In Bio and our partners.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR:

• Contract: to provide the Service you requested and perform our obligations to you.
• Legitimate interests: to secure the Service, prevent fraud, measure performance, and operate and improve our business, where those interests are not overridden by your rights.
• Consent: for non-essential cookies, certain marketing communications, and any other processing where consent is required. You may withdraw consent at any time.
• Legal obligation: to comply with tax, accounting, and other laws.

We do not sell your personal information in the traditional sense. We share personal information only as described below:

• Public bio pages. Information you choose to publish on your bio page (e.g., your handle, photo, links, captions) is, by design, publicly accessible.
• Service providers. Vendors that help us operate the Service, including hosting, authentication, database, analytics, email, customer support, and payment-processing providers. They may access personal information only to perform services for us and are contractually required to protect it. Our current providers in the customer-facing redemption flow are Kit (transactional email + nurture sequences), RevenueCat (subscription event processing for creator-attribution calculations), and Stripe Connect (creator payout processing; customers do not interact with Stripe). For the bio pages and creator dashboard we additionally use Firebase / Google Cloud (hosting + database) and Sentry (error monitoring with PII scrubbing). We log your IP address and click metadata for fraud prevention, creator-attribution dispute resolution, and aggregate analytics, never to build advertising profiles or sell to data brokers.
• Partner applications.When a visitor clicks one of your tracking links, we share the click event (and, where applicable, identifiers needed for attribution) with the destination partner so that conversions can be measured and payouts calculated. Once the visitor lands on a partner’s property, that partner’s own privacy policy applies.
• Legal and safety. Authorities, courts, regulators, or other third parties where we believe in good faith that disclosure is necessary to comply with law, enforce our Terms, or protect the rights, property, or safety of Door 24, our users, or others.
• Corporate transactions. An actual or prospective acquirer, successor, or assignee in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to appropriate confidentiality protections.
• With your direction. Anyone else, with your consent or at your direction.

We may also share aggregated or de-identified information that cannot reasonably be used to identify you.

We and our service providers use cookies, local storage, pixels, and similar technologies to keep you signed in, remember your preferences, secure the Service, measure usage, and attribute clicks and conversions to creators.

Most browsers let you refuse or delete cookies through their settings. Some browsers and devices also support opt-out signals such as Global Privacy Control (GPC). Where required by law, we honor GPC as a request to opt out of the “sale” or “sharing” of personal information for targeted advertising. Note that disabling cookies may impair certain features.

We keep personal information for as long as needed to provide the Service and for the purposes described in this Policy, and then for the additional periods required to comply with our legal, accounting, tax, and reporting obligations, resolve disputes, and enforce our agreements.

Retention periods vary by the type of information and context. When information is no longer needed, we delete, anonymize, or aggregate it.

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit, access controls, audit logging, and reputable infrastructure providers.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you are responsible for safeguarding your account credentials. If we discover a breach that affects your personal information, we will notify you and regulators as required by law.

Depending on where you live, you may have the following rights regarding your personal information:

• Access: request a copy of the personal information we hold about you.
• Correction: ask us to correct inaccurate or incomplete information.
• Deletion: ask us to delete personal information, subject to legal and operational retention needs.
• Portability: receive certain information in a portable, machine-readable format.
• Opt-out of sale or sharing: opt out of any “sale” or “sharing” (as those terms are defined under U.S. state privacy laws) of personal information, including targeted advertising.
• Limit sensitive personal information: ask us to limit the use of any sensitive personal information.
• Object or restrict: object to, or request restriction of, certain processing (EEA / UK / Swiss users).
• Withdraw consent: where we rely on consent, withdraw it at any time without affecting prior processing.
• Non-discrimination: you have the right not to receive discriminatory treatment for exercising any of these rights.

To exercise your rights, email privacy@justlinkin.bio. We will need to verify your identity before fulfilling certain requests. You may use an authorized agent where permitted by law. If we deny your request, you may appeal by replying to our response, and you may also contact your local data-protection authority.

In the previous 12 months, we have collected the categories of personal information described in Information we collect and used and disclosed them for the purposes described in How we use your information and How we share information.

We do not sell personal information for money. We may “share” certain identifiers, online activity, and inferences with analytics or attribution partners in ways that could be considered “sharing” for cross-context behavioral advertising under California law. You may opt out by enabling Global Privacy Control in a supported browser or by emailing privacy@justlinkin.bio.

We do not knowingly sell or share the personal information of consumers under 16 years of age.

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact privacy@justlinkin.bio and we will take steps to delete it. Where local law requires a higher age of digital consent (for example, 16 in parts of the EEA), the higher age applies.

We operate in the United States, and our service providers may process personal information in countries other than the one in which you live. These countries may have data-protection laws different from those in your country.

Where required, we use appropriate safeguards for international transfers, such as the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum, where applicable), and we rely on lawful transfer mechanisms recognized in your jurisdiction.

The Service contains links to third-party websites, applications, and partner offerings. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing them with personal information.

We may update this Policy from time to time. If we make material changes, we will revise the “Last updated” date and, where required, provide additional notice (such as email or an in-product message). Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.