Privacy Policy
Last updated me.pencipta.com
Pencipta ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use Link at https://me.pencipta.com (the "Service").
Account data
Name, email, and profile image from Google OAuth; role, handle, and session records in our database.
Link & bio content
Slugs, destinations, bio layouts, optional avatars, and aggregate click or view analytics you configure.
Visitor analytics
Bio page events (views, taps) retained for a limited period-typically about 90 days-then pruned.
Infrastructure
Hosting and database providers (e.g. Vercel, Neon) process data on our behalf under their own terms.
1. Scope
This policy applies to:
- Visitors to our marketing and legal pages.
- Registered users who sign in and use the dashboard.
- Visitors who follow short links or view public link-in-bio pages.
It does not apply to third-party websites you reach through user-created links. Those sites have their own privacy practices.
2. Information we collect
Account and authentication
When you sign in with Google OAuth (via Auth.js), we receive information such as your name, email address, and profile image URL from Google. We store account records in our database, including a user identifier, role (user or admin), optional public handle, and timestamps. We do not receive or store your Google password.
Session data is stored in cookies required to keep you signed in. See our Cookie Policy.
Short links you create
For each short link we typically store:
- Slug (path segment after
/r/). - Destination URL you configure.
- Active/inactive status.
- Aggregate click count and time of last click.
- Ownership (linked to your user account) and creation/update timestamps.
We do not intentionally log full redirect analytics (such as per-visitor IP addresses) for short links in the standard product flow unless described in a future update to this policy.
Link-in-bio pages
If you use link-in-bio features, we may store:
- Public handle, display name, theme, and sanitized bio HTML.
- Avatar URL (including URLs from optional S3 uploads when configured).
- Optional password hash if you enable password protection (we do not store plaintext passwords).
- Draft and published page structure (sections, rows, link targets).
- Publication status, suspension flags, and related timestamps.
Bio analytics events
When visitors interact with a published bio page, we may record events such as page views and link taps. Events are associated with the bio page and may include a row identifier for link taps. We use these events to show analytics to the page owner. Raw event rows may be pruned after approximately 90 days via scheduled maintenance.
Social media publishing (optional)
If you connect a Meta (Facebook) account to schedule or publish posts to Instagram, Facebook Pages, or Threads, we store encrypted OAuth tokens, your selected publishing destinations, post captions and media URLs you upload, draft/scheduled/publish status, and per-platform publish results. Publishing is performed on your behalf via Meta's APIs when you choose to publish or when a scheduled time is reached. Disconnecting Meta keeps your saved drafts but blocks new publishing until you reconnect.
Abuse reports
If someone reports a bio page, we may store the report category, optional details, the reported page reference, and optionally the reporter's user ID if they were signed in.
Administrative activity
Operator actions (such as suspending users or links) may be recorded in an audit log with actor ID, action type, target, optional metadata, and timestamp.
Technical and usage data
- Server logs - our hosting provider may process IP addresses, user agents, and request metadata for security and operations.
- Product analytics - only if you consent to non-essential cookies, we load Vercel Web Analytics on pages where the consent banner is shown. See the Cookie Policy.
- Cookie consent choice - stored locally in your browser (
pencipta_cookie_consent).
3. How we use information
We use personal information to:
- Provide, operate, and maintain the Service.
- Authenticate you and manage your account.
- Process redirects and display public bio pages you publish.
- Show click counts and bio analytics to you as the account owner.
- Detect, prevent, and respond to abuse, fraud, and security incidents.
- Comply with legal obligations and enforce our Terms.
- Improve the Service using aggregated or de-identified insights where possible.
We do not sell your personal information.
4. Legal bases (EEA/UK users)
Where the GDPR or UK GDPR applies, we rely on:
- Contract - processing needed to provide the Service you request.
- Legitimate interests - security, abuse prevention, analytics for bio owners, and improving the Service, balanced against your rights.
- Consent - non-essential analytics cookies, where required.
- Legal obligation - when we must retain or disclose data by law.
5. Sharing and service providers
We share information only as needed with:
- Google - authentication (Google Sign-In). Subject to Google's Privacy Policy.
- Vercel - application hosting and, if you consent, Web Analytics.
- Neon (or equivalent Postgres provider) - database hosting for account and product data.
- Amazon Web Services (optional) - object storage for bio avatar uploads when S3 is configured in the deployment environment.
We may also disclose information if required by law, to protect rights and safety, or in connection with a merger or acquisition with appropriate safeguards.
6. Data retention
- Account data is kept while your account exists and as needed afterward for legal compliance.
- Short link data persists until you delete it or your account is removed.
- Bio analytics events may be pruned after roughly 90 days.
- Audit and abuse-report records may be retained longer where needed for safety and legal purposes.
- Backups may retain deleted data for a limited period before rotation.
7. Security
We use industry-standard measures such as HTTPS, access controls for admin features, and hashed passwords for optional bio protection. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
8. Your rights and choices
Depending on where you live, you may have the right to:
- Access, correct, or delete personal information we hold about you.
- Object to or restrict certain processing.
- Withdraw consent for analytics cookies (via our cookie controls).
- Port data you provided in a structured format where technically feasible.
- Lodge a complaint with a supervisory authority.
To exercise rights, email support@pencipta.com. We may need to verify your identity. You can delete links from the dashboard; account deletion requests are handled on request.
9. Children's privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. Contact us if you believe we have done so and we will take appropriate steps to delete it.
10. International data transfers
We and our processors may process data in countries other than your own. Where required, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms offered by our providers.
11. Changes to this policy
We may update this Privacy Policy. The "Last updated" date will change when we do. Material changes may be communicated through the Service or by email where appropriate.
12. Contact
Privacy questions and requests: support@pencipta.com.
Related: Terms of Service, Cookie Policy.