Privacy Policy

Created on 18 February, 2026 • 2 views • 9 minutes read

How EditableLinks.com collects, uses, and protects your personal data.

Privacy Policy

Last updated: 19 February 2026

This Privacy Policy explains how Industrial Strategic Ltd, trading as EditableLinks.com (“we”, “us”, “our”), collects, uses, stores, and protects your personal data when you use our website and services at editablelinks.com (the “Service”).

We are committed to protecting your privacy and processing your data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU General Data Protection Regulation (EU GDPR) where applicable, and applicable United States privacy legislation including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

1. Data Controller

The data controller responsible for your personal data is:

Industrial Strategic Ltd
5 South Charlotte Street
Edinburgh, EH2 4AN
Scotland, United Kingdom

Email: hello@editablelinks.com

2. Personal Data We Collect

2.1 Account Data

When you register for an account, we collect:

  • Full name
  • Email address
  • Password (stored in hashed form only)
  • Billing name and address (when you subscribe to a paid plan)
  • VAT number (if provided)

2.2 Service Usage Data

When you use the Service, we collect data related to the resources you create and manage, including:

  • Shortened links, their destination URLs, and associated metadata (custom aliases, UTM parameters, expiry settings, password protection settings, targeting rules)
  • Bio link pages and their content (text, images, embedded media, contact forms, social links, business hours, payment integrations)
  • QR codes and their associated configuration (colours, logos, styles, linked URLs)
  • File links and uploaded files
  • vCard links and associated contact information
  • Event links and associated event details
  • Static site content
  • Splash page configurations
  • Project and organisational structures
  • Custom domain configurations
  • Notification handler settings (email, webhook, Slack, Discord, Telegram, Microsoft Teams)
  • Tracking pixel configurations

2.3 Analytics and Visitor Data

When visitors access resources created through the Service (shortened links, bio link pages, QR code destinations, file links, vCard links, event links, and static sites), we collect:

  • IP address (used for geographic location lookup and then discarded or anonymised in accordance with your plan’s statistics retention period)
  • Approximate geographic location (country, city) derived from IP address
  • Browser type and version
  • Operating system
  • Device type
  • Referring URL
  • Date and time of access
  • Language preference

This data is collected to provide analytics to our users and is retained for the duration specified by the user’s subscription plan, after which it is automatically deleted.

2.4 Payment Data

When you subscribe to a paid plan, payment is processed by our third-party payment processor, Stripe. We do not store your full credit or debit card number. We receive and store:

  • Transaction reference and payment status
  • Last four digits of the card used
  • Billing name and address
  • Payment amount, currency, and date
  • Subscription status and renewal dates

2.5 Data Collected via Biolink Blocks

Certain bio link page blocks allow our users to collect data from their own visitors, including:

  • Email addresses (via email collector blocks)
  • Phone numbers (via phone collector blocks)
  • Contact form submissions (name, email, message)
  • PayPal payment information (processed by PayPal)

This data is collected by the EditableLinks.com user who created the bio link page. That user is the data controller for this visitor data, and we act as a data processor on their behalf. Users who collect visitor data through these blocks are responsible for ensuring they have appropriate legal bases, privacy notices, and consent mechanisms in place.

2.6 Cookies and Similar Technologies

We use cookies and similar technologies for the following purposes:

  • Essential cookies: Required for the Service to function, including session management, authentication, and security. These cannot be disabled.
  • Functional cookies: Remember your preferences such as language and display settings.
  • Analytics cookies: Help us understand how the Service is used so we can improve it. These are only set with your consent where required by law.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the Service: Creating and managing your account, processing your shortened links, bio link pages, QR codes, file links, vCard links, event links, static sites, and all other features of the Service.
  • Analytics: Generating visitor statistics for resources created through the Service.
  • Payment processing: Processing subscription payments, issuing invoices, and managing billing.
  • Communication: Sending transactional emails (account verification, password resets, payment confirmations, subscription notifications), email reports on link performance (where enabled by you), and notification handler alerts.
  • Security: Protecting against fraud, abuse, and unauthorised access, including checking submitted URLs against safety databases where enabled.
  • Service improvement: Understanding how the Service is used to improve features and user experience.
  • Legal compliance: Meeting our obligations under applicable law, including tax and accounting requirements.

4. Legal Bases for Processing (UK and EU GDPR)

We process your personal data on the following legal bases:

  • Performance of a contract (Article 6(1)(b)): Processing necessary to provide the Service to you, including account management, link creation, analytics, and payment processing.
  • Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate interests, including service improvement, security, and fraud prevention, where these interests are not overridden by your rights.
  • Legal obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations, including tax reporting and responding to lawful requests from authorities.
  • Consent (Article 6(1)(a)): Where we rely on your consent, such as for non-essential cookies or marketing communications. You may withdraw consent at any time.

5. Data Sharing

We share your personal data with the following categories of recipients:

  • Payment processors: Stripe processes payments on our behalf. Their privacy policy is available at stripe.com/privacy.
  • Hosting providers: Our servers are hosted by Namecheap. Data is stored on servers located in the United States.
  • Email delivery services: Transactional emails may be sent through third-party SMTP providers.
  • URL safety services: Where enabled, submitted URLs may be checked against Google Safe Browsing to protect against malicious content.
  • Social login providers: If you choose to sign in using a social login provider (such as Google, Facebook, Twitter, Discord, LinkedIn, or Microsoft), we exchange authentication data with that provider.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the United Kingdom and the European Economic Area, including the United States (where our hosting infrastructure is located).

Where we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office or the European Commission
  • Adequacy decisions where applicable
  • Other lawful transfer mechanisms under UK GDPR and EU GDPR

7. Data Retention

  • Account data: Retained for as long as your account is active, and for up to 12 months after account closure to allow for reactivation and to comply with legal obligations.
  • Service usage data (links, bio pages, QR codes, etc.): Retained for as long as your account is active. Deleted within 30 days of account closure.
  • Analytics and visitor data: Retained for the duration specified by your subscription plan (7 days, 90 days, 365 days, or indefinitely depending on plan). Data beyond your plan’s retention period is automatically deleted.
  • Payment and billing data: Retained for a minimum of 6 years after the transaction to comply with UK tax and accounting legislation (Taxes Management Act 1970).
  • Data collected via biolink blocks: Retained for as long as the collecting user’s account is active, unless deleted sooner by the user.

8. Your Rights

8.1 UK and EU GDPR Rights

If you are located in the United Kingdom or the European Economic Area, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction: Request that we restrict processing of your personal data in certain circumstances.
  • Right to data portability: Request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time.
  • Right to lodge a complaint: Lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or your local supervisory authority.

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the CCPA as amended by the CPRA:

  • Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting the information, and the categories of third parties with whom we share it.
  • Right to delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to opt out of sale or sharing: We do not sell or share your personal information for cross-context behavioural advertising as defined under the CCPA/CPRA.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your rights.

8.3 Exercising Your Rights

To exercise any of these rights, contact us at hello@editablelinks.com. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

You may also export your data directly from the Service where your plan includes export functionality (CSV, JSON, or PDF export).

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit using TLS/SSL
  • Hashed password storage using industry-standard algorithms
  • Access controls limiting data access to authorised personnel
  • Regular security monitoring and updates
  • Secure payment processing through PCI DSS-compliant providers

No method of transmission or storage is completely secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security.

10. Children’s Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly. If you believe a child has provided us with personal data, please contact us at hello@editablelinks.com.

11. Third-Party Links and Content

The Service enables users to create links to external websites and embed third-party content (including YouTube, Vimeo, Spotify, SoundCloud, TikTok, and Twitch). We are not responsible for the privacy practices of these third-party services. We encourage you to read their respective privacy policies.

12. White-Label and Custom Branding

Certain subscription plans allow users to apply custom branding, including custom logos, favicons, and footer text. Where a user has applied white-label branding, this Privacy Policy continues to apply to all data processing carried out by EditableLinks.com. Users who operate white-labelled instances of the Service are responsible for ensuring their own visitors are informed about data processing practices.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or by prominent notice within the Service. The “Last updated” date at the top of this page indicates the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, contact us at:

Industrial Strategic Ltd
5 South Charlotte Street
Edinburgh, EH2 4AN
Scotland, United Kingdom

Email: hello@editablelinks.com