GDPR & Data Rights

Last updated: 15 April 2025 · Applies to EU/EEA residents

Our role under GDPR

Link-Craft operates in a dual capacity:

Data Controller — for data we collect directly (account registration, billing, platform analytics).
Data Processor — for End User account-link data collected on behalf of Server Operators (who are the Controllers for their communities).

Legal bases for processing

Contract performance — processing necessary to provide the service you subscribed to (Art. 6(1)(b)).
Legitimate interests — security monitoring, fraud prevention, aggregate analytics (Art. 6(1)(f)).
Legal obligation — retaining billing records as required by tax law (Art. 6(1)(c)).

Your rights

Right of Access (Art. 15)

Request a copy of all personal data we hold about you.

Right to Rectification (Art. 16)

Ask us to correct inaccurate or incomplete data.

Right to Erasure (Art. 17)

Request deletion of your data. We will comply within 30 days unless a legal obligation requires retention (e.g. billing records kept for 7 years).

Right to Restriction (Art. 18)

Ask us to pause processing of your data while a dispute is resolved.

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format (JSON).

Right to Object (Art. 21)

Object to processing based on legitimate interests. We will cease unless we can demonstrate compelling grounds.

How to exercise your rights

Email privacy@link-craft.com with subject line "GDPR Request — [Right name]". We will respond within 30 days. For complex requests we may extend to 90 days but will notify you.

You can also submit a complaint to your national data protection authority (e.g. CNIL in France, ICO in the UK).

International transfers

Data is stored primarily in the EU. Where we use services that transfer data outside the EEA (e.g. Stripe in the US), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

Data Protection Officer

We do not currently meet the threshold requiring a formal DPO. Privacy enquiries are handled directly by the founding team at privacy@link-craft.com.