Steezrsteezr link

/privacy

Privacy Policy

Last updated: April 4, 2025

1. Who We Are

Steezr Link ("Steezr", "we", "us", or "our") is a link-in-bio platform operated by steezr s.r.o., IČO: 22354883 ("Steezr"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our website at steezr.com and all related services (collectively, the "Service").

2. Data We Collect

2.1 Account Information

When you register, we collect your email address, display name, and username. We use passwordless authentication (magic links), so we never store passwords.

2.2 Profile Content

Any content you add to your Steezr Link page — including links, bios, avatar images, header images, embedded media, and documents — is stored on our servers and displayed publicly on your profile page.

2.3 Analytics & Visitor Data

When someone visits a Steezr Link page, we collect anonymised analytics data including: referrer URL, user agent string, approximate country (derived from IP address), device type, and detected visitor intent (fan, brand, buyer). We do not store raw IP addresses of page visitors.

2.4 Connected Platforms

If you connect third-party platforms (e.g., YouTube, Shopify) for auto-sync, we store OAuth tokens required to fetch your content. These tokens are encrypted at rest and are never shared with third parties.

2.5 AI Clone Data

If you enable the AI clone feature, content you provide (text, FAQs, personality prompts) is stored and sent to our AI provider (Anthropic) to generate responses to visitor questions. Anthropic does not use this data to train their models. Chat messages from visitors are not stored after the session ends.

2.6 Payment Data

Payments are processed by Stripe. We store your Stripe customer ID but never your credit card number or full payment details. See Stripe's Privacy Policy.

3. How We Use Your Data

  • To provide, maintain, and improve the Service
  • To authenticate you via magic link emails
  • To display your public profile page to visitors
  • To generate aggregated analytics (page views, clicks, audience breakdown)
  • To route visitors by detected intent (audience targeting)
  • To power AI-generated themes and AI clone responses
  • To process payments and manage subscriptions
  • To send transactional emails (magic links, account notifications)
  • To detect and prevent fraud, abuse, and security incidents

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract performance — processing necessary to provide the Service you signed up for
  • Legitimate interest — analytics, fraud prevention, and service improvement
  • Consent — where you explicitly opt in (e.g., connecting third-party platforms)
  • Legal obligation — where required by law (e.g., tax records for paid plans)

5. Data Sharing & Third Parties

We share data only with the following categories of processors:

  • Infrastructure — Hetzner (hosting & object storage, EU)
  • Email delivery — Amazon SES
  • Payments — Stripe
  • AI processing — Anthropic (for AI clone and theme generation)
  • Error monitoring — Sentry

We do not sell your personal data. We do not share it with advertisers or data brokers.

6. Data Retention

Account data is retained for as long as your account is active. If you delete your account, all personal data (profile, links, analytics, connected platform tokens, AI content) is permanently deleted within 30 days. Anonymised, aggregated analytics may be retained for service improvement. Magic link tokens expire after 15 minutes and are purged regularly.

7. Your Rights

Under GDPR and similar legislation, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate data via your dashboard
  • Erasure — delete your account and all associated data
  • Portability — receive your data in a structured, machine-readable format
  • Restriction — request limited processing of your data
  • Objection — object to processing based on legitimate interest

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

We use a single httpOnly session cookie (steezr_session) for authentication. It is strictly necessary for the Service to function and does not track you across websites. We do not use advertising or third-party tracking cookies.

9. Security

We protect your data with: encrypted connections (TLS), httpOnly secure cookies, encrypted storage for OAuth tokens, parameterised database queries to prevent injection, and regular security reviews. While no system is 100% secure, we follow industry best practices to safeguard your information.

10. International Transfers

Your data is primarily processed in the European Union (Hetzner, Germany). Where data is transferred outside the EU (e.g., to Amazon SES, Anthropic, or Stripe in the US), we ensure adequate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates when it was last revised.

13. Contact

If you have questions about this Privacy Policy or our data practices, contact us at: [email protected]

← Back to home