Privacy Policy

1. Who we are

sub.link is operated by Tilman Richter, Auf den Häfen 5, 28203 Bremen, Germany. We are the data controller for the personal data you provide when using this Service. Contact: hello@subnodes.net

2. Data we collect

When you use sub.link, we collect the following data:

• Account data: email address, username, and hashed password when you register.
• Profile data: display name, biography, avatar image, links, and theme settings that you add to your profile.
• Custom domain: if you configure a custom domain on a paid plan, we store that domain name.
• Analytics: anonymised page-view counts for your public profile, including referrer and country (derived from IP, not stored), without any cookies or cross-site tracking.

3. How we use your data

• To create and manage your account and public profile.
• To provide the Service, including hosting your profile page.
• To send transactional emails (account verification, password reset).
• To process payments for paid plans via Stripe. Stripe is the data controller for your payment information; we do not store card details.
• To display anonymised analytics to you about visits to your profile.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. No cookies

sub.link does not use tracking cookies or third-party advertising scripts. The analytics on your profile page are powered by our self-hosted, cookie-free analytics system. Session authentication uses a secure HTTP-only cookie that is strictly necessary for login and is not used for tracking.

5. Where your data is stored

All data is stored on servers located in Germany (Hetzner Online GmbH, Nuremberg). No data is transferred to countries outside the European Economic Area by default. Stripe (USA) is covered by the EU–US Data Privacy Framework for payment processing.

6. Retention

We retain your account data for as long as your account is active. If you delete your account, your personal data and public profile will be permanently removed within 30 days. Anonymised analytics aggregates may be retained for statistical purposes.

7. Your rights (GDPR)

As a resident of the EEA, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data (“right to be forgotten”)
• Object to or restrict certain processing
• Receive your data in a portable format
• Lodge a complaint with your national data protection authority

To exercise any of these rights, email us at hello@subnodes.net. We will respond within 30 days.

8. Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The “last updated” date at the top of this page reflects the most recent revision.

9. Contact

Privacy questions or requests: hello@subnodes.net