Privacy Policy

LinkVault is a secure file delivery platform where clients preview first and unlock the final files only after payment.

Because we handle your intellectual property and process payments, privacy is not an afterthought—it is the foundation of our infrastructure. We do not sell your data, we do not train public AI models on your private files, and we only collect what is absolutely necessary to make the service run securely.

May 9, 2026

The data controller responsible for your personal information is:

Pablo Grande

Madrid, Spain

Contact: hello@linkvault.biz

This Privacy Policy explains how LinkVault (“LinkVault”, “we”, “us”) processes personal data when you use our web application, APIs, and related services.

It applies to you as an account holder, as well as to the clients and recipients who view content through a LinkVault viewer link.

Account data: email address, hashed passwords (where applicable), and subscription/licensing status.

Session and security data: cookies required to keep you signed in, prevent abuse, and enforce view-session rules.

Usage data: basic event and diagnostic logs (e.g., timestamps, feature usage, error logs) to operate and secure the service.

Device and network data: IP address and user-agent string (e.g., browser/OS) for fraud prevention and access approvals.

Uploaded content: files you upload and associated metadata (filename, size, MIME type).

Support communications: messages you send to support.

Provide the service: upload, store, and display shared content; generate viewer links; manage accounts and billing.

Security and abuse prevention: authentication, access control, rate limiting, malware prevention, and incident response.

Service improvement: diagnose issues, measure performance, and improve reliability.

Communications: respond to support requests and service-related notices.

Contract: to provide the service you request.

Legitimate interests: to secure the service and prevent fraud/abuse.

Consent: for optional cookies or communications where required by law.

Legal obligation: where we must retain or disclose information to comply with applicable laws.

We do not sell your personal information.

We share data with specialized service providers (“subprocessors”) only as needed to run the service securely. Our primary subprocessors are:

• IONOS: Infrastructure and secure file hosting (Data Residency: EU)
• Stripe: Payment processing and payout routing
• Resend / Postmark: Transactional email delivery

We execute Data Processing Agreements (DPAs) with these providers to ensure GDPR compliance. We may also disclose information to comply with legal obligations or protect the service.

Payments are processed by Stripe. We do not store full payment card details on our servers.

Stripe may process personal data according to its own privacy policy.

We use cookies to keep you signed in, remember settings, and enforce security (including view-session cookies for protected links).

If you disable cookies, parts of the service may not work correctly.

We retain personal data only as long as necessary for the purposes described in this policy, unless a longer retention period is required by law.

Uploaded files and link metadata are retained while your links are active or until you delete them, subject to plan limits and expirations.

We use access controls and security measures designed to protect data.

No method of transmission or storage is perfectly secure; we cannot guarantee absolute security.

Your information may be processed in countries other than your own, depending on our service providers and infrastructure.

Where required, we use appropriate safeguards for cross-border data transfers.

Under the GDPR, you have the right to access, rectify, delete, or restrict processing of your personal data, and to object to processing or request data portability.

To exercise your rights, contact us at:

hello@linkvault.biz

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority: the Spanish Data Protection Agency (AEPD).

LinkVault is not intended for use by children under the age required by applicable law.

If you believe a child has provided personal data, contact us to request deletion.

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last Updated” date.