Privacy Policy
Last updated: November 30, 2025
1. Introduction
Andreas Zender Online Medien ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our LinkStacka service.
We are based in Germany and comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
The data controller responsible for your personal data is:
- Company: Andreas Zender Online Medien
- Country: Germany
- Email: privacy@linkstacka.com
- Data Protection Officer: dpo@linkstacka.com
3. Data We Collect
3.1 Information You Provide
- Account Information: Email address, username, password (hashed)
- Profile Information: Display name, bio, avatar, social links
- Content: Links, text blocks, and media you add to your profile
- Payment Information: Processed by Paddle (our payment provider)
- Communications: Support tickets, feedback, and correspondence
3.2 Information Collected Automatically
- Usage Data: Pages visited, features used, click patterns
- Device Information: Browser type, operating system, device type
- IP Address: Used for security and approximate geolocation
- Analytics: Aggregated data about profile visitors (with consent)
3.3 Cookies and Tracking
We use cookies for:
- Necessary Cookies: Authentication, security, site functionality
- Analytics Cookies: Firebase Analytics (with your consent)
- Preference Cookies: Language, theme, and UI preferences
You can manage cookie preferences through our cookie consent banner or your browser settings.
4. How We Use Your Data
We process your personal data for the following purposes:
| Providing the Service | Legal Basis (GDPR) |
|---|---|
| Providing the Service | Contract performance |
| Processing payments | Contract performance |
| Sending transactional emails | Contract performance |
| Analytics and improvements | Consent |
| Security and fraud prevention | Legitimate interest |
| Legal compliance | Legal obligation |
| Marketing communications | Consent |
5. Data Sharing
We share your data with the following categories of recipients:
5.1 Service Providers
- Paddle: Payment processing (Merchant of Record) - Privacy Policy
- Supabase: Authentication services (EU region) - Privacy Policy
- Cloudflare: Hosting and CDN - Privacy Policy
- Firebase (Google): Analytics and push notifications - Privacy Policy
- Resend: Transactional emails - Privacy Policy
5.2 Legal Requirements
We may disclose your information if required by law or in response to valid legal requests (e.g., court orders, subpoenas).
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner.
6. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:
- EU-approved Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Data Processing Agreements with all processors
7. Data Retention
We retain your data for as long as necessary to provide the Service:
- Account data: Until you delete your account
- Profile content: Until you delete it or your account
- Analytics data: 26 months (Google Analytics default)
- Payment records: 7 years (tax compliance)
- Security logs: 90 days
After account deletion, we may retain anonymized data for analytics purposes.
8. Your Rights (GDPR)
Under the GDPR, you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time (where applicable)
To exercise your rights, contact us at dpo@linkstacka.com. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority.
9. Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit (TLS/HTTPS) and at rest
- Secure password hashing (bcrypt)
- Regular security audits and penetration testing
- Access controls and authentication
- Incident response procedures
While we strive to protect your data, no method of transmission over the Internet is 100% secure.
10. Children's Privacy
Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date.
For significant changes that affect how we process your data, we will provide additional notice (e.g., email notification).
12. Contact Us
If you have questions about this Privacy Policy or our data practices:
- General inquiries: privacy@linkstacka.com
- Data Protection Officer: dpo@linkstacka.com
- Company: Andreas Zender Online Medien
- Country: Germany
Payment Processing Notice
Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns. For payment-related privacy information, please refer to Paddle's Privacy Policy. Paddle's Privacy Policy.