Privacy & GDPR Notice

Last updated: 2026-05-23

Plain-language summary

Lynko® is built to keep link, QR and creator tools privacy-friendly. We avoid third-party trackers and aim to keep data processing clear and minimal.

What Lynko® stores Account data, content you create, security logs and privacy-friendly analytics needed to run the service. What Lynko® does not do We do not sell visitor data, build advertising profiles or add third-party ad trackers to public pages. Visitor analytics Clicks, scans, visits and votes can be counted so creators can understand activity without advertising surveillance. Account data Accounts use basic details such as username, email address and a securely hashed password. Data requests You can contact Lynko® to request access, correction, deletion, restriction, portability or objection. Abuse and safety Security and abuse prevention help keep short links, QR codes and creator pages safer. Contact Use the contact page for privacy questions, data requests or support.

This notice explains how Lynko.tv handles privacy and data processing under the EU General Data Protection Regulation (GDPR) and Dutch law (Uitvoeringswet Algemene verordening gegevensbescherming - UAVG). It applies to all users of Lynko.tv.

Trust & Privacy gives a shorter product-level overview. Terms of Service explains the rules for using Lynko.tv.

1) Who we are

Mother Company
Madeliz (BOIP reg. no. 1442741)
Official registered brand
Lynko® (BOIP reg. no. 1530871)
Located at
The Netherlands
Chamber of Commerce (KvK)
77510194
Contact
Click here

Note: Lynko® and Madeliz® are registered trademarks in the Benelux (BOIP).

2) What Lynko® stores

Lynko® stores data needed to provide the service, secure accounts, prevent abuse and show useful statistics to account owners.

  • Account data: username, email address and password stored as a secure hash.
  • User content: short links, QR destinations, link pages, polls, AMA pages, Smart Cards, counters, Campaign Kits and related settings you create.
  • Transactional emails: activation, security and service notices.
  • Optional tokens: activation tokens, password-reset tokens and deletion-confirm tokens are stored as hashes and expire after a short period.
  • Operational logs: basic information needed for security, troubleshooting, abuse prevention and service reliability.

3) What Lynko® does not do

  • Lynko® does not sell visitor data.
  • Lynko® does not build advertising profiles from link, QR or page visitors.
  • Lynko® does not add third-party ad trackers to public pages.
  • Lynko® does not intentionally collect special categories of data.
  • Lynko® does not use voting data for advertising, tracking or cross-service identification.

4) Visitor analytics

When someone opens a short link, scans a QR code, visits a link page, votes in a poll or triggers a counter, Lynko® can count that activity and show it to the account owner.

Analytics may include counts, timestamps, referrer information, approximate country, browser language, device type, screen size and campaign context when available. The goal is practical reporting, not advertising surveillance.

Smart Redirects: when a link owner enables Smart Redirects, Lynko® may use the visitor browser language and approximate country to route the visitor to the correct destination. Browser language is read from the request header. Country detection may use the IP address or privacy-friendly infrastructure headers. Full IP addresses do not need to be permanently stored for Smart Redirects unless already required for abuse or security logs. Analytics may store the country code, language code, matched rule type, and final destination used, while keeping only the data needed for the feature.

5) Account data

Account data is used to create and maintain your account, protect access, send transactional messages and provide paid plan features when applicable.

We keep only the latest login IP, user agent and timestamps during the life of the account and delete them when the account is deleted.

6) Reward Unlock data collection

Some Lynko® users can enable Reward Unlock on QR codes, shortlinks or Link in Bio pages. Ask visitors for details before unlocking a reward, coupon, file or special link.

  • Possible submitted details: name, email address, phone number, company name, a message, custom fields and consent confirmation.
  • Sharing: submitted details are shared with the owner of the relevant Lynko® page, QR code or shortlink.
  • Owner tools: Lynko® stores this information so the owner can view submissions, measure results and, where available for their plan, export the information to an Excel file.
  • Retention: Personal submission data is automatically removed or anonymized after 3 months. Aggregate statistics, such as total views, total claims and conversion rates, may remain available without personal details.
  • Earlier deletion: visitors can request earlier deletion of their submitted information by contacting the owner of the relevant Lynko® page or by contacting Lynko® support where applicable.

Lynko® does not sell this submitted personal data.

7) Why we process your data

  • Contract (Art. 6(1)(b) GDPR): create and maintain your account, provide the service, send activation and transactional emails.
  • Legitimate interests (Art. 6(1)(f) GDPR): protect the service from abuse and fraud, secure accounts and prevent mass free-account misuse via a two-account-per-IP rule. You may object anytime under Art. 21 GDPR.
  • Consent (if applicable): only for optional features that require it, like marketing emails or non-essential cookies. Not used by default.

8) Abuse and safety

To limit abuse, Lynko® allows two accounts per IP address. We store the IP used at registration to enforce this rule.

Shared networks can be affected. If you are blocked by a shared IP, contact support and we will review the situation and, if appropriate, grant an exception.

Report abuse or contact support.

9) Cookies

  • Essential only: session cookie and CSRF token. Required for security and login.
  • No tracking cookies by default: if we add analytics or ads later, we will request consent first.

10) Retention

  • Unactivated accounts: deleted after 3 days.
  • Activation tokens: stored as a hash, expire after 3 days, cleared on activation or expiry.
  • Password-reset and deletion tokens: stored as a hash, typically valid 24 hours, cleared on use or expiry.
  • Reward Unlock submissions: personal submission details are removed or anonymized after 3 months. Aggregate views, claims and conversion statistics may remain available.
  • Login IP/UA and timestamps: we keep only the latest values during the life of the account and delete them when the account is deleted.
  • Backups: retained for a limited period for disaster recovery, then overwritten.

11) Our processors

We use one trusted hosting provider to run our service. They act as our GDPR processor and handle data only on our instructions. They do not access your content, and we do not allow them to use any data for their own purposes.

Our servers are located in the Netherlands, so your data is stored in the Netherlands within the EU/EEA. We only store and deliver your data as needed to provide the service. We do not create or otherwise use your data beyond that.

If we ever change our hosting setup or add another processor, we will update this page before the change takes effect. You can contact us if you want the current hosting partner details.

12) International transfers

If data is transferred outside the EEA, we use appropriate safeguards such as the European Commission Standard Contractual Clauses and additional measures where needed.

13) Data requests

To access, rectify, erase, restrict, port, or object to processing, contact us. We will respond within 30 days. We may ask for information to verify your identity.

Contact us

14) Complaints

You can lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can also seek a remedy in court.

15) Security measures

  • Password hashing.
  • CSRF protection and secure session cookies with HttpOnly, SameSite and HTTPS.
  • Minimal data principle: token hashes, not raw tokens, and only latest login IP/UA.
  • Abuse prevention: two-account-per-IP with support override.
  • Access controls and least privilege for systems handling personal data.

16) Polls and voting data

  • One-vote protection: temporary storage of IP in binary form and session hash to prevent duplicate votes.
  • Data minimization: only poll ID, option index, IP in binary form and session hash are stored.
  • Retention limit: technical identifiers are deleted automatically once the poll closes.
  • Aggregation: after closure, only total counts per option are kept, fully anonymous.
  • No profiling: voting data is never used for advertising, tracking or cross-service identification.

17) Children

Lynko.tv is not directed at children under 16. Do not register if you are under 16.

18) Changes

We may update this notice. Material changes will be highlighted here. Please review it periodically.

19) Contact

For privacy questions or requests, use the contact page.

Contact us

This notice summarizes our privacy practices to help you understand how we process your personal data under the GDPR and Dutch law (UAVG).