Privacy statement
In plain language: what LinkPulse collects, why, where it lives, and what you can do about it. Written so you can read it once and know.
1. Who is responsible
LinkPulse is operated by 31 Ventures, a sole proprietorship registered with the Dutch Chamber of Commerce.
- Trade name: 31 Ventures (operating LinkPulse)
- Owner: Joost Boer
- KvK / Chamber of Commerce: 81019556
- VAT: NL003518091B91
- Privacy contact: [email protected]
- Postal address: available on request via the privacy contact above
Under the GDPR (EU 2016/679) we are the controller for the personal data described below.
2. What we collect, why, and on which legal basis
2.1 Account & subscription data
| What | Email address, license key, plan, billing/payment details (handled by Stripe). |
|---|---|
| Why | To create your account, give you the product, send service emails, take payment. |
| Legal basis | Performance of contract (Art. 6(1)(b) GDPR). |
| Retention | For as long as you have an account, plus 7 years for invoices (Dutch tax law). |
2.2 Plugin and dashboard product data
| What | The links you scan, scan results, link-health snapshots, suggested replacements you accept or reject, your WeCanTrack revenue rows (if you connect WCT). Stays in your workspace. |
|---|---|
| Why | The product can't tell you which links are broken or earning money without storing the data. |
| Legal basis | Performance of contract (Art. 6(1)(b)). |
| Retention | Active for the lifetime of your workspace; deleted within 30 days of account closure or on request. |
2.3 Product analytics (opt-in only)
| What | Anonymous events: which features you use, scan-run started, suggestion accepted/rejected, errors. We strip URLs, post titles and domains both client-side and server-side. Each event carries a random anon-ID generated on consent and never linked to your license, email or workspace. |
|---|---|
| Why | To learn what to build, what's confusing, what breaks. Pre-launch this is how we improve fast. |
| Legal basis | Consent (Art. 6(1)(a)). Off by default. You can flip it any time in plugin Settings → Privacy or in the cloud dashboard's privacy banner. |
| Retention | 18 months, then deleted. |
If you turn this off, your anon-ID is destroyed locally and no further events are sent. Past events keep their original anon-ID; because we hold no map back to you, they cannot be re-linked.
2.4 Server logs
| What | HTTP method, path, status code, response time, IP address (truncated). No request bodies, no headers beyond what we need. |
|---|---|
| Why | Debugging, abuse prevention, capacity planning. |
| Legal basis | Legitimate interest (Art. 6(1)(f)) — running a reliable service. |
| Retention | 30 days. |
2.5 Newsletter
| What | Email address and signup source if you join our list. Stored at Buttondown. |
|---|---|
| Why | Send the welcome sequence and the monthly LinkPulse update. |
| Legal basis | Consent (you submitted the form). Unsubscribe link at the bottom of every email. |
| Retention | Until you unsubscribe. |
2.6 Support email and feedback
| What | Whatever you send us when you reply to a mail or use the in-product feedback widget. |
|---|---|
| Why | To answer you and to fix the thing you flagged. |
| Legal basis | Legitimate interest (Art. 6(1)(f)) — supporting our customers. |
| Retention | 2 years from last contact, then archived or deleted. |
3. Cookies and similar storage
We keep this short on purpose:
- Session cookie on
linkpulse.dev/app/— a signed cookie that keeps you logged in. Strictly necessary, no consent required. - Local-storage anon-ID in the cloud dashboard — only created if you opt into product analytics. Cleared the moment you opt out.
- WordPress option
linkpulse_telemetry_anon_idin the plugin — same purpose, same opt-out. - Umami analytics on linkpulse.dev marketing pages — self-hosted, cookieless, no personal data, no consent banner needed.
We do not use Google Analytics, Meta Pixel, or any other third-party tracker.
4. Subprocessors
We share specific data with the providers below to make the product work. They process it only on our instructions and have signed Data Processing Agreements with us where required.
| Provider | Purpose | Data | Region |
|---|---|---|---|
| Stripe | Payments & subscription management | Email, payment method, billing address | IE / US (SCCs) |
| Anthropic | AI assistant (Pro feature) | The chat messages you send to the assistant; we do not opt into model training | US (SCCs) |
| WeCanTrack | Affiliate revenue sync | WCT API key + tracking data, only if you connect WCT | NL |
| Buttondown | Newsletter sending | Email address, signup source | US (SCCs) |
| Resend | Transactional email (alerts, digests) | Email address, alert content | US (SCCs) |
| Cloudflare | DNS, CDN, basic DDoS protection | IP address, request metadata | EU edge with US fallback (SCCs) |
| mijn.host | VPS hosting (the actual server LinkPulse runs on) | All data above lives here at rest | NL |
SCCs = the EU's Standard Contractual Clauses, the standard mechanism for moving personal data from the EU to non-EU countries.
5. Your rights
Under the GDPR you can:
- Get a copy of your data (Art. 15)
- Correct it if it's wrong (Art. 16)
- Have it erased (Art. 17)
- Restrict our processing (Art. 18)
- Get it in a portable format (Art. 20)
- Object to processing on legitimate-interest basis (Art. 21)
- Withdraw any consent you gave us, at any time, without affecting processing that happened before
Email [email protected]. We respond within 30 days, usually sooner. No fees, no friction. If you ask for deletion we'll confirm before pulling the plug — once it's gone, it's gone.
6. Complaints
If you think we're handling your data incorrectly, please tell us first — we'd rather fix it. You also have the right to file a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens
Postbus 93374, 2509 AJ Den Haag
autoriteitpersoonsgegevens.nl
7. Security
Data sits encrypted in transit (TLS 1.2+) and at rest (LUKS on the VPS, encrypted backups). Access to production is limited to the operator account. Logs are reviewed for anomalies. We've configured Cloudflare to absorb basic abuse traffic before it reaches the server.
8. Changes
If we make a material change to this statement we'll email account holders and post a notice on linkpulse.dev. The effective date below tells you the version you're reading.