Privacy Policy

⚠️ DRAFT — pending legal review. Professional advice required for GDPR + Albanian data protection compliance. The Albanian version is canonical.

1. Data We Collect

• Identification: name, email address.
• Access: hashed IP address, user agent.
• Usage: clicks on public profiles, aggregated statistics.
• Payments: via Stripe (we don't store card numbers).

2. Legal Basis

• Contract: to deliver the service you requested.
• Consent: for optional cookies.
• Legitimate interest: for security and abuse prevention.

3. Your Rights (GDPR)

• Access to stored data.
• Correction or deletion.
• Portability.
• Objection to processing.

To exercise these rights, email info@1link.al.

4. Third Parties

• Stripe — payments.
• Google — optional OAuth login.
• Hostinger — server hosting (EU, Germany).

5. Cookies

We use essential cookies for authentication and one cookie for language preference. No third-party analytics cookies.

6. Retention

• Active accounts: until you delete, or 3 years after last activity.
• Click events: 90 days raw, then aggregated.
• Audit log: 90 days (legal requirement).

7. Security

Mandatory HTTPS, encrypted sessions, bcrypt-hashed passwords.

8. International Transfers

Server is in Germany (EU). Stripe is a US processor under Standard Contractual Clauses (SCC).

9. Changes

Updates posted here with change date. Active users notified by email for material changes.

10. Contact

Data controller: 1link.al, Tirana, Albania. Email: info@1link.al.