Overview
MeLinks ("we", "us", "our") operates the melinks.co website and API. We
are committed to protecting your privacy. This policy explains what data
we collect, why, and how we handle it.
The short version: We collect the
minimum data needed to run the service. We don't use tracking cookies, fingerprinting,
or third-party analytics. We never sell your data.
Data we collect
When you create a link page (no account):
- Display name, bio, links, and theme preferences you provide
- A hashed claim token (used to prove ownership if you claim the page
later)
When you sign in:
- Email address (used for magic link authentication)
- A session cookie (HttpOnly, Secure, used solely for authentication —
expires after 30 days)
Click analytics (Free):
- When someone clicks a link on a page, we record the link ID and
timestamp
- No visitor-identifying information is collected on the free plan
Click analytics (Pro):
- In addition to the above, we record the visitor's country (derived from IP address via Cloudflare headers — the raw IP address
is never stored) and the referrer domain (the website
that linked the visitor to your page — only the domain, not the full URL)
- This data is used to provide Pro users with geographic and referrer
analytics on their dashboard
Email collection (Pro):
- Pro users may enable email signup forms on their pages. If you submit
your email on a page with this feature, your email address is stored
and shared with the page owner
- Page owners may export collected emails or integrate with third-party
services via webhooks
What we do NOT collect:
- No tracking cookies or pixels
- No browser fingerprinting
- No third-party analytics scripts
- No raw IP address storage — we derive country from Cloudflare headers
and discard the IP
- No advertising or marketing trackers
How we use your data
- Email: To send magic link sign-in
emails and service-critical notifications only. We will never send marketing
emails.
- Link page content: To display
your link page publicly as you configured it.
- Click analytics: To provide aggregate
analytics on your dashboard. For Pro users, country and referrer data power
detailed analytics (time series, geographic breakdown, top referrers).
- Collected emails: If you enable
email collection on your page (Pro), subscriber emails are stored and accessible
to you via the dashboard or API.
- Session cookie: To keep you signed
in. Not used for tracking.
Third-party services
- Cloudflare: We use Cloudflare
for hosting, CDN, and DNS. Cloudflare may process requests in
accordance with their privacy policy.
- Resend: We use Resend to send
transactional emails (magic link sign-in). Resend processes your email
address for delivery only, per their privacy policy.
We do not share your data with any other third parties.
Data storage & security
Data is stored in Cloudflare D1 (edge SQLite) and Cloudflare KV. All
data is encrypted in transit via HTTPS. Sensitive values (claim tokens,
session IDs, API keys) are stored as cryptographic hashes — we cannot
read them.
Data retention & deletion
- Link pages exist until deleted by their owner or by us for policy
violations.
- Magic link tokens expire after 15 minutes and are single-use.
- Sessions expire after 30 days.
- You can delete your link pages at any time via the API or dashboard.
- To delete your account and all associated data, contact us at the
email below.
Your rights
You have the right to:
- Access the data we hold about you
- Delete your link pages and account
- Export your link page data (via the API export endpoint)
- Withdraw consent at any time by deleting your account
Children
MeLinks is not directed at children under 13. We do not knowingly
collect data from children under 13.
Changes to this policy
We may update this policy from time to time. Changes will be posted on
this page with an updated "last updated" date. Continued use of the
service after changes constitutes acceptance of the updated policy.