linkraider

Privacy Policy

Last updated: March 1, 2026

1. Introduction

linkraider ("we", "us", "our") is a social bookmarking platform operated by Paolo Sotgiu. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and services.

By creating an account or using linkraider, you agree to the practices described in this policy. If you do not agree, please do not use the service.

2. Data we collect

Account information

When you register, we collect your email address, username, and password. Your password is stored using a one-way cryptographic hash and is never stored in plain text.

Profile information

You may optionally provide a display name, bio, and avatar image. Avatar images you upload are stored on our servers and associated with your account.

Bookmarks and collections

We store the URLs you save, along with titles, notes, tags, and collection assignments. For each saved URL, our crawler automatically fetches publicly available metadata (page title, description, favicon, Open Graph images) to provide rich previews.

Social interactions

We store your follow relationships, tag preferences, and notification history to power the social features of the platform.

Cookie consent

We store your cookie preferences locally in your browser and log an anonymized consent record (using a randomly generated anonymous ID) on our server for compliance purposes. This record does not contain your user account information.

3. How we use your data

  • Provide and operate the service: authentication, bookmark management, collections, social features, and the knowledge graph.
  • Display your public bookmarks and collections to other users when you choose to make them public.
  • Generate trending and discovery feeds from aggregated public bookmark data.
  • Send you notifications about social activity (new followers, etc.).
  • Improve the service through optional, anonymized analytics (only with your consent).

We do not sell your personal data to third parties. We do not use your data for advertising or profiling purposes.

4. Cookies and tracking

Essential cookies

Required for the service to function. These include session cookies for authentication and CSRF protection. They cannot be disabled.

Analytics cookies (optional)

With your consent, we may use anonymized analytics services to collect usage statistics (page views, performance metrics). No personally identifiable information is collected by the analytics service.

Social and embeds (optional)

With your consent, we may load embedded content and social sharing features that set their own cookies. These are disabled by default.

You can change your cookie preferences at any time using the "Cookie Policy" button in the side panel. Your preferences are stored locally in your browser and expire after six months.

5. Data visibility and sharing

You control the visibility of your bookmarks and collections. Content you mark as private is only visible to you. Content you mark as public is visible to other linkraider users and may appear in trending feeds, discovery pages, and other users' graphs.

Your username, display name, bio, and avatar are publicly visible on your profile page and when you interact with other users (e.g., following, appearing in discovery).

We do not share your data with third-party services except as required to operate the platform. We use the following data processors, each bound by a Data Processing Agreement (DPA) under GDPR Article 28:

  • Hetzner Online GmbH (Germany) — infrastructure hosting. Our servers, database, and cache run on Hetzner's infrastructure.
  • Brevo (Sendinblue) (France) — transactional email delivery. Used to send account-related emails such as password resets, email verification, and data breach notifications. Only your email address is shared with Brevo for this purpose.

We use Google's public favicon service (google.com/s2/favicons) to display website icons next to your bookmarks. When loading these icons, your browser may send the bookmark's domain and your IP address to Google. This request is subject to Google's Privacy Policy.

6. Data storage and security

Your data is stored in a PostgreSQL database. We use industry standard security practices including:

  • Passwords hashed with Argon2.
  • JWT-based authentication with short-lived access tokens and rotating refresh tokens.
  • HTTPS encryption for all data in transit.
  • CORS restrictions limiting API access to authorized origins.
  • Rate limiting to prevent abuse.

Uploaded files (such as avatar images) are stored on the server filesystem and served over HTTPS.

7. Data retention

Your account data is retained for as long as your account is active. If you delete your account, your personal data (profile, bookmarks, collections, follows, notifications) will be permanently removed. Anonymized consent logs may be retained for legal compliance purposes.

8. Your rights

Under applicable data protection law (including GDPR if you are in the EEA), you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data via your profile settings.
  • Delete your account and all associated data.
  • Export your bookmarks and data.
  • Withdraw consent for optional cookies at any time.
  • Object to processing of your data or request restriction of processing.
  • Lodge a complaint with the Italian data protection authority: Garante per la protezione dei dati personali (garanteprivacy.it).

To exercise any of these rights, contact us at the email address below.

9. Data breach notification

In the event of a personal data breach, we will notify the Italian supervisory authority (Garante per la protezione dei dati personali) within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected users without undue delay, as required by GDPR Article 34. Notification will be sent via email and an in-app notice.

10. Children's privacy

linkraider is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the revised policy.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact:

Paolo Sotgiu
sotgiu.paolo@gmail.com