deeplo← Back home
Legal

Privacy Policy

Last updated: May 1, 2026

Summary

We collect the minimum data needed to operate Deeplo. Click analytics are anonymized — we do not store full IP addresses, do not use third-party advertising cookies, and do not sell personal data. Ever.

Who we are

The Deeplo service is operated by Deeplo ("Deeplo", "we", "us"). For the personal data described in this notice, Deeplo acts as the data controller. You can reach us at support@deeplo.app.

Legal basis for processing

We process your personal data on the following legal bases (GDPR / UK GDPR):
  • Contract: to create your account, operate links and bio pages, and provide the Service you signed up for.
  • Legitimate interests: to keep the Service secure, prevent abuse and fraud, debug issues, and improve features.
  • Legal obligation: to comply with tax, accounting, and other applicable laws (handled jointly with Paddle, our Merchant of Record, for billing data).
  • Consent: where required, e.g. for optional communications you opt in to. You can withdraw consent at any time.

What we collect

  • Account data: email address, display name, username, and an avatar if you upload one.
  • Content: the short links, destinations, bio links, themes, and tip-jar settings you create.
  • Click events: for each click on one of your links we record a timestamp, a coarse country code, the broad device type (mobile / desktop / tablet), and the referring domain.
  • Operational logs: standard server logs (IP, user-agent) retained for up to 14 days for debugging and abuse prevention, then deleted.

What we do NOT collect

  • We do not set advertising or cross-site tracking cookies.
  • We do not fingerprint browsers.
  • We do not record full IP addresses against click events.
  • We do not sell, rent, or share personal data with advertisers.

How we use data

We use your data to operate the Service: to authenticate you, resolve and route your links, render your bio page, surface analytics in your dashboard, send transactional emails (password reset, billing receipts), and prevent abuse.

Sub-processors

We rely on a small set of vetted infrastructure providers:
  • Supabase (database, auth, file storage)
  • Cloudflare (CDN and edge runtime)
  • Paddle.com Market Ltd — our Merchant of Record and payment processor. When you purchase a paid plan, Paddle collects your billing information, processes the payment, calculates and remits applicable taxes, and handles invoicing and refunds. See Paddle's privacy notice.
Each is bound by data-processing terms equivalent to our own.

Cookies

We use a small number of strictly necessary cookies for authentication and session management. We do not use analytics or advertising cookies on the Deeplo product surface. Bio pages you publish do not load any third-party tracking scripts by default.

Your rights

You may access, export, correct, or delete your data at any time from your dashboard, or by emailing us. If you are in the EU/UK you have additional rights under GDPR including the right to lodge a complaint with your data-protection authority.

Data retention

Account data is kept for as long as your account is active. When you delete your account, profile data and links are removed within 30 days. Click-event data is kept for up to 90 days, then aggregated and anonymized.

Security

All data is transmitted over HTTPS. Passwords are hashed (never stored in plain text). Link passwords are verified server-side and the underlying hash is never sent to the browser. Backups are encrypted at rest.

Children

Deeplo is not directed to children under 13. We do not knowingly collect personal data from children under 13.

Changes

We will announce material changes to this policy via the dashboard or by email.

Contact

Privacy questions? Email support@deeplo.app.
← Terms of Service