Privacy Policy

LinkRivers ("we", "us", "our") operates the web operations platform available at linkrivers.com and app.linkrivers.com (the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have. We are based in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you register, we collect:

• Name
• Email address
• Password (stored as a cryptographic hash; we never store plaintext passwords)
• Account preferences (e.g. dark mode setting, notification preferences)

1.2 Website and Configuration Data

When you add websites to the platform, we store:

• Website URLs you add for tracking
• Check configuration (intervals, alert thresholds, check types)
• Status page configuration and incident history

1.3 Operational Data We Generate

As part of providing the Service, we generate and store data about your websites:

• Uptime check results (HTTP status codes, response times, availability percentages)
• SSL certificate status (issuer, expiry date, validity)
• SEO data (keyword rankings, backlink profiles, domain authority scores)
• Performance metrics (page load times, Core Web Vitals)
• Error logs and crash reports from your websites

1.4 Analytics Data via Agent Lite

If you install our Agent Lite tracking script on your website, it collects data about your website visitors. Agent Lite is a client-side JavaScript snippet that loads on your web pages. It collects:

• Page views and session data (pages visited, time on page, scroll depth)
• Referrer information (where the visitor came from)
• Browser and device information (browser name and version, operating system, screen resolution)
• Click paths and navigation patterns
• Page load timing and Core Web Vitals measurements
• JavaScript error messages (error text only, not user data)
• Form submission events (metadata only -- we do not collect form contents, passwords, or personal data entered into forms)

Agent Lite does not collect: personal visitor information, form contents or passwords, or data that directly identifies individual users. It does not set tracking cookies.

1.5 Ecommerce Tracking Data

If you use the ecommerce tier and enable the ecommerce tracking module, we additionally collect:

• Product view events
• Add-to-cart and remove-from-cart events
• Checkout and purchase events (order value, product identifiers -- we do not collect payment card details)
• Cart and pricing page engagement
• Promotional code interactions

1.6 Integration Data

When you connect third-party integrations (such as Facebook, Instagram, GitHub, Netlify, Vercel, Shopify, Slack, Google, Salesforce, or QuickBooks), we store:

• OAuth access tokens and refresh tokens (encrypted using AES-256 before storage)
• Data retrieved from those services as needed to provide features (e.g. Facebook page metrics, Google Search Console data, Shopify store analytics)

We only request the minimum permissions necessary for the features you use. You can disconnect any integration at any time from your account settings, which immediately deletes the stored tokens and stops data access.

1.7 Payment Information

Payments are processed by Stripe. We do not store credit card numbers, CVVs, or full card details on our servers. Stripe provides us with a token reference, the last four digits of your card, card brand, and billing address for receipt purposes. See Stripe's Privacy Policy for how they handle your payment data.

1.8 River Agent Chat Data

If you use the River chat feature, your messages may be sent to DeepSeek AI for processing. We send only the message content; we do not send your name, email, or account details. Chat history is stored temporarily to maintain conversation context and is not used for training purposes.

1.9 Cookies

We use a minimal number of cookies:

• Session cookie -- maintains your authenticated session. Essential for the Service to function. Expires when you close your browser or after 30 days of inactivity.
• Dark mode preference -- stores your display theme choice. Persists until you change it.

We do not use third-party advertising cookies. We use Google Analytics on our marketing site (linkrivers.com), which sets its own cookies. You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on.

2. How We Use Your Information

We use collected information to:

• Provide, operate, and maintain the Service
• Process your transactions and manage your subscription
• Send alerts and notifications you have configured (uptime alerts, SSL expiry warnings, SEO ranking changes)
• Display analytics dashboards and reports
• Detect and prevent security threats, bot activity, and abuse
• Improve and develop new features
• Send service communications (account confirmations, billing receipts, security notices)
• Respond to your support requests
• Comply with legal obligations

We do not sell your personal data. We do not use your data for advertising purposes or share it with advertising networks.

3. Legal Basis for Processing (UK GDPR)

We process your data under the following legal bases:

• Contract performance -- processing necessary to provide the Service you signed up for (account management, uptime checks, analytics, alerts)
• Legitimate interests -- improving the Service, preventing fraud and abuse, ensuring security
• Consent -- where you explicitly opt in (e.g. connecting optional integrations, enabling ecommerce tracking)
• Legal obligation -- where we are required by law to retain or disclose data

4. Third-Party Services

We share data with the following categories of service providers, solely to provide and support the Service:

We may also disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Storage and Security

Your data is stored on servers hosted by Railway, which operates infrastructure within the United States and European Union. We implement the following security measures:

• All data in transit is encrypted using TLS (HTTPS)
• Passwords are hashed using bcrypt with salt rounds
• OAuth tokens are encrypted using AES-256 encryption before database storage
• Database access is restricted to application servers only
• Regular security updates and dependency patching

No system is perfectly secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security.

6. International Data Transfers

We are based in the United Kingdom. Your data may be processed in countries outside the UK, including the United States, where our hosting provider and some third-party services operate. Where data is transferred outside the UK, we rely on appropriate safeguards such as standard contractual clauses or adequacy decisions recognised by the UK Information Commissioner's Office (ICO).

7. Data Retention

We retain your data for the following periods:

When you delete your account, we delete all associated personal data and website data within 30 days, except where we are legally required to retain it (e.g. financial records).

8. Your Rights

Under the UK GDPR, you have the following rights:

• Right of access -- request a copy of the personal data we hold about you
• Right to rectification -- request correction of inaccurate personal data
• Right to erasure -- request deletion of your personal data (see our Data Deletion page)
• Right to restrict processing -- request that we limit how we use your data
• Right to data portability -- request your data in a structured, machine-readable format
• Right to object -- object to processing based on legitimate interests
• Right to withdraw consent -- where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, email us at [email protected]. We will respond within 30 days as required by law. If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

9. Google API Services

LinkRivers integrates with Google services to provide SEO and marketing features. When you connect your Google account, we access data through Google APIs in accordance with the Google API Services User Data Policy, including the Limited Use requirements.

Google Search Console: When you connect Google Search Console, we access your search performance data (clicks, impressions, average position, keywords) and indexing status. This data is used solely to display SEO metrics in your LinkRivers dashboard and to alert you to ranking changes or indexing issues. We request read-only access and never modify your Search Console settings.

Google Tag Manager: When you connect Google Tag Manager, we access your container and tag configurations. This data is used to display your tag setup and, if you choose, to deploy LinkRivers tracking tags to your containers. We only request the permissions necessary for the features you use.

Data storage and security: OAuth tokens are encrypted using AES-256 encryption before storage. We do not share Google user data with third parties except as necessary to provide the Service. Google data is retained only while your integration is active.

Revoking access: You can disconnect any Google integration at any time from your LinkRivers settings. When you disconnect, we immediately delete all stored OAuth tokens and stop accessing your Google data. You can also revoke access directly from your Google Account permissions page.

Limited Use Disclosure: LinkRivers' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

10. Facebook and Instagram Data

When you connect your Facebook or Instagram account, we access page metrics, audience data, and advertising data through Meta APIs, based on the permissions you grant. We store OAuth tokens (encrypted) and retrieved data for display in your dashboard.

When you disconnect the Facebook or Instagram integration or delete your account, we immediately delete all stored Facebook/Instagram OAuth tokens and any data retrieved from Meta APIs.

For instructions on requesting deletion of your data, see our Data Deletion page.

11. WordPress Plugin Data

If you use the LinkRivers WordPress plugin, the following data may be collected from your website visitors:

Data collected: Page load timing metrics, Core Web Vitals measurements, JavaScript error messages (not user data), form submission events (metadata only, not form content), and basic browser/device information.

Data NOT collected: Personal visitor information, form contents or passwords, cookies or tracking data that identifies individual users.

All data is transmitted securely to api.linkrivers.com over HTTPS and is used solely for providing web operations services to website owners.

12. Children

The Service is not directed to individuals under 18. We do not knowingly collect personal information from anyone under 18. If we become aware that a person under 18 has provided us with personal information, we will delete that information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service before the changes take effect. The "Effective" date at the top of this page indicates when the policy was last revised. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

14. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

Email: [email protected]
General inquiries: [email protected]

You may also contact the UK Information Commissioner's Office (ICO) at ico.org.uk if you have concerns about how we handle your data.