Privacy Policy

Go back to LYNK's Homepage

Last updated: July, 2025

Lynk (Yokr SAS) (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and safeguard your personal information when you use our website and services.

⸻

Information We Collect on our front website

We collect information you provide directly to us, for example: • Contact forms & registration: name, email address, company name, phone number. • Usage data: pages you view, interaction timestamps, IP address (for analytics/security), device/browser type, and region.

How We Use Your Information

We use collected data to: • Provide and maintain our services • Improve user experience (personalization, product enhancements) • Communicate updates (newsletters, service notices, support) • Ensure security (detect fraud, troubleshoot technical issues) • Comply with legal obligations, including regional privacy and consent laws

⸻

Data Sharing & Disclosure

We do not sell or rent your personal data to third parties. We may share information with: • Service providers: Hosting, analytics, advertising, and email delivery (subject to confidentiality agreements) • Legal obligations: If required by law or to protect our rights

⸻

Cookies & Tracking Technologies

a. Consent Management • We use a geo-targeted cookie consent banner (powered by CookieScript) only in countries where prior consent is legally required (EU/EEA, UK, Switzerland, Brazil, South Korea, Japan, and a few others). • In these countries, non-essential cookies (e.g. analytics, advertising) are only set after you give explicit consent. • For users in other regions (including the US), cookies may be set by default, but you can still opt out via browser settings or the “Do Not Sell My Info” link where applicable.

b. Google Consent Mode • We use Google Consent Mode to ensure that analytics and advertising cookies are only activated after user consent in regulated regions. • Consent state is managed in real time and updated based on your banner choice.

c. Types of Cookies Used • Analytics (Google Analytics, Hotjar, Tally): To analyze website traffic and usage patterns. • Marketing (Google Ads, Meta Pixel): To provide personalized ads and measure campaign performance. • Functional: To remember your preferences (e.g., language, theme).

You can control cookie settings via our banner (where shown) or via your browser. Disabling cookies may affect site functionality.

⸻

Your Data Rights

Depending on your location, you may have the right to: • Access: Request a copy of your personal data. • Correct: Update or correct information we hold. • Delete: Ask us to delete your data (subject to legal obligations). • Restrict processing: In certain circumstances, request that we limit how we use your data. • Withdraw consent: For users in the EU/EEA/UK/CH/BR/KR/JP, you may withdraw or change your cookie consent at any time via our consent banner or by contacting us. • Opt-out (US/CCPA): California and other US users may opt out of “sale” or “sharing” of data by contacting us.

To exercise any of these rights, contact us at contact@getlynk.co.

⸻

Data Security

We implement industry-standard measures to protect your data, including: • Encryption (HTTPS/TLS in transit) • Firewall and intrusion detection • Access controls and routine audits

However, no system is 100% secure. We encourage you to safeguard your account credentials.

⸻

Children’s Privacy

Our services are not intended for children under 16. We do not knowingly collect data from children without parental consent. If you believe we have inadvertently collected such data, please contact contact@getlynk.co to request removal.

⸻

Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will reflect the revision. We encourage you to review this page periodically.

⸻

If you have questions or concerns about this Privacy Policy, please email contact@getlynk.co.

Lynk as a Software as a Service:

YOKR SAS (Lynk) – 23 Rue de la République, 38210 Tullins, France – operates an AI-driven communication platform. This document describes our data processing activities in compliance with GDPR. Contact: privacy inquiries can be sent to contact@getlynk.co. (No formal DPO is appointed, as it is not required; privacy oversight is handled by senior management.)

(When acting as a processor for clients, the client remains the controller and we operate under contractual data protection terms.)

1. Lynk AI Communication Service (Core Service)

Purpose: Operating our AI assistant service that helps clients manage communications (e.g., answering customer support emails/chats). We process end-users’ messages to generate replies or assist client staff, and we use these interactions (in pseudonymized form) to improve the AI’s performance.

Data Subjects:

Clients’ customers/end-users – individuals who contact our clients and whose messages are processed by the Lynk AI.
Clients’ staff – employees of our client who use Lynk or whose details may appear in communications (e.g., a support agent’s name in an email).

Categories of Personal Data:

Contact details: Identifiers in communications (names, email addresses, phone numbers of senders and recipients).
Communication content: The text and any attachments of messages (which may include personal information the end-user provides, such as order numbers or account details in their inquiry).
Technical metadata: Information related to message transmission, like timestamps, message IDs, and possibly IP addresses or device info (for routing, logging, and security purposes).
Client user data: Account information of client staff using our platform (name, work email, role, and login credentials for the Lynk system).
Derived data: Tags or summaries our system generates from conversations (e.g., categorizing an inquiry as “billing question” or summarizing a long email).

Legal Basis: Performance of contract (Art. 6(1)(b)) – providing the AI communication service to clients (processing end-user messages and client data is necessary to deliver the service); Legitimate interests (Art. 6(1)(f)) – ensuring efficient automated responses and improving the service using anonymized data (e.g., tuning AI models on conversation patterns), as well as maintaining service security/quality; and Consent (Art. 6(1)(a)) – if we ever process special-category data in messages (which would require the end-user’s explicit consent via the client) or for any use of data beyond the service’s core purpose.

Recipients:

Client (controller): The client organization has access to the communications and AI-generated replies handled for them. For example, the client’s support team can view customer messages and the responses provided by Lynk via their helpdesk or our interface.
Internal Lynk team: Only authorized Lynk personnel (e.g., a technical support engineer) may access client communications when necessary to maintain the service or assist in troubleshooting. Such access is limited, logged, and covered by strict confidentiality obligations.
Subprocessors: Trusted service providers that assist in running our platform. For example, cloud hosting services (to store databases and run our AI algorithms), email/SMS delivery services (to send messages or notifications to end-users on the client’s behalf), and monitoring/analytics services (to track system performance and errors) process data on our behalf. These subprocessors act under our instructions and are bound by GDPR-compliant data protection agreements. We do not share personal data from this service with any third parties for their own purposes – no selling or external marketing of these communications data. The only exception would be if we are legally compelled by a valid authority request to disclose certain data (in which case we would limit the disclosure to what is required and, if permitted, inform the client).

International Transfers: Some personal data in this service may be transferred or accessible outside the EU: for instance, we currently utilize cloud infrastructure in the United States for data hosting and processing. Any such transfers are safeguarded by Standard Contractual Clauses and/or reliance on the EU-US Data Privacy Framework, ensuring an adequate level of protection. Additionally, we apply strong technical measures (e.g., end-to-end encryption, access controls) so data remains secure even in transit or storage overseas. We are also in the process of migrating more hosting to EU data centers to minimize cross-border flows. We maintain transparency with clients about our subprocessors and their locations. In practice, if an end-user’s message is stored on a US server, it is encrypted and accessible only to authorized systems, and our agreements with the provider require GDPR-level protection.

Retention:

Conversation data: We retain customer communications (and associated personal data) for up to 18 months in our active systems. After 18 months, such data is automatically deleted or irreversibly anonymized. This retention period allows clients to refer to recent interactions and helps our AI learn from recent patterns, while limiting long-term storage. Anonymized aggregate insights (with no personal identifiers) may be kept longer to improve the service.
Client-directed deletions: Clients can request deletion of specific data sooner (for example, if an end-user exercises their right to erasure). Upon a client’s instruction, we promptly delete the relevant messages from our databases (typically within a few days).
Logs: System logs that may include personal data (like email headers or user IDs in logs) are kept for approximately 12–18 months for security monitoring and debugging, then purged. These logs are restricted to admin access.
Legal hold: If we are under a legal obligation to retain data (e.g., for an ongoing investigation or litigation), we will retain the necessary data until that obligation is lifted, after which it will be deleted.

(Backups of data are encrypted and follow similar retention schedules – deleted data is removed from backups on the next rotation cycle.)

Security Measures:

We implement strong security controls to protect personal data in communications: encryption of data in transit and at rest is enforced (all message content travels via HTTPS and is stored encrypted on our servers); access to data is strictly limited – each client’s data is isolated, and only a minimal number of Lynk staff can access client data, with role-based permissions and multi-factor authentication for administrative access (all access is logged and auditable). Our network and infrastructure are secured by firewalls, intrusion detection systems, and regular security updates/patching. We conduct periodic vulnerability scans and penetration tests to identify and address any weaknesses. Personal identifiers in communications are pseudonymized or masked when used for AI training or quality improvement, to minimize exposure of raw personal data. We maintain an incident response plan – if a data breach were to occur, we will notify the affected client and supervisory authority as required, without undue delay, and take immediate steps to remediate. All Lynk employees and contractors with access to personal data are trained in confidentiality and data protection best practices, and they are bound by strict NDAs. These measures (aligned with GDPR Article 32) are regularly reviewed and updated to ensure continued effectiveness.

2. Customer Account & Billing Data

Purpose: Managing client accounts, subscriptions, and billing for the Lynk service. This involves handling information needed to register and authenticate client users, administer their subscription (e.g. plan, usage), process payments and invoices, and communicate with client representatives about service matters (such as support, updates, or administrative notices). It covers personal data we use in our B2B relationship with clients from onboarding through ongoing support and billing.

Data Subjects:

Client representatives/users – individuals who act on behalf of a client company or directly as our customer. This includes the person who signs up for Lynk, account administrators, billing contacts, and any other employees of the client who are users of our platform or our points of contact.
Prospective clients (leads) – individuals (usually in a professional capacity) who have expressed interest in Lynk but are not yet customers (for example, someone who requested a demo or pricing information). We may temporarily hold their contact information in our sales CRM.

Categories of Personal Data:

Contact and account info: Name, business email address, telephone number, job title, and company name of client contacts. This also includes login credentials for our platform (username – often an email – and password hash) and any profile information the user provides (like their role or profile photo).
Billing details: Information needed for invoicing and payment – e.g., billing contact name, billing address, and billing email. Payment data such as credit card numbers are handled directly by our payment processor (we do not store full card details on our servers, apart from perhaps the last four digits or a transaction ID). We maintain records of transactions, invoices issued, and payment status.
Support correspondence: Any personal data contained in communications between client personnel and Lynk (for instance, emails to our support team or chat logs). This typically includes the name and contact of the person reaching out and any information they provide about their issue (which might incidentally include personal data, such as an error screenshot with a user name visible, etc.).
Service usage data: Data about how the client organization uses Lynk, which may be linked to individuals. For example, login activity (dates/times and IP addresses when client users access our platform), actions taken in the platform (like a client user creating an AI agent or changing a setting), and other telemetry about feature usage. This helps us support the client and improve the service. Such records may include identifiers like user IDs or user email addresses as part of the usage logs.
Marketing preferences: (If applicable) whether a client contact has opted into our marketing communications or opted out, and related preferences (for example, a client contact subscribing to our product newsletter).

Legal Basis: Performance of contract (Art. 6(1)(b)) – most processing here is necessary to fulfill our service agreement with the client (e.g., using their provided information to set up accounts, provide support, and bill for services); Legal obligation (Art. 6(1)(c)) – we process certain data to comply with laws (for example, keeping invoice records for tax and accounting regulations, or complying with lawful requests by authorities if any); Legitimate interests (Art. 6(1)(f)) – administering and improving the client relationship, ensuring platform security, and sending relevant product notices to clients (for example, informing an existing customer about a new feature) in a way that clients would reasonably expect (with opt-outs available), as well as basic business development with prospective clients; and Consent (Art. 6(1)(a)) – for optional communications or uses, such as a client contact opting into our general newsletter or agreeing to be a reference or case study (we would seek consent for those marketing-oriented uses that go beyond the core service communications).

Recipients:

Internal (Lynk): Client account data is accessed only by Lynk personnel who need it for their role – e.g., support and customer success teams (to assist the client and handle inquiries), the finance team (to process billing and payments), and account managers or sales team (for managing the client relationship). All such personnel are under confidentiality obligations. Access is role-based and tightly controlled – for instance, our support agent might see a client’s configuration and support history, but not full credit card details; our billing staff sees billing info but not the content of support tickets, etc.
Service providers (subprocessors): We share necessary data with external services that help us run our business operations:
- A secure payment processor (e.g., Stripe) to handle credit card and payment transactions. This processor receives billing information and payment details via encrypted connections and processes payments on our behalf. They are PCI-DSS compliant and act as a data processor for payment data (we retain minimal financial info, like transaction IDs or billing contact names, and rely on the processor for the sensitive parts).
- Cloud CRM and support platforms to manage client interactions. For example, client contact details, contract info, and support ticket history may reside in our CRM and helpdesk systems. These platforms allow our team to efficiently assist clients and are used only under our instruction. They store client personal data (like names, emails, and communications) securely and do not use it except to provide services to us.
- Email delivery services for account-related or marketing communications to clients. For instance, if we send a maintenance notification or a feature announcement to client contacts, it may go through an email service provider that will process the contact’s email address and the content of the email.
  
  All these subprocessors are bound by data protection agreements to protect client data and use it only for our specified purposes.
Others: In certain cases, we may disclose client data to third parties:
- Professional advisors (lawyers, accountants, auditors) who are bound by confidentiality – e.g., an auditor reviewing our finances might see a list of customer names on our revenue ledger, or an accounting firm might process some billing records.
- Regulatory or legal authorities if required – e.g., we might have to provide client information in response to a court order or regulatory audit. In such cases, we only disclose what is legally required and inform the client if we are allowed to.
No third-party marketing or sale: We do not sell client personal data or share it with third parties for their own use. We don’t disclose client information outside of Lynk and our contracted processors except in the scenarios above.

International Transfers: Client account data may be stored or processed on systems outside the European Economic Area:

We utilize some cloud-based tools (for CRM, support, payment processing, etc.) that are hosted in the United States or other countries. Therefore, personal data like client contact information or support communications might transit through or reside in those countries.
We protect these transfers by using GDPR-approved safeguards. We have Standard Contractual Clauses in place with these providers and many are also certified under the EU-US Data Privacy Framework. This means they are contractually and legally obliged to uphold EU-level data protection standards.
Whenever feasible, we opt for providers that offer EU data region storage and we store EU client data in the EU. However, some services (e.g., certain support tools or the payment gateway’s infrastructure) may process data in the US. In all such cases, data is encrypted and handled under stringent security measures.
We keep an updated list of subprocessors (including their country of processing) available to clients. If we introduce a new significant transfer (e.g., engaging a provider in a new country), we will update our documentation and ensure appropriate safeguards.
In summary, while some client data may be transferred internationally (e.g., to U.S. cloud services), we have put in place SCCs and robust security and privacy commitments with those providers. Clients’ personal data continues to be protected to EU standards even when processed abroad.

Retention:

Active clients: We retain client account and billing data for as long as the client remains active on our service, so we can provide the service and meet our contractual obligations.
After termination: Once a client discontinues the service, we do not immediately erase all data, because certain information must be retained for legitimate purposes:
- Core account information and correspondence are typically kept for a limited period (e.g., 2–3 years) after termination in case the client has questions, needs records, or decides to re-engage our services. This may include basic contact details and a summary of the account history.
- Financial records (invoices, payment history) are retained for the duration required by law – usually 7 to 10 years according to financial and tax regulations. These records contain personal data like the billing contact’s name and address on invoices, and we must keep them in our archives to comply with legal obligations. During this retention, such data is stored securely and used only if needed for audits or legal compliance.
- Support data: Support tickets, emails, and chat logs with the client may be retained for a shorter period (often 1–2 years post-termination) for reference, then deleted. For instance, if a former client returns with a question, having their past support context for a time can be useful. After that, we purge or anonymize these records.
- On request, and after required retention periods, we can provide confirmation of deletion to clients. We ensure that personal data is not kept indefinitely without purpose. (Backups of client data are encrypted and follow similar retention schedules – deleted data is removed from archives in the normal backup rotation.)
Leads/prospects: For individuals who never became customers, we generally retain their data for a brief period. If we have a prospect’s contact info, we use it to follow up initially. If they do not engage or a significant time passes with no interaction, we routinely delete their personal data from our CRM. Typically, prospect data is cleared after 1–2 years of inactivity (or immediately upon request).
Deletion requests: We comply with requests from client-associated individuals to delete their personal data, provided we have no overriding legal basis to keep it. For example, if a client’s employee was an account admin and leaves the company, and they ask us to remove their info, we can erase or anonymize their personal data from our records (aside from data we must retain like their name on historical invoices). We also remove client user accounts from our platform promptly when a contract ends, as part of account closure.
In all cases, we adhere to the principle of storage limitation – keeping personal data only as long as necessary for the specified purposes or required by law. We have scheduled purges and reviews to ensure data that is no longer needed is securely deleted or anonymized.

Security Measures:

Client account and billing data is safeguarded with stringent security measures:

Secure storage & encryption: All personal data related to client accounts is stored in secure cloud environments with encryption at rest. Databases and systems containing client info use strong encryption algorithms, and sensitive fields (like passwords or API keys) are additionally hashed or encrypted. Data in transit (such as information entered into our platform or transmitted via APIs) is protected by TLS encryption, preventing eavesdropping.
Access controls: We enforce the principle of least privilege. Only Lynk employees who need to handle client data (support agents, account managers, billing personnel) have access, and even then only to the data necessary for their role. Administrative access to systems containing client personal data requires authentication with multi-factor and is logged. We conduct periodic access right reviews to revoke any unnecessary permissions. Client accounts on our platform are protected by user authentication controls (username/password, with options for two-factor authentication) – we encourage strong passwords and monitor login attempts for abuse.
Payment security: We do not store raw payment card details on our systems. When clients enter payment information, it is handled directly by our certified payment processor on their secure infrastructure. We retain only tokenized references or minimal billing details (e.g., last 4 digits of a card, cardholder name) as needed for records. Our payment processes comply with PCI-DSS via our processor. This greatly reduces the risk surrounding financial data.
Monitoring & prevention: We have systems to monitor for unusual or suspicious activities on client accounts – for example, multiple failed login attempts trigger alerts or temporary lockouts to prevent brute force attacks. We use firewalls and network segmentation to protect data stores. Our platform undergoes regular security testing (including third-party penetration tests), and we promptly address any findings. We log key actions in the application (such as changes to account settings, data exports, etc.) so we can audit and investigate any irregularities.
Incident response: In the event of a security incident or data breach involving client data, we have a formal incident response plan. We will notify the affected client(s) without undue delay and, if required, the relevant data protection authority. Our team will work to contain the incident, mitigate any harm, and restore data security. For example, if unauthorized access to a client account is detected, we might reset credentials, analyze the scope, and provide the client with details and next steps. We treat client data breaches with the utmost urgency and transparency.
Employee accountability: All employees with access to client personal data are trained in confidentiality and data protection. They sign confidentiality agreements as part of employment. We enforce clear policies (e.g., no saving client data on unsecured devices, no sharing client info in channels outside our secure systems). Our culture emphasizes respecting and protecting client information.
Business continuity: We back up critical client data (in encrypted form) to ensure we can recover from hardware failures or other disruptions. These backups are kept secure and follow the retention policies mentioned. We also have disaster recovery plans so that even in worst-case scenarios, we can restore service and data with minimal loss.
Overall, we maintain a robust security program following industry best practices to ensure that client account and billing data remain confidential, integral, and available only to authorized parties. By using strong encryption, strict access controls, continuous monitoring, and incident preparedness, we reduce the risk of data breaches and unauthorized disclosures to a minimum. Clients can trust that their data with Lynk is handled securely.

3. Website Visitors and Marketing

Purpose: Operating our public website and conducting marketing and outreach to attract potential customers. We collect and use personal data in this context to analyze website usage (so we can improve content, navigation, and performance), to enable certain site features (e.g., remembering cookie preferences), to respond to inquiries or requests submitted via the site, and to send marketing communications (such as newsletters, event invites, or product updates) to individuals who have requested or agreed to them. The overarching goal is to engage with prospective clients and grow our business in a privacy-respectful way.

Data Subjects:

Website visitors: Individuals who browse our website(s) (including our homepage, blog, documentation pages, etc.), whether or not they identify themselves.
Individuals who submit inquiries or forms: Anyone who fills out a form on our site (e.g., “Contact Us”, demo request, content download forms) or interacts with website features like live chat – thereby providing personal data (like their name and email and the content of their inquiry).
Marketing email recipients: People who receive our promotional communications. Often these are website visitors or prospects who signed up for updates, or representatives of companies who have shown interest (including current clients receiving newsletters). They have typically opted in via our website or through direct interaction.
Ad audience: Users of external platforms (like Google, LinkedIn, etc.) who see or interact with our advertisements. We generally do not know their personal identities unless they click an ad and then identify themselves on our site, but they are data subjects in the sense that their online identifiers and behavior may be processed via our advertising tools.

Categories of Personal Data:

Technical and usage data: When someone visits our site, we collect information via cookies and similar technologies about their device and browsing actions. This includes the IP address (which we anonymize for analytics), browser type and version, device type (desktop/mobile), operating system, referring website, and on-site behavior such as pages viewed, time spent on each page, and clicks or scrolls. This data is typically tied to a pseudonymous cookie ID rather than the person’s name – it helps us understand aggregate usage patterns.
Online identifiers: Cookies and tracking pixels set by us or our partners assign unique identifiers to a visitor. For example, a Google Analytics cookie ID or a Facebook Pixel ID. We also may receive advertising IDs or campaign tags that tell us a visitor came via a particular campaign or source. Additionally, we record users’ cookie consent choices (which is an identifier indicating their preferences). These identifiers on their own usually don’t reveal the individual’s identity to us, but are considered personal data under GDPR.
Form submission data: If a visitor chooses to fill out a form on our site, we collect whatever personal information they provide. Common fields are name, email address, phone number, company name, job title, and the person’s message or inquiry. For instance, our demo request form asks for work email, name, company, and a brief description of what they’re interested in. All such information is voluntarily provided by the user for us to contact or assist them.
Communication content: This covers any personal data contained in communications a visitor has with us via the website – e.g., if we have a live chat widget and a user provides their email and question, or if someone emails a contact address listed on our site. We will collect the contact info (email, name) and whatever details are in their message so we can respond appropriately.
Marketing preferences and engagement: If an individual subscribes to our mailing list or downloads content (and thereby opts into emails), we store their email address, name, and marketing consent. We also keep track of email engagement (whether they open our emails or click links) via our email service provider’s analytics – this helps us gauge interest in our content. Additionally, we might note how we obtained their details (e.g., “Downloaded E-book on AI (Jan 2025)”).
Social media and referral data: When a visitor comes to our site, we may capture how they arrived (e.g., “came from Google search” or “clicked on LinkedIn ad”). We use UTM parameters and cookies for this. If we run an ad campaign, we get reports like “X clicks from LinkedIn, Y from Google Ads”. Unless the visitor identifies themselves, this data remains anonymous or aggregated on our end. On our site, we also have social media plugins (like a LinkedIn share button) – if used, those may collect some data (though that goes directly to the social network and is covered by the social network’s privacy policy).

Legal Basis:

Consent: We rely on consent for certain data processing on our site and in our marketing:
- Cookies: We deploy analytics and advertising cookies only if the user consents via our cookie banner. Users can accept or reject these categories of cookies. Consent, when given, is the legal basis for processing the data those cookies collect (e.g., Google Analytics data, Facebook Pixel data). Users can withdraw consent at any time (via our cookie settings or browser controls), and we honor that by disabling those trackers. Essential cookies (for site functionality) that do not store personal data run regardless, but they don’t require consent under ePrivacy rules.
- Marketing communications: We send promotional emails (newsletters, product updates, event invites) to individuals only if we have their consent or an allowed legitimate interest. For new prospects and website subscribers, we use opt-in consent (e.g., the user ticks a box or submits a form requesting such emails). We also use a double opt-in for newsletters (the user confirms via an email link) where applicable. They can unsubscribe anytime, which withdraws consent for further emails.
- If we were to do any unexpected processing of visitor data, we would seek consent. For example, if we wanted to feature a visitor’s question on our blog, we’d ask for permission (though this scenario is unlikely).
Legitimate Interests: We process certain data under legitimate interests, carefully balanced against individual rights:
- Site operation and security: It’s in our legitimate interest to ensure our website works properly and is secure. Thus, we might use necessary cookies and log data to maintain performance, load balance the site, enforce security (e.g., blocking abusive IPs), and understand high-level usage trends. These activities typically have minimal impact on privacy (and some may not involve personal data after anonymization).
- Responding to inquiries: When a person submits their contact info for a request (like asking a question or requesting a demo), handling that request is a legitimate interest (and often considered a pre-contractual necessity at the user’s request). The individual expects us to use their info to reply. We use it only to fulfill that purpose.
- B2B direct marketing to existing customers: We have a legitimate interest in sending relevant product updates or offers to our existing customer contacts, as this relates to the product they already use. GDPR and ePrivacy rules allow a form of “soft opt-in” for direct marketing to our own customers about similar services. We always provide a clear opt-out in such communications. For prospects who gave us their data in a business context (e.g., dropped a card at a trade show or submitted a form), we may follow up on their expressed interest under legitimate interest, while respecting any “do not contact” preferences.
- In all these cases, we assess that our legitimate interest (running and improving our site, growing our business) is not overridden by the individual’s rights. We use limited data for these purposes, and individuals have the ability to opt out of or object to marketing communications easily. Security and site functionality processing has a low privacy impact and is necessary for everyone’s safe use of the site.
Performance of a contract: If a website interaction becomes contractual, we rely on contract necessity. For instance, if we offered a paid resource or a webinar sign-up on our site that a user agrees to, we would process their data to deliver that product or service. This basis currently is less common on our marketing site (since most resources are free and covered by consent or legitimate interest), but it could apply in specific cases where a user enters into an agreement through the site.
Legal Obligation: We may process certain visitor data to comply with legal requirements. For example, data needed to demonstrate consent (we keep a record of cookie consent decisions and email subscription confirmations as required by privacy regulations). If a regulator or law enforcement presents a lawful request (e.g., requiring server logs for an investigation), handling that request involves processing under legal obligation. Additionally, we honor any opt-out or objection rights in accordance with laws (which might involve recording that opt-out status – itself a legal compliance action).

Recipients:

Service providers (processors): We use external services to operate our website and marketing, and we share visitor data with them as needed under strict agreements:
- Web hosting and CDN: Our website is hosted by third-party providers, so any data your browser sends to view our site (IP address, HTTP requests) passes through their servers. They process this data only to provide us the hosting service. Similarly, if we use a content delivery network or similar, they will process data to quickly deliver site content. These providers are bound by confidentiality and data processing terms.
- Analytics and advertising partners: If you consent to analytics or ad cookies, data (like your site behavior and device identifiers) will be sent to partners such as Google Analytics, Google Ads, or LinkedIn. These partners use the data to provide us insights (e.g., Google Analytics shows us aggregated website usage statistics) or to facilitate advertising (e.g., showing our ads to relevant audiences on other platforms). They operate as independent controllers for the data collected via their tools. We do not receive personal identifiers from them – only aggregated or anonymized reports. For instance, we might see that “100 users from France visited our Pricing page” via Google Analytics, or that “20 LinkedIn users clicked our ad,” but we don’t know who those individuals are from these reports.
- Email and CRM services: If you subscribe to our emails or if we’re managing prospective client contacts, your data (like name and email) will reside in our email marketing platform or Customer Relationship Management system. These services process the data to send out our communications or organize our interactions (e.g., scheduling a follow-up email). They act on our instructions and don’t use your data for their own purposes. For example, our newsletter service sends the emails we design to our subscriber list and tracks engagement for us, but it will not send you unrelated emails or share your address.
- Form and chat processors: We often use embedded forms (for contact requests, content downloads, etc.) – these may be powered by form services (like Typeform, HubSpot forms, or similar) that collect the form data on our behalf. If we have a live chat feature, the chat service provider will process the data you enter in the chat. These providers might temporarily hold the data (e.g., on their servers) and then forward it to us (say, into our CRM or via email). They are bound to use it only to facilitate that interaction.
Social media platforms: We incorporate some social media features and marketing. For example, we have the Facebook/Instagram Pixel on our site and the LinkedIn Insight Tag. If you consent to marketing cookies, these platforms will receive certain info about your visit (e.g., a unique cookie ID and the fact you visited page X on our site). They may combine this with your profile if you are logged in to their services, and use it to tailor advertising content (for instance, showing you our ads on their platform). We may also upload hashed email lists to social platforms to create custom ad audiences (e.g., targeting our product ads to current newsletter subscribers on LinkedIn). In doing so, the platform receives personal data (your hashed email) which they attempt to match with their users; they don’t share back who matched, but if you’re in that audience, you might see our ad. These social media companies act as controllers for how they use data in these contexts. We ensure any such activity is done in compliance with platform policies and with appropriate consent.
Law enforcement or regulatory bodies: If we are required by law to disclose personal data of visitors or prospects, we will comply with applicable laws. For example, a court may issue an order for logs to be provided, or a data protection authority might require records during an inquiry. In such cases, we will verify the legitimacy of the request and only disclose the data specifically demanded. Wherever possible and lawful, we would inform the affected individuals (for instance, if a government subpoenaed information about a user’s visit, we would let the user know if we’re allowed to).
No unauthorized third-party sharing: We do not sell personal data of our site visitors or leads, and we do not share it with third parties for their independent use (such as their own marketing). Any sharing occurs only with the service providers and under the conditions described above, all aimed at supporting Lynk’s website and outreach functions.

International Transfers:

Data collected via our website and marketing channels can be transferred to or accessed in countries outside the EU:

Many of our analytics, advertising, and email service providers are based in the United States or other countries (e.g., our website analytics might be stored on Google’s US servers, our newsletter service’s infrastructure may be US-based). When you consent and use these features, your relevant personal data (like cookie identifiers, site usage information, or email address for newsletters) may be transmitted to servers in those countries.
We ensure that any such transfers are safeguarded according to GDPR Chapter V. We have executed Standard Contractual Clauses with these providers and, where applicable, rely on the European Commission’s adequacy decisions (e.g., the EU-US Data Privacy Framework for certified US organizations). This means our providers contractually commit to protecting EU personal data to European standards even when it’s processed abroad.
Additionally, we employ measures like IP anonymization for Google Analytics (so full IP addresses are not stored outside the EU) and we offer cookie consent tools so users control whether their data is even sent to these third parties. If a user opts out of analytics/ads, their data will not be transferred to those US-based services.
We continuously monitor legal developments around international data flows. For instance, we updated our practices after the Schrems II ruling by implementing SCCs and evaluating risk, and we adopted the new EU-US framework once it became available in 2023. If any of our transfer mechanisms were invalidated or called into question, we would promptly work on alternatives (such as using EU-based analytics solutions or adding extra encryption).
In summary, while some visitor and lead data (for example, via cookies or our mailing list) may be processed outside the EU, we have put legal and technical safeguards in place. Users are informed and give consent for these transfers where required. We strive to ensure that personal data enjoys a high level of protection no matter where it is processed.

Retention:

Website analytics and logs: Identifiable data collected via website analytics tools is retained for a limited period – currently about 14 months in our Google Analytics configuration – after which it is automatically deleted or aggregated. We do not keep raw analytics data indefinitely. Server logs that contain personal data (like IP addresses) are typically rotated and deleted within a few months. We retain only aggregated metrics (which contain no personal identifiers) for longer-term analysis of site performance.
Cookies: Cookies themselves have set lifespans. Some cookies (essential ones for login or preferences) expire at the end of a session or after a short duration (e.g., a few days). Analytics and advertising cookies, if accepted, often have persistent lifespans (e.g., a Google Analytics cookie may last 6 to 12 months unless the user clears it, an advertising cookie might last a similar period). We configure these durations in line with standard practice and applicable regulations. Users can also manually delete cookies from their browser at any time, which removes those identifiers immediately. We honor “Do Not Track” or global privacy signals for cookies where legally required (treating them as opt-outs).
Contact form inquiries: If you submit a question or request via our website, we will retain the personal data you provided and our response for as long as needed to fulfill your request and follow up. For a simple inquiry, that might be a matter of weeks or months. If the inquiry turns into a sales lead, we’ll retain the data as part of our sales records (generally for a couple of years if it doesn’t convert into a client, as noted below). If you become a client, it becomes part of client data. We periodically cleanse inquiry data that did not lead anywhere – typically removing personal data of leads that have been unresponsive or inactive for over ~2 years.
Mailing list subscriptions: We retain the personal data (e.g., email address, name) of our newsletter or marketing email subscribers until the individual unsubscribes or until we proactively remove it. Every marketing email contains an unsubscribe link that instantly removes you from the active mailing list. If you unsubscribe, we will stop processing your data for marketing. We may, however, keep your email on a suppression list indefinitely to ensure we remember not to accidentally re-add you – this list is used solely to block mail and contains minimal information (usually just the email address and a marker not to contact). For active subscribers, we may also remove contacts who show no engagement over a long period (for example, if you never open any emails for a year, we might drop you from the list during our routine cleaning) to respect inboxes and minimize data we hold.
Advertising data: We typically do not hold personalized advertising data on our own systems – those reside with the platforms (like Google or LinkedIn). If we upload a contact list to a platform for a campaign, we do so temporarily and expect the platform to handle that data per our agreements (and we can request its deletion after the campaign). The reports we receive from ad platforms do not contain personal data (only aggregated metrics). Any cookies used for ad tracking on our site follow the retention notes above.
Legal retention requirements: If any web or marketing-related data needs to be retained to comply with laws or to establish/exercise legal claims, we will retain it as necessary. For instance, if a law requires us to keep records of consent for 5 years, we will do so. Such data would be securely stored and used only for compliance purposes, then disposed of when no longer required.
In all cases, we aim to limit retention of personal data. We set retention periods that meet our needs and legal duties but are not excessive. When data reaches the end of its retention period, we delete it or anonymize it in our systems. We have schedules and automated processes where possible to ensure timely cleanup of data that is no longer needed.

Security Measures:

We apply appropriate technical and organizational security measures to data collected via our website and marketing efforts:

Website and data transmission security: Our website is served exclusively over HTTPS, which means all data transmitted between your browser and our site (including any personal data you enter) is encrypted in transit. This protects against eavesdropping or tampering. We use reputable hosting with built-in security features and monitor our site for vulnerabilities or malware. Any user input forms on our site include validations to prevent malicious code injection, and we utilize CAPTCHA or other anti-bot measures to filter out automated attacks or spam submissions.
Secure data storage: Personal data from website visitors and prospects (such as form submissions or subscriber info) is stored in secure cloud systems. Our CRM and email marketing providers store data in encrypted databases and with robust access controls. We ensure these systems are configured with strong passwords and, where available, two-factor authentication to access the administrative interfaces. We limit who at Lynk can retrieve or download data from these systems. Additionally, we pseudonymize or aggregate visitor data wherever feasible (for example, analytics data is reviewed in aggregate form, and IP addresses are anonymized before analysis).
Access controls and employee training: Internally, access to visitor/prospect data is restricted to the teams that need it (marketing, sales, web admin). Team members are trained on confidentiality and follow our internal policies when handling personal data (for instance, they will use official secure tools to manage data, not export it to unsecured spreadsheets). We log administrative actions on our marketing systems – e.g., if a list of emails is exported, that action is logged by our CRM – providing accountability. If an employee leaves or changes roles, we promptly revoke or adjust their access to these systems to maintain the principle of least privilege.
Use of trusted partners: We carefully select third-party processors for our website and marketing operations. We use well-known, reputable services that invest heavily in security and privacy compliance (many of our providers have certifications like ISO 27001 or SOC 2). We have data protection agreements with these vendors to ensure they commit to protecting data and assisting with compliance (for example, our analytics and email providers contractually agree to GDPR clauses, and we can enforce deletion of our data on their platforms). We keep software up to date (e.g., plugin updates on our website) to patch security issues.
Monitoring and breach readiness: We actively monitor our web services for any data security incidents. Our hosting provides logs and alerts for unusual activities (such as multiple failed login attempts or sudden spikes in traffic that could indicate a DDoS attack). We also use security tools that can detect and block suspicious behavior. In the event we suspect any compromise of website or marketing data, we would activate our incident response plan. This includes investigating the scope, securing the systems, and notifying affected parties and authorities as required. For example, if our mailing list were compromised, we would likely inform the subscribers of the incident (even if the data is limited to emails) as a precaution and to advise them on preventing spam or phishing. We would also analyze how it happened and ensure similar incidents are prevented in the future.
Overall privacy by default: By default, our website does not collect more personal data than necessary. We do not require registration to view content. We ask only for a work email (and name, etc.) when it’s needed to fulfill a request (like sending a report or scheduling a demo). Users can browse most of our site without telling us who they are. We respect browser Do Not Track signals and global privacy controls for advertising cookies (treating them as an opt-out where legally mandated). These practices ensure that we minimize data collection and honor user preferences automatically, which is a key aspect of security and privacy.
In summary, we extend the same care to our website visitors and marketing data as we do for our customer data. Through encryption, strict access control, careful third-party management, and proactive monitoring, we mitigate risks of unauthorized access or data leakage. We understand that even something as simple as an email address deserves protection against misuse. By employing these measures, we aim to maintain the trust of everyone who interacts with Lynk, whether they are long-term customers or simply browsing our site for information.

Compliance & Accountability:

We have implemented measures including:

Data subject rights: We handle access, correction, deletion, and other requests promptly and transparently, providing responses within statutory timeframes. Individuals (whether our clients, clients’ customers, or website users) can contact us to exercise their rights and we have processes in place to verify identity and fulfill such requests.
Privacy by design: We embed data protection into development and business processes. We perform Data Protection Impact Assessments (DPIAs) for high-risk changes, apply data minimization (only collecting what we need for specified purposes), and secure data by default (for example, most data is encrypted, and systems default to private). New features are reviewed for privacy impacts before launch.
Contracts with partners: We have Data Processing Agreements (DPAs) with all clients (when we act as processor) and with all subprocessors (vendors processing data for us). These contracts ensure obligations and safeguards are clearly defined throughout our data supply chain. We also include standard contractual clauses or equivalent in agreements with non-EU providers.
Training & awareness: Employees are trained on GDPR and security best practices relevant to their role. We conduct regular training and awareness programs so that our staff handle personal data correctly and securely. All staff with access to personal data must follow strict internal policies and have signed confidentiality agreements.
Breach readiness: We maintain an up-to-date breach response plan. If a data incident occurs, we will contain it, investigate, and notify affected clients/individuals and supervisory authorities as required by law (without undue delay per GDPR). We document any incidents and take corrective actions to prevent recurrence. Our incident handling drills ensure everyone knows their role if something happens.
Ongoing oversight: We regularly audit and review our privacy and security practices. We adapt to new regulations or guidance (for example, adopting new SCCs, adjusting to ePrivacy requirements, preparing for upcoming laws like the AI Act). Our management is deeply involved in privacy compliance efforts, and we periodically consult external experts to verify our posture. We aim to remain at the forefront of compliance in our industry.

Through these efforts, Lynk ensures that personal data is handled lawfully, fairly, and securely, in line with the highest standards of SaaS industry best practices. We maintain necessary records (such as this RoPA) and can demonstrate our compliance to regulators upon request, underscoring our commitment to GDPR’s accountability principle. We periodically review our privacy program and strive to be among industry leaders in data protection.

Lynk Privacy Policy

Last Updated: July 22, 2025

Introduction

Welcome to Lynk’s Privacy Policy (“we,” “our,” or “the Company”). Protecting your personal data is a priority for us. This Policy explains how we collect, use, and safeguard information about you when you use our services, and how you can exercise your rights regarding this information. It applies to all our products, services, and associated websites (collectively, the “Services”). We comply with applicable data protection laws, including the European Union’s General Data Protection Regulation (GDPR), and strive to adopt industry best practices in privacy.

Important Note: If you access our Services through a white-label solution provided by one of our partners, or if we process personal data on behalf of a client (as a data processor), this Policy may not apply in the same way. In such cases, the client or partner acts as the data controller, and you should refer to their own privacy policy to understand how your data is processed. However, we remain contractually committed to protecting such data in accordance with applicable laws and our clients’ instructions.

By using our Services, you agree that your information may be processed as described in this Policy. If you do not agree with these practices, please do not use the Services. We invite you to read this document carefully and contact us if you have any questions or concerns about your personal data.

Identity of the Data Controller

For the personal data processing described in this Policy (except where we act strictly as a data processor for our clients), the data controller is Lynk (full legal name: Lynk SAS), a company registered and domiciled in Europe. You can contact us at the following address for any questions related to data protection: contact@getlynk.co. If we have appointed a Data Protection Officer (DPO), you can also contact them at the same address.

Personal Data Collected

We collect and process various types of personal data about you in connection with your use of Lynk. We limit ourselves to data that is relevant and necessary (“data minimization”) for each processing purpose. The categories of data we may collect include:

Registration and Account Information: When you create a Lynk account, we request identification information such as your first and last name, email address, phone number, username, password, and possibly your organization or company name. This data is necessary to open and maintain your user account and provide our Services. Providing this information may be mandatory to contract with us; failure to provide it may prevent you from creating an account or using the Service (e.g., not providing a valid email address will prevent account creation).
Profile and Preference Data: You may choose to provide additional information as part of your user profile (e.g., a profile picture, job title, geographic location, etc.). You may also configure certain preferences through your account settings, such as language or communication preferences. This optional information allows us to personalize your user experience, but providing it is at your discretion.
Content and Data Provided via the Services: When you use Lynk, you may provide or generate content, including text, documents, data, files, or other information (“User Content”). For example, you may submit business data, questions, prompts, or documents to leverage our AI features (such as training or fine-tuning models on your data or generating responses via an AI agent). This User Content may contain personal data, especially if you include information about employees, clients, or other individuals in the provided data. You are fully responsible for any content you provide through the Service and must ensure you have the right to share and process it within Lynk (see also the “Your Responsibilities” section in our Terms of Use). We process this content solely to provide the Service (e.g., training a dedicated AI model for you, generating requested results, storing data at your request) and within the limits described in this Policy.
Transaction and Payment Data: If you purchase credits or subscribe to a paid plan, we process payment information. This may include your billing address and transaction details. Note: We do not directly store your full payment card information. Payments are processed by our PCI-DSS-compliant third-party payment service providers (e.g., Stripe, PayPal, etc.), who securely handle your payment data. We only retain minimal data necessary for billing, subscription management, and traceability (e.g., billed amount, date, payment status, last four digits of the payment card, etc.).
Technical and Navigation Data: When you interact with our Services, we automatically collect certain technical information. This includes log data such as your device’s IP address, unique device identifiers, browser type and version, operating system, access date and time, pages visited, and data about your interaction with the Service (e.g., clicks, actions within the interface). We may also use cookies and similar technologies to ensure site functionality, remember your preferences, and analyze platform usage. For more details, please refer to our Cookie Policy (if applicable). This navigation data helps us secure the Services and continuously improve their performance.
Communications: If you contact us (e.g., via support email, contact form, or chat), we will retain the content of those communications, your name, contact details, and our response. This allows us to track your requests, respond effectively, and improve our customer service.
Data Received from Third Parties: Generally, we collect data directly from you when you use Lynk. In limited cases, we may obtain information about you from third parties. For example, if your employer or a third-party entity invites you to use Lynk under a contract between that entity and Lynk (e.g., an enterprise client or white-label partner), we may receive certain information from them to create your account (e.g., your first name, last name, and professional email). Similarly, if you sign up via a third-party login option (e.g., Sign-in with Google), we will receive the necessary information from that identity provider with your consent (e.g., your name and email validated by Google). Finally, we may collect data about you from publicly available sources or our business partners, but only if relevant and lawful (e.g., to enrich or verify your professional profile information or confirm your status as a client). If we collect personal data indirectly in this way, we will inform you separately in accordance with the GDPR.

We emphasize that we do not intentionally collect sensitive data as defined by the GDPR (e.g., health data, political opinions, ethnic origins, biometric data, etc.) or data related to criminal convictions. We ask you not to submit such data via our Services unless strictly necessary and appropriate safeguards are in place. Similarly, our Service is not intended for children under 16, and we do not knowingly collect data from them without verifiable parental consent. If you believe we hold information about a child under 16, please contact us so we can delete that data.

Purposes of Processing and Legal Bases

We use your personal data only for specific and legitimate purposes. For each purpose, we ensure we have an appropriate legal basis under Article 6 of the GDPR. Below, we outline the main purposes for which Lynk processes your data and the corresponding legal bases:

Service Provision and Account Management: We process your account information and User Content to create and manage your account, authenticate you during logins, provide platform functionalities (e.g., executing queries submitted to our AI, hosting imported data, performing dedicated model training if you use this feature), and generally perform the contract we have with you as a user. Legal Basis: Performance of a contract (Terms of Use) between you and us. This processing also includes managing usage credits or subscriptions (e.g., calculating consumed credits, allocating credits, tracking credit transfers if you are a white-label partner) and handling requested features.
Payment and Billing Operations: We use transaction data (and possibly some identification data) to process your payments, issue invoices, detect and prevent payment fraud, and comply with our accounting and tax obligations. Legal Basis: Performance of a contract (providing the requested paid service) and compliance with our legal financial and tax obligations (e.g., retaining transaction records).
Customer Support and Communication: If you contact our support, we use your contact details and the content of your request to assist you, answer your questions, resolve technical issues, or provide usage advice. We may also send you service/transactional communications related to the Service (e.g., security notifications, service status alerts, significant changes to terms or privacy policy). Legal Basis: Our legitimate interest in assisting you and ensuring a good customer experience (in some cases, this may also be necessary for contract performance, e.g., informing you of a critical software update).
Service Improvement and Product Development: We analyze usage data, feedback you provide, and in some cases, the content you submit to improve our Services. This includes fixing bugs, analyzing feature usage to guide product decisions, enhancing the user interface and overall experience, and developing new features and offerings. Legal Basis: Our legitimate interest in improving and evolving our Services. We take care to limit the impact on your rights: for example, we use aggregated or pseudonymized data for these internal analyses whenever possible.
Training and Improving Our AI Models: This is a specific purpose related to the nature of our AI-powered Services. We may wish to use certain data (e.g., query content, user interactions with the AI agent, or other provided data) to train, refine, or fine-tune our AI models to improve their quality, relevance, and reliability. However, we recognize the sensitivity of this purpose. By default, we will not use your identifiable personal data to train our general models without your explicit consent. Specifically:
- If we wish to use content associated with your account that may contain personal data (e.g., conversations with a Lynk chatbot or documents you uploaded) to improve our algorithms or general models, we will seek your explicit consent beforehand. This consent, if requested, will be presented clearly (e.g., via a checkbox or dedicated setting stating, “I consent to the use of my data to improve AI models”) and you are free to refuse without affecting your primary use of the Service.
- Without your consent, we will either not use your content for training purposes or use only anonymized and aggregated data that cannot identify any individual. The use of fully anonymized data (i.e., containing no information that could identify you, even indirectly) falls outside the scope of the GDPR and is permitted to improve our tools without impacting privacy. For example, we may extract general statistical patterns or insights from all users’ data, after aggregation, to enhance the AI’s language understanding without processing personal data. When such training activities are conducted, our goal is solely to improve the performance and safety of our AI systems. We do not use this training data for other commercial purposes, such as individual user profiling or marketing, nor do we sell it to third parties. Additionally, if we act as a data processor (e.g., processing a client’s data in a white-label context), we will never use such data to train our models for our own purposes unless explicitly instructed and authorized by the client (per the Data Processing Agreement, DPA). Legal Basis: Our legitimate interest in improving our models may be invoked for the use of anonymized or purely technical data. For any processing involving non-anonymized personal data for algorithm improvement, the legal basis will be consent (Article 6(1)(a) GDPR) if required by law or consistent with our privacy commitments. You have the right to withdraw your consent at any time (see the “Your Rights” section below), which will not affect the lawfulness of prior use.
User Experience Personalization: Where permitted, we may use certain data to personalize the Service based on your settings and behavior. For example, remembering your language preference or presenting more relevant content, help pages, or features based on your usage. This personalization is limited and aimed at improving the Service for you. Legal Basis: Our legitimate interest in providing a tailored experience or consent when required by law (e.g., for certain non-essential personalization cookies, if applicable).
Marketing and Promotional Communications: To date, we do not use your data to send unsolicited marketing communications without consent. If you are a Lynk user, we may send you information about new features or offers that may interest you, such as via our newsletter, provided you have consented or within permitted limits (e.g., soft opt-in rules for similar services in some countries). You can opt out of these communications at any time by unsubscribing (a link will be included in every marketing email). Legal Basis: Consent (if required by local law, particularly for non-customers) or our legitimate interest in promoting our Services to existing customers proportionately.
Legal Compliance and Regulatory Requirements: We may process your personal data to comply with various legal obligations, such as responding to legitimate requests from authorities (e.g., warrants, court orders), complying with applicable laws (data protection, taxation, international sanctions, etc.), or exercising our legal rights and managing potential disputes (e.g., proof of a transaction, litigation management). Legal Basis: Compliance with a legal obligation or, where no specific obligation applies, our legitimate interest in defending our legal interests.

When we rely on our “legitimate interest” as a legal basis, we ensure that this interest (e.g., service security, product improvement) does not override your fundamental rights and freedoms. Where applicable, we implement appropriate safeguards to maintain this balance (data minimization, opt-out options, etc.). See the “Your Rights” section below for information on your right to object to certain processing based on legitimate interests.

Sharing Data with Third Parties

Lynk is committed to not selling your personal data to third parties. We only share your data with specific categories of recipients and only in the circumstances described below:

Authorized Lynk Personnel: Internally, only authorized Lynk employees and contractors (bound by confidentiality obligations) may access certain data, and only if necessary for their tasks (“need-to-know” principle). For example, the technical team may access system logs for maintenance and security, and the support team may review your profile or relevant content to address a support request. Our staff are trained on data protection and required to comply with this Policy.
Sub-processors and Service Providers: We use trusted third-party companies to help us provide our Services. These partners act under our instructions and use your data only for the specific purposes for which we engage them. Examples of such sub-processors include:
- Cloud hosting and infrastructure providers (e.g., data centers, cloud providers) that store data on their servers. We prioritize hosting providers located in the European Economic Area (EEA) whenever possible to keep data within the EEA. If we use solutions outside the EU, we implement necessary safeguards (see the “International Transfers” section).
- Secure online payment services to process your transactions (as noted, these services handle your payment card data in compliance with security standards).
- Email or notification delivery services (to send validation emails, technical alerts, etc.).
- Analytics and customer support tools (e.g., bug tracking tools, chat support software, CRM platforms) that may process usage or identification data to help us understand Service usage and assist you.
- Potential AI model training or automated content moderation partners. For example, if we use a third-party service to analyze text for inappropriate content or improve our models, these third parties may process certain data under our control and with pseudonymization where possible. In all cases, when sharing data with sub-processors, we enter into a Data Processing Agreement (DPA) compliant with Article 28 of the GDPR, requiring them to protect data adequately, access it only to provide services to Lynk, and maintain confidentiality. We remain responsible for protecting your data in these situations. A list of our main sub-processors can be provided upon request for transparency.
White-Label Partners or Entities Administering Your Access: If you use Lynk through a corporate account, white-label reseller, or group license, we may share certain data with the entity administering your access. For example, if your Lynk account was created by your employer or a Lynk business partner, they may access aggregated usage information (e.g., number of credits consumed, last usage date) to manage the service. Similarly, if a white-label partner provides our platform under their branding, we may share data strictly necessary for their customer relationship management (e.g., to manage their credit pool, redistribute credits, or handle billing). In these cases, the partner is typically the data controller for your contractual relationship with them, and we act as a data processor for that purpose. However, we contractually require our partners to maintain compliant and protective privacy policies. No personally identifiable data is shared with partners unless necessary.
Other Service Users: By default, we do not make your personal data visible to other Lynk users unless required by a feature you use. Lynk is not an open social network: your content typically remains private to your account or accessible only to your organization/team if you use a collaborative version. If you explicitly choose to share content (e.g., publishing a prompt or AI agent for other users, participating in a Lynk-related community or forum), the shared content and your username or profile may be visible to those recipients, depending on what you choose to share. We will inform you in the interface when an action makes your data visible to others, so you can make an informed choice.
Legal Obligations and Legal Context: We may disclose your personal data to third parties if required or permitted by law, including:
- Responding to valid legal requests from public authorities (e.g., subpoenas, court orders, or regulatory demands). If an authority or court requests access to your data as part of a legal process, we will carefully review the request’s validity and provide only the information required by law.
- Protecting our legal rights or those of others: for example, sharing data with our legal advisors or competent authorities if necessary to enforce our Terms of Use, investigate fraud, respond to claims against Lynk, or protect the rights, property, or safety of Lynk, our users, or the public. This may involve sharing information with fraud prevention agencies or law enforcement, as permitted by law. In these cases, we strive to notify the affected individual (e.g., you) if permitted by law, unless notification is prohibited or futile (e.g., in a security emergency).
Mergers and Acquisitions: If Lynk undergoes a merger, acquisition, restructuring, financing, asset sale, or similar transaction, or in the event of insolvency or bankruptcy, your personal data may be transferred to the involved third parties (e.g., the acquiring entity or asset purchaser) as part of the transaction. If applicable, we will contractually ensure that your data continues to be processed under standards equivalent to this Policy, and we will inform you of any change in control affecting your data so you can exercise your rights (e.g., deletion) if necessary.

Outside these cases, Lynk does not share your personal information with third parties without your explicit consent. For example, if you opt to integrate Lynk with a third-party service (via our API or an integration you enable), we will share data with that third party only per your instructions and with your authorization.

International Transfers

We are a Europe-based company and strive to store and process your personal data within the European Economic Area (EEA) as much as possible. However, as part of operating a global digital service, some of your data may be transferred to or accessed from other countries, including the United States, Canada, Australia, or other countries where our partners or infrastructure are located. For example, if one of our technical sub-processors is based in the U.S., or if you access the Services from abroad, data may transit outside your country of residence.

When your data is transferred outside the EEA, we take steps to ensure these transfers comply with applicable data protection laws. This includes:

Adequate Countries: If data is sent to a country deemed adequate by the European Commission (i.e., offering a level of data protection essentially equivalent to the EU), we rely on that adequacy decision (e.g., Canada for certain commercial data, Japan, the UK post-Brexit, etc.).
Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision (e.g., the U.S.), we implement the European Commission’s Standard Contractual Clauses (updated version 2021), supplemented by additional protective measures if necessary. These SCCs bind our data-importing providers or partners to strict confidentiality and security obligations and require them to respect data subjects’ rights. You can obtain a copy of these clauses by contacting us.
Other Safeguards: Where applicable, we may also rely on other legal transfer mechanisms under the GDPR, such as your explicit consent to the transfer (e.g., if you explicitly request us to transfer your data to a non-EU third party) or the necessity of the transfer for contract performance (e.g., if you are outside the EU and we need to deliver the Service there).

In addition to these measures, we conduct case-by-case assessments of international transfers to ensure that fundamental privacy rights remain protected. For example, we evaluate the risk of unjustified government access in the recipient country and, if necessary, encrypt data in transit and at rest robustly so that only authorized recipients can read it.

Transparency: Upon request, we can provide additional information about data transfers concerning you and the safeguards in place. Our goal is to ensure you have confidence that, wherever your data is processed, Lynk applies a high level of protection.

Retention Period

We retain your personal data only for as long as necessary for the purposes for which it was collected, subject to our legal retention obligations. In practice, this means:

Account and Profile Data: As long as you remain an active user of our Services, we retain your account information (basic registration data, profile, settings) in our systems. If you delete your account or it remains inactive for an extended period, we will delete or anonymize this data, except where we must retain it longer for other purposes (see below). For example, if you close your account, we will delete or anonymize most of your data within a reasonable period after closure (typically within 30 days), except for data we must keep.
User Content: Content you provide (documents, imported data, models trained on your data, etc.) is retained as long as you actively use it in the Service. You can often delete this content yourself via the interface (e.g., deleting an uploaded document or resetting a trained model). In such cases, deleted content may remain in backups for a short period but will then be purged from our servers, unless required by law to be retained longer. If you accidentally delete content, we may not be able to restore it after the backup retention period expires.
Technical Data and Logs: System logs and other technical data (e.g., login logs, error logs, query history) are retained for varying periods based on their utility. Typically, activity logs are kept for a few months (e.g., 6 to 12 months) for security audits and performance analysis, then deleted or anonymized. Log information that can be linked to your IP or account will either be deleted or dissociated from personal identifiers after this period, unless a specific need justifies longer retention (e.g., investigating an unresolved security incident).
Transaction Data: We retain records of your transactions and payments (invoices, payment history) as long as necessary for accounting and compliance with applicable tax/accounting obligations. In France, for example, supporting documents must be kept for 10 years for legal reasons. This data may be archived separately once you are no longer a client to meet these legal obligations and will be deleted after the required period.
Communications and Support: Communications you have with us (support emails, tickets) may be retained as long as your account is active and up to 3 years afterward to maintain a history in case of follow-up and improve the Service. However, you can request their deletion earlier, provided this does not conflict with our legitimate interests (e.g., if a ticket contains important instructions for a technical fix, we may need to retain it longer). Online chat records are typically stored for 1 to 2 years maximum.
AI Training Data: If you have consented to your data being used to train our global models, we may retain it as long as it remains useful for that training. However, we will periodically assess whether the information is still relevant or can be deleted/aggregated. If you withdraw your consent, we will stop using that data for future training and strive to remove it from our non-anonymized training datasets to the extent possible (note that for already-trained models, it may not be technically feasible to retroactively “extract” your data’s influence—in such cases, we will not use it for new iterations).
Legal Obligations and Disputes: If certain data is necessary for resolving a dispute, preventing fraud, or complying with legal requirements, we may retain it for the duration of the relevant procedure, even if this exceeds the periods above. For example, if we are in a dispute with a user, we will retain relevant information until the matter is fully resolved, then delete or archive it as required by law.

At the end of the applicable retention periods, we securely delete or anonymize personal data. Anonymization is irreversible and means we may retain aggregated or statistical information that can no longer identify you (e.g., total number of users using a specific feature) to maintain overall service knowledge without any link to an individual.

If you want more details about our retention policies for a specific type of data, feel free to contact us. Generally, we aim not to retain data longer than necessary, in line with the GDPR’s storage limitation principle.

Data Security

Lynk implements appropriate technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure. We understand the importance of the data you entrust to us, especially when you integrate potentially sensitive or confidential data into our platform for AI model training, and we treat security with the utmost seriousness.

Among the measures we apply:

Encryption: All communications between your browser (or client application) and our servers are protected by up-to-date TLS encryption (HTTPS). Data in transit via our API or web interface is thus encrypted to prevent malicious interception. Additionally, we encrypt sensitive data at rest where appropriate. For example, passwords are stored in hashed form (we cannot see them in plain text), and certain data, such as API keys, sensitive account information, or specific content, may be encrypted on disk or in databases. We follow state-of-the-art cryptography recommendations.
Access Controls: Internally, we strictly limit access to personal data to only those who need it to operate the Service. We use strong authentication mechanisms for infrastructure access (e.g., multi-factor authentication for system administrators). Access to production databases is logged and monitored. We also segment environments (e.g., separate test environments without real data to avoid developers handling personal data during testing).
Testing and Audits: We regularly conduct security tests on our applications and infrastructure (penetration testing, automated vulnerability scans). Critical vulnerabilities are prioritized for immediate fixes. We monitor our platform for suspicious or malicious activity. When needed, we may engage third-party experts to audit our security and ensure its robustness (especially when deploying sensitive new features).
Backups: We perform regular backups of data (including User Content) to prevent loss or unavailability. These backups are stored securely, often encrypted, and periodically tested to ensure data can be restored if needed. In case of a technical incident or disaster, we have recovery plans to restore data access promptly.
Logging and Monitoring: We maintain access logs and use intrusion detection systems to identify abnormal activity. For example, if an account experiences multiple failed login attempts or unusual data extraction volumes, these signals are analyzed and may trigger measures (alerts, additional verification, temporary blocking, etc.). This enables quick responses to potential malicious activity or data breaches.
Internal Policies: Our teams are trained in security and privacy best practices. We have internal policies (IT charter, incident response protocols, access rights management) to govern data handling. We also require our sub-processors to maintain high security standards, verifying their certifications or standards (e.g., ISO 27001, SOC2 audits, if available) and including security requirements in our contracts with them.

While we do our best to protect your information, no system is 100% infallible. In the event of a personal data breach (a security incident resulting in the destruction, loss, alteration, unauthorized disclosure, or access to personal data) likely to pose a high risk to your rights and freedoms, we will notify you promptly and the competent data protection authority (e.g., CNIL) in accordance with our legal obligations (notification within 72 hours if required by the GDPR).

User Tips: You also have a role in protecting your data. We encourage you to choose a strong, unique password for your Lynk account, keep it confidential, and enable two-factor authentication if we offer this feature. Be cautious of phishing attempts: Lynk will never ask for your password via email. If you suspect a communication’s authenticity, contact us directly. Also, log out of your account when finished, especially on public or shared devices.

Your Rights

Under the GDPR and other applicable laws, you have a set of rights regarding your personal data, which we respect diligently. Here is an overview of these rights and how to exercise them:

Right of Access: You have the right to ask us to confirm whether personal data about you is being processed by Lynk and, if so, to access all such data. This includes receiving a copy of the data we hold about you and information about the purposes of processing, data categories, recipients, retention periods, etc. (this information is generally provided in this Policy). We will provide this information in an understandable format, either via electronic export or a written statement, unless you request otherwise. Note: For additional copies, we may charge reasonable fees based on administrative costs if permitted by local law.
Right to Rectification: If you find that personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected or completed. The easiest way to update basic account information (e.g., name, email) is to log into your Lynk account and edit your profile settings directly. For other rectifications, you can contact our support or privacy team.
Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data in certain cases. This is possible, for example, if the data is no longer necessary for the purposes for which it was collected, if you withdraw your consent (for consent-based processing) and no other legal basis applies, if you object to processing and no overriding legitimate grounds exist, or if we have processed your data unlawfully. We will honor deletion requests when legal conditions are met. Note that this right is not absolute: we may not immediately delete certain data if we have a legal obligation to retain it (e.g., invoices) or an overriding legitimate interest (e.g., fraud prevention, legal defense). In all cases, we will inform you of the data deleted and, if applicable, any data retained with the legal justification.
Right to Restriction of Processing: You have the right to request that we “freeze” the use of your personal data (i.e., retain but not use it, except for limited purposes) in certain situations. For example: if you contest the accuracy of data, you can request restriction while we verify its accuracy; if you object to processing based on our legitimate interest, you can request restriction during the balancing test; or if the processing is unlawful but you prefer restriction over deletion. During restriction, we will cease using the affected data (except for storage and possibly for legal defense or protecting others’ rights) until the restriction is lifted. We will inform you if the restriction is lifted.
Right to Object: You can object at any time, for reasons related to your specific situation, to processing based on our legitimate interest. If you exercise this right, we will stop the processing unless we demonstrate compelling legitimate grounds to continue (e.g., a vital or legal need) that override your interests and rights, or for legal defense purposes. Additionally, when your data is processed for direct marketing, you can object at any time without conditions. In such cases, we will stop without question (e.g., if you no longer want our newsletters, you can use the unsubscribe link or notify us). Regarding objections to using your data for AI model improvement: as noted, we do not do this without consent, but if you consented and change your mind, you can object/withdraw consent, and we will stop using your data for those purposes.
Right to Data Portability: For data you provided directly to us and processed automatically based on your consent or a contract, you have the right to receive that data in a structured, commonly used, and machine-readable format to reuse it or transmit it to another service. Upon request, and if technically feasible, we can also transfer this data directly to another data controller you designate. This right applies, for example, to raw content you uploaded to Lynk or basic profile data. It does not apply to derived or inferred data (e.g., internal notes, analyses). When you exercise this right, we will provide the export within a reasonable timeframe in a standard format (e.g., JSON, CSV, depending on the data type).
Right to Withdraw Consent: For any processing based on your consent, you can withdraw that consent at any time. Withdrawal does not affect prior processing but means we will stop the relevant activity going forward. For example, if you consented to using your chat data for AI training and withdraw consent, we will not use your future conversations for this purpose. Withdrawing consent will not affect core Service functionality but may limit certain additional features requiring consent (e.g., personalized improvements tied to data sharing). We respect your choice without undue negative consequences.
Right Not to Be Subject to Automated Decision-Making (Including Profiling): In principle, Lynk does not make solely automated decisions about you that produce legal effects or significantly affect you without human intervention. Algorithmic processing (e.g., via AI) is intended to provide a service (e.g., generating a response to a query) rather than evaluating or deciding something about you as a person. If we were to implement such automated decision-making in the future (e.g., automated filtering leading to service denial), you would have the right to human intervention, to express your viewpoint, and to contest the decision. We will inform you explicitly if such processing occurs.

To exercise any of these rights, contact us at any time via email at contact@getlynk.co or by postal mail to Lynk – Privacy/Legal Department at the address provided above. Please specify the right(s) you wish to exercise and provide enough information to verify your identity (to prevent unauthorized requests). For example, submitting the request from the email address linked to your Lynk account or providing your user ID will expedite verification.

We strive to respond to all requests promptly and within one month of receiving a complete request. This period may be extended by two additional months for complex or numerous requests, but we will inform you within the initial month. Responses are free unless requests are manifestly unfounded or excessive (in which case we may charge reasonable fees or refuse the request, as permitted by law). If we refuse a request, we will explain the reasons, subject to legal restrictions.

If you believe we have not properly respected your rights or our data protection obligations, you have the right to lodge a complaint with a data protection authority. In France, this is the CNIL (www.cnil.fr). If you reside in another EU country, you can contact your local authority (see the European Commission’s list) or the CNIL, which will forward your complaint. We encourage you to contact us first to resolve any issues together: we take your concerns seriously and will work to address them quickly and fairly.

Jurisdiction-Specific Rights and Information

As Lynk is used by individuals worldwide, specific local laws may apply to your data depending on your country/region. We aim to comply with major international privacy regulations. Below are additional details for certain jurisdictions:

EU/EEA Residents: Most of your rights and our obligations are covered by the GDPR and described throughout this Policy (access, rectification, etc.). Additionally, you have the right to lodge a complaint with your local data protection authority, as noted above. If a personal data breach occurs with a high risk to your rights and freedoms, we will notify you directly, in addition to notifying the CNIL, per Article 34 of the GDPR.
Switzerland: Although not part of the EU, Switzerland has its own data protection law (revised LPD). Lynk extends equivalent protections to Swiss users. If you are in Switzerland, you have similar rights to access, rectification, erasure, etc., as under the GDPR. You can contact the Federal Data Protection and Information Commissioner (FDPIC) for complaints. Data transfers from Switzerland abroad are covered by similar safeguards (e.g., we use Switzerland-EU adapted Standard Contractual Clauses for non-Swiss providers).
United Kingdom: Post-Brexit, the UK has its own regime (UK GDPR and Data Protection Act 2018), closely aligned with the GDPR. If you are in the UK, your rights are nearly identical to those described above. You can contact the Information Commissioner’s Office (ICO) for concerns. We apply the UK-approved Standard Contractual Clauses (UK Addendum) for transfers outside the UK where applicable.
California Residents (CCPA/CPRA): If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you additional rights where these laws apply to our activities (depending on certain business thresholds). You have the right to know the categories of personal information we collect about you, the sources, purposes, and third parties with whom we share it. You can also request access to specific personal information we have collected (“Know”) or request deletion (“Delete”), subject to certain conditions. Lynk does not sell your personal information under the CCPA (i.e., we do not disclose your data for monetary or other valuable consideration to third parties for their own purposes, nor do we share it for cross-context behavioral advertising without opt-out options). If we were to engage in such practices, we would inform you explicitly and provide the right to opt out of the “sale” or “sharing” via a compliant mechanism (e.g., a “Do Not Sell/Share My Information” link on our site). To exercise your CCPA rights (access, deletion, etc.), use the contact details in the “Your Rights” section. We may need to verify your identity (or that of your authorized agent) before proceeding. The CCPA protects you from discrimination for exercising your rights: Lynk will not adjust service quality or pricing solely because you exercise a CCPA right.
Residents of Other U.S. States: Between 2023-2025, several U.S. states (e.g., Virginia, Colorado, Connecticut, Utah) have adopted their own digital privacy laws. If you reside in these states, Lynk will comply with these regimes where applicable. For example, Virginia or Colorado laws grant rights to access, rectification, deletion, and portability similar to the CCPA/GDPR, as well as the right to opt out of certain processing (e.g., sensitive data use or profiling leading to significant legal decisions). Lynk will honor these rights as described above. If applicable, you can appeal our refusal of a rights request within the timeframe required by local law by notifying us for reconsideration.
Canada: For Canadian users, we process personal information in compliance with applicable federal and provincial laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and, for Quebec residents, Quebec’s Law 25. This includes obtaining your consent for the collection, use, or disclosure of your personal information, except where permitted by law. You have the right to access the personal information we hold about you and request corrections if inaccurate. To make such a request, use the contact details provided. If unsatisfied with our response, you can contact the Office of the Privacy Commissioner of Canada or your relevant provincial commissioner. Your data may be stored or processed on servers outside Canada (e.g., in Europe or the U.S.), potentially subject to those jurisdictions’ laws; however, we ensure adequate protection as described above. If we plan to use your information for new purposes not originally contemplated, we will inform you and obtain your consent again if required.
Australia: Lynk adheres to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) where applicable. If you are in Australia, you have the right to know what personal information we hold about you, access it (we will provide it in an appropriate format), and request corrections if inaccurate. You can often update basic data via your online account, but contact us for additional corrections. If you have a complaint about how we handle your personal information, submit it in writing; we will acknowledge and respond. If our response is unsatisfactory, you can contact the Office of the Australian Information Commissioner (OAIC). Unless required by law, we will not transfer your personal information outside Australia without your consent, unless the destination offers adequate protection or appropriate contractual mechanisms (similar to GDPR SCCs).

We also closely monitor evolving AI and data regulations. For example, the EU’s AI Act, currently being finalized, may introduce additional transparency obligations when AI systems interact with individuals. Lynk is already committed to clearly informing users when they interact with AI rather than a human, if required by law or transparency demands. We will also provide mechanisms for users to control the use of their data for AI training, in line with best practices and emerging laws.

Use of Cookies and Similar Technologies

(If applicable, insert or reference a separate Cookie Policy here.)

Our Services use cookies (small text files stored on your device) and similar technologies (web beacons, pixels, local storage, etc.) to operate the site/application and collect certain information. For example, we use:

Essential Cookies: Necessary for the Service’s operation (e.g., maintaining your logged-in session, retaining configuration settings). These cookies cannot be disabled as the Service would not function properly without them.
Preference Cookies: Used to remember your choices (language, interface settings) to improve your experience.
Analytics Cookies: Provided by trusted third parties (e.g., Google Analytics, Matomo) to understand how our platform is used (pages viewed, frequent actions, etc.) and help us improve it. We configure these tools to anonymize IP addresses where possible and comply with local regulations (e.g., in Europe, we seek consent before placing certain analytics trackers unless fully anonymized solutions exempt from consent are used).
Marketing/Third-Party Cookies: To date, Lynk does not display third-party ads on its site or use advertising cookies. If this changes, we will update this section and obtain required consents.

You can control and manage cookies via your browser (blocking or deleting cookies) and, where applicable, through the consent banner displayed on your first visit (depending on the region). Note that blocking all cookies may impair some Service functionalities (e.g., requiring repeated logins). For more details, see our Cookie Policy (if documented separately).

Third-Party Services

The Lynk platform may contain links to external sites or services managed by third parties (e.g., a blog article, help video) or allow integration with other tools (via API). This Privacy Policy applies only to Lynk, not to third-party sites/services. We do not control their privacy practices and do not necessarily endorse them. We encourage you to review the privacy policies of any third-party service you visit or interact with, as their data processing is governed by their own rules.

For example, if you interact with us on social media (Twitter, LinkedIn, etc.) or use authentication via Google/LinkedIn, those third-party services may collect information through your interaction, subject to their policies (Twitter/X, Google, etc.). Similarly, if a white-label partner provides our service under their branding and collects additional data from you, their policy applies to that additional data.

We strive, where possible, to select partners or integrations that adhere to high data protection standards.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, new features, or compliance with new legal or regulatory requirements. If we make significant changes affecting your rights or how we process your data, we will notify you appropriately:

Website/Application Notification: We will post the revised Policy on our website (and/or application) with an updated “Last Updated” date at the top. We may also display a banner or pop-up on your next login to inform you of the update.
Email Notification: If you have provided a contact email, we may send an email about key changes, especially if your action is required or if mandated by law. For example, if we change the legal basis for processing or wish to use your data for a new purpose requiring consent, we will contact you directly.

Changes take effect upon publication unless otherwise stated in the notification. Your continued use of the Services after the changes take effect constitutes acceptance of the updated Policy, within the limits of applicable laws. If you disagree with the changes, you may stop using the Service and/or exercise your rights (e.g., request data deletion).

We encourage you to review this page regularly to stay informed about our privacy practices. An archive of previous versions may be provided upon request for transparency.

Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us. The easiest way is to email contact@getlynk.co. You can also write to us at:

Lynk – Legal/Privacy Department

[Full postal address of Lynk]

[Postal Code, City] – [Country]

We will do our best to respond promptly and assist you. Your trust is paramount, and we appreciate you sharing any questions or feedback about our data handling.

Thank you for taking the time to read our Privacy Policy.

By using Lynk, you place your trust in us, and we commit to handling your data with the utmost care, transparency, and respect it deserves.

Lynk Privacy Policy

Last Updated: July 22, 2025

Introduction

Identity of the Data Controller

Personal Data Collected

Registration and Account Information: When you create a Lynk account, we request identification information such as your first and last name, email address, phone number, username, password, and possibly your organization or company name. This data is necessary to open and maintain your user account and provide our Services. Providing this information may be mandatory to contract with us; failure to provide it may prevent you from creating an account or using the Service (e.g., not providing a valid email address will prevent account creation).
Profile and Preference Data: You may choose to provide additional information as part of your user profile (e.g., a profile picture, job title, geographic location, etc.). You may also configure certain preferences through your account settings, such as language or communication preferences. This optional information allows us to personalize your user experience, but providing it is at your discretion.
Content and Data Provided via the Services: When you use Lynk, you may provide or generate content, including text, documents, data, files, or other information (“User Content”). For example, you may submit business data, questions, prompts, or documents to leverage our AI features (such as training or fine-tuning models on your data or generating responses via an AI agent). This User Content may contain personal data, especially if you include information about employees, clients, or other individuals in the provided data. You are fully responsible for any content you provide through the Service and must ensure you have the right to share and process it within Lynk (see also the “Your Responsibilities” section in our Terms of Use). We process this content solely to provide the Service (e.g., training a dedicated AI model for you, generating requested results, storing data at your request) and within the limits described in this Policy.
Transaction and Payment Data: If you purchase credits or subscribe to a paid plan, we process payment information. This may include your billing address and transaction details. Note: We do not directly store your full payment card information. Payments are processed by our PCI-DSS-compliant third-party payment service providers (e.g., Stripe, PayPal, etc.), who securely handle your payment data. We only retain minimal data necessary for billing, subscription management, and traceability (e.g., billed amount, date, payment status, last four digits of the payment card, etc.).
Technical and Navigation Data: When you interact with our Services, we automatically collect certain technical information. This includes log data such as your device’s IP address, unique device identifiers, browser type and version, operating system, access date and time, pages visited, and data about your interaction with the Service (e.g., clicks, actions within the interface). We may also use cookies and similar technologies to ensure site functionality, remember your preferences, and analyze platform usage. For more details, please refer to our Cookie Policy (if applicable). This navigation data helps us secure the Services and continuously improve their performance.
Communications: If you contact us (e.g., via support email, contact form, or chat), we will retain the content of those communications, your name, contact details, and our response. This allows us to track your requests, respond effectively, and improve our customer service.
Data Received from Third Parties: Generally, we collect data directly from you when you use Lynk. In limited cases, we may obtain information about you from third parties. For example, if your employer or a third-party entity invites you to use Lynk under a contract between that entity and Lynk (e.g., an enterprise client or white-label partner), we may receive certain information from them to create your account (e.g., your first name, last name, and professional email). Similarly, if you sign up via a third-party login option (e.g., Sign-in with Google), we will receive the necessary information from that identity provider with your consent (e.g., your name and email validated by Google). Finally, we may collect data about you from publicly available sources or our business partners, but only if relevant and lawful (e.g., to enrich or verify your professional profile information or confirm your status as a client). If we collect personal data indirectly in this way, we will inform you separately in accordance with the GDPR.

Purposes of Processing and Legal Bases

Service Provision and Account Management: We process your account information and User Content to create and manage your account, authenticate you during logins, provide platform functionalities (e.g., executing queries submitted to our AI, hosting imported data, performing dedicated model training if you use this feature), and generally perform the contract we have with you as a user. Legal Basis: Performance of a contract (Terms of Use) between you and us. This processing also includes managing usage credits or subscriptions (e.g., calculating consumed credits, allocating credits, tracking credit transfers if you are a white-label partner) and handling requested features.
Payment and Billing Operations: We use transaction data (and possibly some identification data) to process your payments, issue invoices, detect and prevent payment fraud, and comply with our accounting and tax obligations. Legal Basis: Performance of a contract (providing the requested paid service) and compliance with our legal financial and tax obligations (e.g., retaining transaction records).
Customer Support and Communication: If you contact our support, we use your contact details and the content of your request to assist you, answer your questions, resolve technical issues, or provide usage advice. We may also send you service/transactional communications related to the Service (e.g., security notifications, service status alerts, significant changes to terms or privacy policy). Legal Basis: Our legitimate interest in assisting you and ensuring a good customer experience (in some cases, this may also be necessary for contract performance, e.g., informing you of a critical software update).
Service Improvement and Product Development: We analyze usage data, feedback you provide, and in some cases, the content you submit to improve our Services. This includes fixing bugs, analyzing feature usage to guide product decisions, enhancing the user interface and overall experience, and developing new features and offerings. Legal Basis: Our legitimate interest in improving and evolving our Services. We take care to limit the impact on your rights: for example, we use aggregated or pseudonymized data for these internal analyses whenever possible.
Training and Improving Our AI Models: This is a specific purpose related to the nature of our AI-powered Services. We may wish to use certain data (e.g., query content, user interactions with the AI agent, or other provided data) to train, refine, or fine-tune our AI models to improve their quality, relevance, and reliability. However, we recognize the sensitivity of this purpose. By default, we will not use your identifiable personal data to train our general models without your explicit consent. Specifically:
- If we wish to use content associated with your account that may contain personal data (e.g., conversations with a Lynk chatbot or documents you uploaded) to improve our algorithms or general models, we will seek your explicit consent beforehand. This consent, if requested, will be presented clearly (e.g., via a checkbox or dedicated setting stating, “I consent to the use of my data to improve AI models”) and you are free to refuse without affecting your primary use of the Service.
- Without your consent, we will either not use your content for training purposes or use only anonymized and aggregated data that cannot identify any individual. The use of fully anonymized data (i.e., containing no information that could identify you, even indirectly) falls outside the scope of the GDPR and is permitted to improve our tools without impacting privacy. For example, we may extract general statistical patterns or insights from all users’ data, after aggregation, to enhance the AI’s language understanding without processing personal data. When such training activities are conducted, our goal is solely to improve the performance and safety of our AI systems. We do not use this training data for other commercial purposes, such as individual user profiling or marketing, nor do we sell it to third parties. Additionally, if we act as a data processor (e.g., processing a client’s data in a white-label context), we will never use such data to train our models for our own purposes unless explicitly instructed and authorized by the client (per the Data Processing Agreement, DPA). Legal Basis: Our legitimate interest in improving our models may be invoked for the use of anonymized or purely technical data. For any processing involving non-anonymized personal data for algorithm improvement, the legal basis will be consent (Article 6(1)(a) GDPR) if required by law or consistent with our privacy commitments. You have the right to withdraw your consent at any time (see the “Your Rights” section below), which will not affect the lawfulness of prior use.
User Experience Personalization: Where permitted, we may use certain data to personalize the Service based on your settings and behavior. For example, remembering your language preference or presenting more relevant content, help pages, or features based on your usage. This personalization is limited and aimed at improving the Service for you. Legal Basis: Our legitimate interest in providing a tailored experience or consent when required by law (e.g., for certain non-essential personalization cookies, if applicable).
Marketing and Promotional Communications: To date, we do not use your data to send unsolicited marketing communications without consent. If you are a Lynk user, we may send you information about new features or offers that may interest you, such as via our newsletter, provided you have consented or within permitted limits (e.g., soft opt-in rules for similar services in some countries). You can opt out of these communications at any time by unsubscribing (a link will be included in every marketing email). Legal Basis: Consent (if required by local law, particularly for non-customers) or our legitimate interest in promoting our Services to existing customers proportionately.
Legal Compliance and Regulatory Requirements: We may process your personal data to comply with various legal obligations, such as responding to legitimate requests from authorities (e.g., warrants, court orders), complying with applicable laws (data protection, taxation, international sanctions, etc.), or exercising our legal rights and managing potential disputes (e.g., proof of a transaction, litigation management). Legal Basis: Compliance with a legal obligation or, where no specific obligation applies, our legitimate interest in defending our legal interests.

Sharing Data with Third Parties

Lynk is committed to not selling your personal data to third parties. We only share your data with specific categories of recipients and only in the circumstances described below:

Authorized Lynk Personnel: Internally, only authorized Lynk employees and contractors (bound by confidentiality obligations) may access certain data, and only if necessary for their tasks (“need-to-know” principle). For example, the technical team may access system logs for maintenance and security, and the support team may review your profile or relevant content to address a support request. Our staff are trained on data protection and required to comply with this Policy.
Sub-processors and Service Providers: We use trusted third-party companies to help us provide our Services. These partners act under our instructions and use your data only for the specific purposes for which we engage them. Examples of such sub-processors include:
- Cloud hosting and infrastructure providers (e.g., data centers, cloud providers) that store data on their servers. We prioritize hosting providers located in the European Economic Area (EEA) whenever possible to keep data within the EEA. If we use solutions outside the EU, we implement necessary safeguards (see the “International Transfers” section).
- Secure online payment services to process your transactions (as noted, these services handle your payment card data in compliance with security standards).
- Email or notification delivery services (to send validation emails, technical alerts, etc.).
- Analytics and customer support tools (e.g., bug tracking tools, chat support software, CRM platforms) that may process usage or identification data to help us understand Service usage and assist you.
- Potential AI model training or automated content moderation partners. For example, if we use a third-party service to analyze text for inappropriate content or improve our models, these third parties may process certain data under our control and with pseudonymization where possible. In all cases, when sharing data with sub-processors, we enter into a Data Processing Agreement (DPA) compliant with Article 28 of the GDPR, requiring them to protect data adequately, access it only to provide services to Lynk, and maintain confidentiality. We remain responsible for protecting your data in these situations. A list of our main sub-processors can be provided upon request for transparency.
White-Label Partners or Entities Administering Your Access: If you use Lynk through a corporate account, white-label reseller, or group license, we may share certain data with the entity administering your access. For example, if your Lynk account was created by your employer or a Lynk business partner, they may access aggregated usage information (e.g., number of credits consumed, last usage date) to manage the service. Similarly, if a white-label partner provides our platform under their branding, we may share data strictly necessary for their customer relationship management (e.g., to manage their credit pool, redistribute credits, or handle billing). In these cases, the partner is typically the data controller for your contractual relationship with them, and we act as a data processor for that purpose. However, we contractually require our partners to maintain compliant and protective privacy policies. No personally identifiable data is shared with partners unless necessary.
Other Service Users: By default, we do not make your personal data visible to other Lynk users unless required by a feature you use. Lynk is not an open social network: your content typically remains private to your account or accessible only to your organization/team if you use a collaborative version. If you explicitly choose to share content (e.g., publishing a prompt or AI agent for other users, participating in a Lynk-related community or forum), the shared content and your username or profile may be visible to those recipients, depending on what you choose to share. We will inform you in the interface when an action makes your data visible to others, so you can make an informed choice.
Legal Obligations and Legal Context: We may disclose your personal data to third parties if required or permitted by law, including:
- Responding to valid legal requests from public authorities (e.g., subpoenas, court orders, or regulatory demands). If an authority or court requests access to your data as part of a legal process, we will carefully review the request’s validity and provide only the information required by law.
- Protecting our legal rights or those of others: for example, sharing data with our legal advisors or competent authorities if necessary to enforce our Terms of Use, investigate fraud, respond to claims against Lynk, or protect the rights, property, or safety of Lynk, our users, or the public. This may involve sharing information with fraud prevention agencies or law enforcement, as permitted by law. In these cases, we strive to notify the affected individual (e.g., you) if permitted by law, unless notification is prohibited or futile (e.g., in a security emergency).
Mergers and Acquisitions: If Lynk undergoes a merger, acquisition, restructuring, financing, asset sale, or similar transaction, or in the event of insolvency or bankruptcy, your personal data may be transferred to the involved third parties (e.g., the acquiring entity or asset purchaser) as part of the transaction. If applicable, we will contractually ensure that your data continues to be processed under standards equivalent to this Policy, and we will inform you of any change in control affecting your data so you can exercise your rights (e.g., deletion) if necessary.

International Transfers

When your data is transferred outside the EEA, we take steps to ensure these transfers comply with applicable data protection laws. This includes:

Adequate Countries: If data is sent to a country deemed adequate by the European Commission (i.e., offering a level of data protection essentially equivalent to the EU), we rely on that adequacy decision (e.g., Canada for certain commercial data, Japan, the UK post-Brexit, etc.).
Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision (e.g., the U.S.), we implement the European Commission’s Standard Contractual Clauses (updated version 2021), supplemented by additional protective measures if necessary. These SCCs bind our data-importing providers or partners to strict confidentiality and security obligations and require them to respect data subjects’ rights. You can obtain a copy of these clauses by contacting us.
Other Safeguards: Where applicable, we may also rely on other legal transfer mechanisms under the GDPR, such as your explicit consent to the transfer (e.g., if you explicitly request us to transfer your data to a non-EU third party) or the necessity of the transfer for contract performance (e.g., if you are outside the EU and we need to deliver the Service there).

Retention Period

We retain your personal data only for as long as necessary for the purposes for which it was collected, subject to our legal retention obligations. In practice, this means:

Account and Profile Data: As long as you remain an active user of our Services, we retain your account information (basic registration data, profile, settings) in our systems. If you delete your account or it remains inactive for an extended period, we will delete or anonymize this data, except where we must retain it longer for other purposes (see below). For example, if you close your account, we will delete or anonymize most of your data within a reasonable period after closure (typically within 30 days), except for data we must keep.
User Content: Content you provide (documents, imported data, models trained on your data, etc.) is retained as long as you actively use it in the Service. You can often delete this content yourself via the interface (e.g., deleting an uploaded document or resetting a trained model). In such cases, deleted content may remain in backups for a short period but will then be purged from our servers, unless required by law to be retained longer. If you accidentally delete content, we may not be able to restore it after the backup retention period expires.
Technical Data and Logs: System logs and other technical data (e.g., login logs, error logs, query history) are retained for varying periods based on their utility. Typically, activity logs are kept for a few months (e.g., 6 to 12 months) for security audits and performance analysis, then deleted or anonymized. Log information that can be linked to your IP or account will either be deleted or dissociated from personal identifiers after this period, unless a specific need justifies longer retention (e.g., investigating an unresolved security incident).
Transaction Data: We retain records of your transactions and payments (invoices, payment history) as long as necessary for accounting and compliance with applicable tax/accounting obligations. In France, for example, supporting documents must be kept for 10 years for legal reasons. This data may be archived separately once you are no longer a client to meet these legal obligations and will be deleted after the required period.
Communications and Support: Communications you have with us (support emails, tickets) may be retained as long as your account is active and up to 3 years afterward to maintain a history in case of follow-up and improve the Service. However, you can request their deletion earlier, provided this does not conflict with our legitimate interests (e.g., if a ticket contains important instructions for a technical fix, we may need to retain it longer). Online chat records are typically stored for 1 to 2 years maximum.
AI Training Data: If you have consented to your data being used to train our global models, we may retain it as long as it remains useful for that training. However, we will periodically assess whether the information is still relevant or can be deleted/aggregated. If you withdraw your consent, we will stop using that data for future training and strive to remove it from our non-anonymized training datasets to the extent possible (note that for already-trained models, it may not be technically feasible to retroactively “extract” your data’s influence—in such cases, we will not use it for new iterations).
Legal Obligations and Disputes: If certain data is necessary for resolving a dispute, preventing fraud, or complying with legal requirements, we may retain it for the duration of the relevant procedure, even if this exceeds the periods above. For example, if we are in a dispute with a user, we will retain relevant information until the matter is fully resolved, then delete or archive it as required by law.

Data Security

Among the measures we apply:

Encryption: All communications between your browser (or client application) and our servers are protected by up-to-date TLS encryption (HTTPS). Data in transit via our API or web interface is thus encrypted to prevent malicious interception. Additionally, we encrypt sensitive data at rest where appropriate. For example, passwords are stored in hashed form (we cannot see them in plain text), and certain data, such as API keys, sensitive account information, or specific content, may be encrypted on disk or in databases. We follow state-of-the-art cryptography recommendations.
Access Controls: Internally, we strictly limit access to personal data to only those who need it to operate the Service. We use strong authentication mechanisms for infrastructure access (e.g., multi-factor authentication for system administrators). Access to production databases is logged and monitored. We also segment environments (e.g., separate test environments without real data to avoid developers handling personal data during testing).
Testing and Audits: We regularly conduct security tests on our applications and infrastructure (penetration testing, automated vulnerability scans). Critical vulnerabilities are prioritized for immediate fixes. We monitor our platform for suspicious or malicious activity. When needed, we may engage third-party experts to audit our security and ensure its robustness (especially when deploying sensitive new features).
Backups: We perform regular backups of data (including User Content) to prevent loss or unavailability. These backups are stored securely, often encrypted, and periodically tested to ensure data can be restored if needed. In case of a technical incident or disaster, we have recovery plans to restore data access promptly.
Logging and Monitoring: We maintain access logs and use intrusion detection systems to identify abnormal activity. For example, if an account experiences multiple failed login attempts or unusual data extraction volumes, these signals are analyzed and may trigger measures (alerts, additional verification, temporary blocking, etc.). This enables quick responses to potential malicious activity or data breaches.
Internal Policies: Our teams are trained in security and privacy best practices. We have internal policies (IT charter, incident response protocols, access rights management) to govern data handling. We also require our sub-processors to maintain high security standards, verifying their certifications or standards (e.g., ISO 27001, SOC2 audits, if available) and including security requirements in our contracts with them.

Your Rights

Under the GDPR and other applicable laws, you have a set of rights regarding your personal data, which we respect diligently. Here is an overview of these rights and how to exercise them:

Right of Access: You have the right to ask us to confirm whether personal data about you is being processed by Lynk and, if so, to access all such data. This includes receiving a copy of the data we hold about you and information about the purposes of processing, data categories, recipients, retention periods, etc. (this information is generally provided in this Policy). We will provide this information in an understandable format, either via electronic export or a written statement, unless you request otherwise. Note: For additional copies, we may charge reasonable fees based on administrative costs if permitted by local law.
Right to Rectification: If you find that personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected or completed. The easiest way to update basic account information (e.g., name, email) is to log into your Lynk account and edit your profile settings directly. For other rectifications, you can contact our support or privacy team.
Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data in certain cases. This is possible, for example, if the data is no longer necessary for the purposes for which it was collected, if you withdraw your consent (for consent-based processing) and no other legal basis applies, if you object to processing and no overriding legitimate grounds exist, or if we have processed your data unlawfully. We will honor deletion requests when legal conditions are met. Note that this right is not absolute: we may not immediately delete certain data if we have a legal obligation to retain it (e.g., invoices) or an overriding legitimate interest (e.g., fraud prevention, legal defense). In all cases, we will inform you of the data deleted and, if applicable, any data retained with the legal justification.
Right to Restriction of Processing: You have the right to request that we “freeze” the use of your personal data (i.e., retain but not use it, except for limited purposes) in certain situations. For example: if you contest the accuracy of data, you can request restriction while we verify its accuracy; if you object to processing based on our legitimate interest, you can request restriction during the balancing test; or if the processing is unlawful but you prefer restriction over deletion. During restriction, we will cease using the affected data (except for storage and possibly for legal defense or protecting others’ rights) until the restriction is lifted. We will inform you if the restriction is lifted.
Right to Object: You can object at any time, for reasons related to your specific situation, to processing based on our legitimate interest. If you exercise this right, we will stop the processing unless we demonstrate compelling legitimate grounds to continue (e.g., a vital or legal need) that override your interests and rights, or for legal defense purposes. Additionally, when your data is processed for direct marketing, you can object at any time without conditions. In such cases, we will stop without question (e.g., if you no longer want our newsletters, you can use the unsubscribe link or notify us). Regarding objections to using your data for AI model improvement: as noted, we do not do this without consent, but if you consented and change your mind, you can object/withdraw consent, and we will stop using your data for those purposes.
Right to Data Portability: For data you provided directly to us and processed automatically based on your consent or a contract, you have the right to receive that data in a structured, commonly used, and machine-readable format to reuse it or transmit it to another service. Upon request, and if technically feasible, we can also transfer this data directly to another data controller you designate. This right applies, for example, to raw content you uploaded to Lynk or basic profile data. It does not apply to derived or inferred data (e.g., internal notes, analyses). When you exercise this right, we will provide the export within a reasonable timeframe in a standard format (e.g., JSON, CSV, depending on the data type).
Right to Withdraw Consent: For any processing based on your consent, you can withdraw that consent at any time. Withdrawal does not affect prior processing but means we will stop the relevant activity going forward. For example, if you consented to using your chat data for AI training and withdraw consent, we will not use your future conversations for this purpose. Withdrawing consent will not affect core Service functionality but may limit certain additional features requiring consent (e.g., personalized improvements tied to data sharing). We respect your choice without undue negative consequences.
Right Not to Be Subject to Automated Decision-Making (Including Profiling): In principle, Lynk does not make solely automated decisions about you that produce legal effects or significantly affect you without human intervention. Algorithmic processing (e.g., via AI) is intended to provide a service (e.g., generating a response to a query) rather than evaluating or deciding something about you as a person. If we were to implement such automated decision-making in the future (e.g., automated filtering leading to service denial), you would have the right to human intervention, to express your viewpoint, and to contest the decision. We will inform you explicitly if such processing occurs.

Jurisdiction-Specific Rights and Information

EU/EEA Residents: Most of your rights and our obligations are covered by the GDPR and described throughout this Policy (access, rectification, etc.). Additionally, you have the right to lodge a complaint with your local data protection authority, as noted above. If a personal data breach occurs with a high risk to your rights and freedoms, we will notify you directly, in addition to notifying the CNIL, per Article 34 of the GDPR.
Switzerland: Although not part of the EU, Switzerland has its own data protection law (revised LPD). Lynk extends equivalent protections to Swiss users. If you are in Switzerland, you have similar rights to access, rectification, erasure, etc., as under the GDPR. You can contact the Federal Data Protection and Information Commissioner (FDPIC) for complaints. Data transfers from Switzerland abroad are covered by similar safeguards (e.g., we use Switzerland-EU adapted Standard Contractual Clauses for non-Swiss providers).
United Kingdom: Post-Brexit, the UK has its own regime (UK GDPR and Data Protection Act 2018), closely aligned with the GDPR. If you are in the UK, your rights are nearly identical to those described above. You can contact the Information Commissioner’s Office (ICO) for concerns. We apply the UK-approved Standard Contractual Clauses (UK Addendum) for transfers outside the UK where applicable.
California Residents (CCPA/CPRA): If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you additional rights where these laws apply to our activities (depending on certain business thresholds). You have the right to know the categories of personal information we collect about you, the sources, purposes, and third parties with whom we share it. You can also request access to specific personal information we have collected (“Know”) or request deletion (“Delete”), subject to certain conditions. Lynk does not sell your personal information under the CCPA (i.e., we do not disclose your data for monetary or other valuable consideration to third parties for their own purposes, nor do we share it for cross-context behavioral advertising without opt-out options). If we were to engage in such practices, we would inform you explicitly and provide the right to opt out of the “sale” or “sharing” via a compliant mechanism (e.g., a “Do Not Sell/Share My Information” link on our site). To exercise your CCPA rights (access, deletion, etc.), use the contact details in the “Your Rights” section. We may need to verify your identity (or that of your authorized agent) before proceeding. The CCPA protects you from discrimination for exercising your rights: Lynk will not adjust service quality or pricing solely because you exercise a CCPA right.
Residents of Other U.S. States: Between 2023-2025, several U.S. states (e.g., Virginia, Colorado, Connecticut, Utah) have adopted their own digital privacy laws. If you reside in these states, Lynk will comply with these regimes where applicable. For example, Virginia or Colorado laws grant rights to access, rectification, deletion, and portability similar to the CCPA/GDPR, as well as the right to opt out of certain processing (e.g., sensitive data use or profiling leading to significant legal decisions). Lynk will honor these rights as described above. If applicable, you can appeal our refusal of a rights request within the timeframe required by local law by notifying us for reconsideration.
Canada: For Canadian users, we process personal information in compliance with applicable federal and provincial laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and, for Quebec residents, Quebec’s Law 25. This includes obtaining your consent for the collection, use, or disclosure of your personal information, except where permitted by law. You have the right to access the personal information we hold about you and request corrections if inaccurate. To make such a request, use the contact details provided. If unsatisfied with our response, you can contact the Office of the Privacy Commissioner of Canada or your relevant provincial commissioner. Your data may be stored or processed on servers outside Canada (e.g., in Europe or the U.S.), potentially subject to those jurisdictions’ laws; however, we ensure adequate protection as described above. If we plan to use your information for new purposes not originally contemplated, we will inform you and obtain your consent again if required.
Australia: Lynk adheres to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) where applicable. If you are in Australia, you have the right to know what personal information we hold about you, access it (we will provide it in an appropriate format), and request corrections if inaccurate. You can often update basic data via your online account, but contact us for additional corrections. If you have a complaint about how we handle your personal information, submit it in writing; we will acknowledge and respond. If our response is unsatisfactory, you can contact the Office of the Australian Information Commissioner (OAIC). Unless required by law, we will not transfer your personal information outside Australia without your consent, unless the destination offers adequate protection or appropriate contractual mechanisms (similar to GDPR SCCs).

Use of Cookies and Similar Technologies

(If applicable, insert or reference a separate Cookie Policy here.)

Essential Cookies: Necessary for the Service’s operation (e.g., maintaining your logged-in session, retaining configuration settings). These cookies cannot be disabled as the Service would not function properly without them.
Preference Cookies: Used to remember your choices (language, interface settings) to improve your experience.
Analytics Cookies: Provided by trusted third parties (e.g., Google Analytics, Matomo) to understand how our platform is used (pages viewed, frequent actions, etc.) and help us improve it. We configure these tools to anonymize IP addresses where possible and comply with local regulations (e.g., in Europe, we seek consent before placing certain analytics trackers unless fully anonymized solutions exempt from consent are used).
Marketing/Third-Party Cookies: To date, Lynk does not display third-party ads on its site or use advertising cookies. If this changes, we will update this section and obtain required consents.

Third-Party Services

We strive, where possible, to select partners or integrations that adhere to high data protection standards.

Changes to This Policy

Website/Application Notification: We will post the revised Policy on our website (and/or application) with an updated “Last Updated” date at the top. We may also display a banner or pop-up on your next login to inform you of the update.
Email Notification: If you have provided a contact email, we may send an email about key changes, especially if your action is required or if mandated by law. For example, if we change the legal basis for processing or wish to use your data for a new purpose requiring consent, we will contact you directly.

We encourage you to review this page regularly to stay informed about our privacy practices. An archive of previous versions may be provided upon request for transparency.

Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us. The easiest way is to email contact@getlynk.co. You can also write to us at:

Lynk – Legal/Privacy Department

[Full postal address of Lynk]

[Postal Code, City] – [Country]

We will do our best to respond promptly and assist you. Your trust is paramount, and we appreciate you sharing any questions or feedback about our data handling.

Thank you for taking the time to read our Privacy Policy.

By using Lynk, you place your trust in us, and we commit to handling your data with the utmost care, transparency, and respect it deserves.

Lynk Terms of Use

Last Updated: July 22, 2025

1. Introduction and Acceptance of the Terms of Use

Welcome to Lynk. These Terms of Use (“Terms” or “TOU”) set out the legally binding terms and conditions governing your access to and use of our Services. By creating an account or using Lynk’s products, services, websites, and applications (collectively, the “Services”) in any way, you fully and unconditionally accept these Terms. If you do not agree with these Terms, you are not authorized to use our Services.

Parties to the Agreement: These Terms constitute an agreement between you (“User” or “you”) and Lynk (referred to as “Lynk,” “we,” “us,” or “the Company”), a company registered and domiciled in [country] under number [●]. If you use the Services on behalf of an organization (e.g., your employer) or as a reseller/partner, you represent that you have the authority to bind that organization, and “you” will refer to that entity. In such cases, you accept these Terms on behalf of that organization, and all obligations imposed on the User will apply to that entity.

Age and Legal Capacity: Lynk’s Services are primarily intended for professional or adult users. By accepting these Terms, you certify that you have reached the age of legal majority in your country of residence (18 in most cases), or at least 16 if permitted by applicable law with parental or guardian consent. If you are between 16 and 18, you declare that you have obtained the consent of your parent or legal guardian to use Lynk, and they have read and accepted these Terms on your behalf. In any case, use of the Services is prohibited for children under 16. You also declare that you have the legal capacity to enter into a binding contract. If you lack this capacity or are not authorized, you must not use Lynk.

Applicable Version: The “Last Updated” date at the top of this document indicates the current version of the Terms. These Terms may be updated from time to time (see the “Changes” section below). We recommend periodically reviewing the Terms to stay informed. In the event of a material update, we will notify you through appropriate means (e.g., website notification or email).

By checking “I Accept” during account creation or continuing to use the Services after the Terms are published, you confirm that you have read, understood, and accepted the content of these Terms. If you violate any provision of the Terms, Lynk reserves the right to suspend or terminate your access (see the “Termination” section).

For any questions about these Terms, you can contact us at [contact email]. We hope you enjoy our Services and thank you for your trust.

2. Description of Lynk Services

Lynk is a cutting-edge online platform combining artificial intelligence and data management solutions. Our Services enable users to:

Create, train, and deploy customized conversational agents and AI models – for example, you can launch an AI agent powered by Lynk’s language processing technologies (LLM), fine-tune it with your own data to respond relevantly to queries in your domain, and integrate it into your website or application.
Connect your knowledge bases and data sources – Lynk provides a “Semantic Layer” that allows you to centralize data and transform it into actionable insights for AI. You can import documents, databases, or connect third-party APIs and query this data via the AI agent.
Use a flexible credit system – Access to certain Lynk features, such as executing queries or deploying models, operates on a consumption-based credit system. Users can purchase credit packs or subscribe to plans that include a monthly credit allocation. Each API call or query may consume a defined number of credits. (See the “Plans and Payments” section for details).
Benefit from a collaborative and governed interface – The platform includes data governance tools, a catalog, multi-user management, query caching, security rule enforcement, etc., to enable enterprise use.
Customization and white-labeling – Lynk offers partners the ability to resell the Service under their own branding (white-label). In this context, the Partner can customize the interface (name, logo, etc.) and manage their own end customers using Lynk’s infrastructure in the background. (See the special “White-Label Partners” clause).

The Services may evolve over time. Lynk reserves the right to add new features, modify, or discontinue existing features to improve the platform or meet technical or commercial requirements. Unless otherwise stated, all new features are also subject to these Terms.

Documentation: User manuals, guides, or FAQs (the “Documentation”) are available via our website (e.g., docs.getlynk.ai). We recommend reviewing this Documentation to understand how to use the Services correctly. In case of any conflict between the Documentation and the Terms on a legal or contractual point, the Terms prevail.

Support: Lynk may offer technical support to users through various channels (email, chat, dedicated support for certain plans). The nature and availability of support may depend on your subscription type (e.g., Enterprise clients may receive priority support). Support details are provided on our website or in specific contracts. These Terms do not guarantee a specific service level unless expressly stated, but we will make reasonable efforts to ensure service continuity (see the “Availability” section).

By accessing the Services, you acknowledge that using AI technology involves certain particularities. Notably, responses generated by Lynk’s AI models are produced automatically based on data and training. While we aim for high reliability, the AI may sometimes produce inaccurate or inappropriate responses. It is your responsibility to exercise judgment and caution regarding the use of the results provided. Lynk does not guarantee that AI responses will be accurate, complete, or suitable for any specific situation (see the disclaimer clause below). You are solely responsible for the use you make of the information provided by the Services.

3. User Account and Security

3.1. Account Creation

To use Lynk (outside of any public demo mode), you must create a user account. During registration, you agree to provide accurate, up-to-date, and complete information about yourself (e.g., your name, a valid email address, etc.). Mandatory information is marked as such. If this information changes over time, you agree to update it promptly in your profile.

You may create an individual account or, if available, join an organizational account (team or company). In such cases, an administrator may invite you and pre-fill certain information (e.g., name, professional email). You will then need to complete the registration. If you create an account on behalf of a legal entity, you declare that you have the authority to bind that entity to the Terms, as noted above.

Certain Lynk plans may allow the creation of multiple accounts (e.g., an administrator account managing multiple Authorized Users within an organization). In this case, the client entity must ensure that each internal user complies with these Terms. The primary account will be responsible for the activity of its associated users.

3.2. Credentials and Account Security

You will be prompted to choose (or be assigned) a unique identifier (e.g., a username) and a confidential password. You are responsible for maintaining the confidentiality of your login credentials. You must not share your password or allow a third party to access your account, except as authorized through provided features (e.g., adding a team member via the multi-user system without sharing your own credentials).

Any action performed from your account is presumed to have been performed by you. If you discover or suspect unauthorized use of your account, you must notify us immediately at support@lynk.ai and change your password. Lynk will not be liable for losses or damages resulting from your failure to secure your account. We may suspend or block an account if we suspect compromise or fraudulent activity to protect the account owner and the platform’s integrity.

We recommend using a strong, unique password for Lynk (containing uppercase/lowercase letters, numbers, symbols) and changing it periodically. If Lynk offers a multi-factor authentication (2FA) option, we strongly encourage you to enable it to add an extra layer of security to your account.

3.3. Inactive Account

If your user account remains inactive for an extended period (e.g., more than 12 months without login and no active subscription), Lynk reserves the right to deactivate or delete it to free up resources. We will generally attempt to notify you before deleting an inactive account by sending an email to the registered address.

3.4. Accuracy of Information

All information you provide for your account must be truthful. You agree not to create an account by impersonating someone else or using a false identity. You also agree to keep your contact details up to date so we can reach you when needed (e.g., for legal or security notifications). Lynk reserves the right to suspend or close accounts containing false, incomplete, or misleading information.

3.5. Account Holder Behavior

As the account holder, you are responsible for all activity conducted through your account, whether authorized by you or not. This includes the actions of your collaborators if you grant them access (e.g., as a team admin). You agree to oversee and be responsible for compliance with these Terms by anyone you authorize to use Lynk through your account or organization.

In case of a security breach or misuse related to your account, you agree to cooperate with Lynk to address the issue, such as providing necessary information for an investigation, changing credentials, etc.

3.6. Minimum Age for Sub-Accounts

If you manage an account that grants access to other users (e.g., your employees, end customers in a white-label context), you must ensure that each of these users meets the age and capacity requirements of these Terms. No sub-user under 16 years old is permitted. You are responsible for obtaining necessary parental consents if you include authorized users aged 16-17.

In summary, ensure the security of your account and access. Lynk is not responsible for your own security lapses but will provide tools to help protect your account (security options, suspicious login alerts, etc.).

4. Plans, Payments, and Credits

4.1. Lynk’s Business Model

Lynk offers several plans to access the Services, often combining a consumption-based credit system and/or monthly/annual subscriptions. The business model may evolve, but the current framework is as follows:

Usage Credits: Many actions on the platform (e.g., executing an AI query, querying a knowledge base, training a model, etc.) consume credits. A credit is a unit of consumption defined by Lynk (see the Documentation for exact conversion, e.g., 1 API call = 1 credit). You can purchase credit packs or receive a credit allocation included in a subscription. Each time you use the Service, the corresponding credits are deducted from your balance. This pay-as-you-go system ensures you pay based on actual usage.
Plans/Subscriptions: Lynk may offer subscription plans (monthly or annual) that include a certain number of credits per period, possibly with additional features (e.g., number of authorized users, priority support, etc.). For example, a “Starter” plan may include 200,000 credits/month for a fixed fee, while a higher-tier plan includes more with added benefits. If you exceed the included credit allocation, you will be charged for additional credits at the applicable rate (e.g., X€ for 10k additional credits). Some plans may also limit or expand user numbers, cache retention, etc., as indicated in our pricing grid.
Hybrid/Site-Based Model: Currently, Lynk focuses on the credit-based model, but we reserve the right to introduce other billing models in the future (e.g., monthly licenses per deployed website, modular or custom enterprise pricing). The inclusion of a model in these Terms does not imply it is already available, only that we are not contractually limited to a single business model. Unless otherwise specified, payment terms apply similarly across plans (service differences are indicated in the commercial offer).

4.2. Payments and Billing

Currency and Taxes: Prices are generally quoted in [currency] excluding taxes, unless otherwise stated. If sales taxes (VAT, GST) apply, they will be added at checkout in accordance with applicable tax laws based on your location. You are responsible for any indirect taxes or duties applicable to your purchase, excluding Lynk’s income tax.

Payment Methods: You must provide a valid payment method when subscribing to a paid plan. We accept payments via credit card (Visa, MasterCard, etc.) and possibly other methods (PayPal, SEPA transfer, etc.). By providing your payment information, you authorize Lynk (and our payment processor) to charge the amount due for the chosen subscription and, if applicable, additional fees incurred (e.g., purchased additional credits, overages).

For recurring subscriptions, you will be charged automatically at the start of each period (monthly or yearly, depending on your choice) until termination.
For one-time credit purchases, your card will be charged the amount corresponding to the chosen pack upon confirmation.

Automatic Renewal: Unless otherwise stated, subscriptions renew automatically at each term for an equivalent period (e.g., monthly). You can avoid renewal by canceling the subscription before the renewal date (see “Termination”). In case of a price change, we will notify you in advance, and you will have the opportunity to cancel before the new rates apply.

Payment Failures: If a recurring payment fails (e.g., expired card, insufficient funds), we will notify you and may attempt to re-charge in the following days. If the payment is not resolved within a reasonable timeframe (e.g., 10 days), Lynk may suspend your access to paid features (e.g., freezing credit consumption to the available balance) until payment is received. You agree to promptly provide a new valid payment method if the previous one is no longer functional. Lynk may apply late fees or legal interest rates if permitted by law for prolonged non-payment and may pursue legal recovery of amounts owed.

Non-Transferability: Except for authorized partners (see white-label section), purchased credits are tied to your account and cannot be transferred or resold to another user without Lynk’s prior authorization. Similarly, license or subscription credentials cannot be shared between distinct entities without agreement. Any abusive use of the credit system (e.g., unauthorized resale) may result in credit cancellation and account suspension.

Refund Policy: Unless otherwise stated or required by law, all sales are final. This means that fees already paid (current subscription, purchased credits) are not refundable pro-rata for unused portions, except where applicable law mandates a withdrawal period (e.g., for EU consumers, a 14-day right of withdrawal for online service purchases, but note that this right no longer applies once the service is fully performed with your consent). Lynk may, at its discretion, grant a partial refund or commercial credit in exceptional circumstances (e.g., major service disruption caused by us). In case of early termination of an annual plan by you (outside of Lynk’s breach), amounts owed for the initially committed term will not be refunded.

Plan Changes: You can upgrade to a higher plan at any time. The change takes effect immediately, and your billing will be adjusted (e.g., prorated for the remainder of the current month). If you downgrade to a lower plan, the change will take effect at the start of the next billing period. Be aware that downgrading may result in the loss of certain features or reduced quotas (e.g., fewer users, fewer credits). Lynk is not responsible for data loss due to a downgrade (e.g., user deletion if the new plan has a lower maximum – in such cases, we will let you choose which accounts to retain).

Trial and Free Offers: Lynk may offer a free plan or limited free trial period (e.g., X free credits or X days of free access). These offers are subject to the same Terms. We reserve the right to limit the features or duration of free offers and to discontinue them if we suspect abuse (e.g., multiple accounts to obtain multiple trials). If you do not upgrade to a paid plan after the trial, your access may be restricted or terminated. No payment will be charged if you have not provided a payment method for the trial, unless a card was required and you fail to cancel before the trial ends (in which case billing will start automatically post-trial).

4.3. White-Label Partnership Program

Lynk offers a White-Label Partner program for resellers or integrators who wish to offer our Services under their own branding. If you are an authorized White-Label Partner (via a separate contract or specific acceptance), the following additional terms apply:

Lynk grants you a license to use and customize our platform with your branding. You may create sub-accounts for your end customers (“End Users”) via your admin interface. You are responsible for the relationship with your End Users, including first-level support and billing (unless otherwise agreed).
Credit Distribution: As a Partner, you may purchase credits in bulk or benefit from specific rates, then redistribute or resell them to your End Users as part of your commercial offerings. For example, you may sell a package under your brand including X Lynk credits. However, you remain responsible to Lynk for payment of all credits consumed through your white-label instance. Lynk will bill you per the agreed terms (e.g., monthly billing based on your clients’ aggregated usage). Your failure to pay could result in service interruption for all your End Users.
Contract and Compliance: You must ensure that each End User accepts terms of use and a privacy policy at least as strict and protective as these Terms and Lynk’s Privacy Policy. In particular, you must impose the same usage restrictions (section 5) on your clients and clearly inform them that the service involves AI technologies. You must not make promises or warranties on behalf of Lynk beyond what Lynk officially guarantees. In case of conflict between your terms with your clients and your obligations to Lynk, you will indemnify us for any consequences (see the indemnification clause).
Technical Support: Lynk will provide second-level support to the Partner. The Partner is expected to handle initial End User requests. For platform technical issues, the Partner may escalate to Lynk. The Partner must follow established support processes, and Lynk is not obligated to interact directly with End Users unless otherwise agreed.
White-Label Limitations: You are not authorized to completely remove Lynk’s branding where required by law (e.g., legal notices). You must not attempt to reverse-engineer or replicate the Lynk platform to create a direct competing service without going through our official program. Any use of Lynk in white-label without explicit agreement constitutes a violation of these Terms.
Termination of Partnership: Upon termination of the white-label agreement (e.g., you choose to stop, or Lynk terminates for breach), you must cease using our brand and technology. Lynk may, in some cases, contact End Users to ensure a smooth transition (e.g., offering them to migrate directly to Lynk), but is not obligated to do so. You must return or destroy any confidential information provided. End Users you acquired will no longer access the Services through you.

More precise partnership details (e.g., commissions, financial terms) are typically covered by a separate agreement (e.g., Partner/Reseller Contract). In the absence of a signed separate contract, these Terms apply. Lynk reserves the right to refuse or terminate White-Label Partner status in case of breach or misuse of the program.

4.4. Custom Enterprise Offers

Some clients (typically large-scale) may negotiate specific terms with Lynk (e.g., SLA, custom contract). If a separate signed contract exists between you and Lynk with conflicting commercial terms (e.g., pricing, payment, duration), the separate contract prevails. However, for anything not explicitly covered in the other contract, these Terms apply by default.

4.5. Price Changes

Lynk may adjust subscription, credit, or other pricing in the future (e.g., due to evolving infrastructure costs or to align with offered value). If we change the price of an existing subscription you are on:

We will notify you at least 30 days in advance via email and/or platform notification, specifying the new price and effective date.
The price change will take effect at the start of the next subscription period following the notice. If you are on a prepaid annual subscription, the new price will apply at the next annual renewal, not during the prepaid year.
If you do not accept the new price, you must cancel your subscription before the change takes effect. Failure to cancel constitutes acceptance of the updated price for the continuation of your subscription.

Prices for new services or optional modules will be displayed upon their introduction. Temporary promotions or discounts do not necessarily affect the standard price and may be subject to conditions.

By paying us, you warrant that you are authorized to use the provided payment method and that the billing information provided is valid.

Late Payments: Beyond service suspension, any overdue amounts may, after notification and a reasonable unresolved period, result in the immediate exigibility of all owed amounts, plus late interest at the legal rate or as permitted by applicable law (e.g., ECB rate + x points). You may also be liable for reasonable recovery costs.

In summary, ensure you understand how you will be billed and use the Service within your plan’s quotas to avoid unexpected charges. We are transparent about credit consumption (dashboards, alerts) so you can manage your usage. If you have billing questions, contact us promptly.

5. Acceptable Use of the Services

All Lynk users must comply with the acceptable use rules outlined below. These rules aim to ensure legal, ethical, and respectful use of our platform, AI, and processed data. By using Lynk, you agree not to:

5.1. Violate Laws or Third-Party Rights

Illegal Use: Use the Services for unlawful purposes or to facilitate any illegal activity. You must comply with all applicable local, national, and international laws and regulations governing your use of Lynk, including, without limitation, data protection, intellectual property, e-commerce, fraud, defamation, obscenity, and child protection laws. For example, you must not use Lynk to plan or commit an offense, harass others, distribute content prohibited by law, etc.
Infringement of Copyright or IP: Upload, store, publish, or transmit any content via Lynk that infringes third-party intellectual property rights (copyright, trademark, patent, trade secret). You warrant that you own or have the necessary rights or permissions for all content you upload or submit to Lynk. For example, do not upload a copyrighted document without the appropriate license. Similarly, do not use the AI to generate content that violates third-party rights (e.g., generating text copied from a copyrighted book). If we receive a notice of infringement (e.g., DMCA), we will handle it in accordance with applicable law, which may include removing the infringing content or suspending repeat offenders’ accounts.
Violation of Other Rights: Do not violate others’ privacy or image rights or impersonate anyone. For example, do not use Lynk to collect or disclose personal information about someone without a legal basis (e.g., data harvesting, doxxing). Do not use the AI to extract personal information about an identified individual (AI must not be used to profile someone without their consent). You must also not upload data containing sensitive information about individuals (health, sexual orientation, etc.) unless you have their consent or a valid legal basis and take necessary protective measures.

5.2. Security and Service Integrity

Technical Interference: Do not attempt to disrupt or compromise the integrity or performance of the Services or Lynk’s systems. This includes not introducing viruses, worms, malware, logic bombs, or other harmful code. You must refrain from actions aimed at overloading the infrastructure (e.g., DDoS attacks, sending excessive unauthorized automated requests). You must not bypass our security or authentication measures or scan/test our systems’ vulnerabilities without express authorization (no pentesting on our public services without prior agreement).
Unauthorized Access: Do not attempt to illegitimately access other users’ accounts or data not intended for you. This includes not using tools or exploits to hijack credentials or penetrate Lynk’s network. If you accidentally discover a security flaw, please report it to us in good faith and refrain from exploiting it (see our responsible disclosure policy, if applicable).
API Misuse: If you use our API, respect the rate limits and quotas indicated. Do not design a client that sends excessive or non-compliant requests, as this may affect service quality for all. Additionally, do not use bots or scripts to create multiple accounts or scrape data from our platform without written consent. Any automated data extraction from Lynk is prohibited, especially for competitive purposes (see also the Intellectual Property section).
Preservation of Notices: Do not alter or remove copyright, trademark, or other intellectual property notices displayed in the Service or generated by it. For example, if the Lynk interface displays a logo or brand, you must not remove it to imply it is your own solution (except in authorized white-label contexts). Similarly, if Lynk or its AI includes an attribution or watermark in generated content (not default unless specified), do not remove it without permission.

5.3. Inappropriate Content

Prohibited Content: You agree not to create, store, share, or transmit via Lynk any content that is illegal, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, fraudulent, or otherwise objectionable. This includes, but is not limited to:
- Illegal pornography or depiction of minors (strictly prohibited and subject to reporting to authorities).
- Hate speech or content inciting hatred, violence, or discrimination against an individual or group based on race, religion, sexual orientation, gender, etc.
- Content glorifying terrorism, violent extremism, or providing instructions for criminal activities (e.g., weapon or drug manufacturing).
- Scams, phishing, or deceptive communications intended to deceive others (e.g., impersonation, fake technical support).
- Generally, any content violating legal or ethical standards.

Lynk reserves the right (but is not obligated, except for legal reports) to monitor content circulating on the platform and remove any content that violates these rules or applicable law, at its discretion. We may also disable or restrict access to certain features (e.g., suspending the ability to send prompts) if you repeatedly generate illicit or inappropriate content.

Interactions with AI: You understand that the AI agent responds based on the input provided. You agree not to intentionally use Lynk’s AI to generate illegal or harmful content. For example, do not prompt it to produce hate speech, terrorist propaganda, or illicit sexual content. Even though the AI has safeguards, attempting to bypass them (e.g., via malicious prompts, jailbreaks) violates these Terms. You are responsible for the conversations and queries you submit to the AI, just as you are for content you manually upload.
Sensitive Personal Data: You must not share sensitive personal information about others via Lynk, including health data, bank details (e.g., unencrypted card numbers), or identification numbers (e.g., NIR, SSN), unless absolutely necessary and in a secure context. Any third-party personal data you integrate into Lynk must comply with our Privacy Policy and the GDPR (e.g., you have a legal basis). Where necessary, pseudonymize or anonymize data before using it on Lynk.

5.4. Fair Use and Non-Diversion

No Unauthorized Direct Resale: Except under the authorized Partner program, you must not resell, rent, or provide access to Lynk Services to a third party for commercial purposes without Lynk’s consent. For example, you cannot create a web service relying on Lynk in the background without notifying Lynk and obtaining agreement (except for internal use or API use within accepted limits). Similarly, you cannot redistribute or commercialize Lynk credits or transfer your subscription outside the provided terms.
No Reverse Engineering: You are prohibited from reverse-engineering, decompiling, disassembling, or otherwise attempting to retrieve the source code or components of Lynk, except as expressly permitted by mandatory law (and only after notifying us). Lynk’s architecture, AI models, code, and algorithms are protected. Any attempt to bypass technical limitations or copy our features for a competing service is prohibited.
No Unfair Competitive Use: You must not use Lynk to develop, train, or improve a competing service or AI model in a way that harms us. For example, it is forbidden to massively extract AI responses to train another competing AI. It is also prohibited to use bots or scripts to scrape content from our website (e.g., texts, knowledge base) for use elsewhere, particularly to train a model without authorization. Additionally, do not use our channels (e.g., forum, blog) to promote competing products.
Export Control Compliance: In some cases, the AI may provide code or technical artifacts. It is your responsibility not to use these exports in violation of export control or security regulations (e.g., exporting prohibited cryptographic technology to a sanctioned country). Generally, you will comply with applicable export control laws when using Lynk (e.g., if located outside the EU/US, ensure that cloud/AI technology use is not restricted).
Reasonable Volume and Usage: Lynk reserves the right to define what constitutes “reasonable” use of the Service (via credit quotas, API call limits, etc.). If we detect abnormally high usage not anticipated by your plan (e.g., exploiting loopholes for unlimited use), we may suspend access pending clarification. Any unlimited plans, if offered, are subject to non-abusive use in good faith.

5.5. Consequences of Violations

In case of non-compliance with these acceptable use rules, Lynk reserves the right to take any appropriate measures, including but not limited to:

Issuing a formal warning.
Temporarily suspending your access to the Services (e.g., account freeze, blocking of offending features).
Removing or disabling infringing content.
Permanently terminating your account for cause (see the Termination section).
Notifying competent authorities if the activity constitutes a crime (e.g., exploitation of child pornography, cyberattacks) or pursuing legal action to stop the harm or seek redress.

You understand and agree that Lynk has no obligation to actively monitor all user content or activities but reserves the right to do so and act to preserve the security, legal compliance, and integrity of our Services. No tolerance or lack of action by us regarding a violation constitutes a waiver of our rights to enforce them later.

If you believe another user is violating these rules (e.g., you encounter offensive content generated via Lynk or abuse), please report it immediately to abuse@lynk.ai or any available reporting button. We will review and address good-faith reports promptly.

In summary, use Lynk responsibly. These rules aim to protect all users and ensure our platform remains a trusted space. You are our partner in this goal, and we appreciate your cooperation.

6. User Content and Intellectual Property

6.1. Your Content and License to Lynk

Ownership of User Content: You retain all ownership rights to the data, texts, files, documents, and other content you provide, upload, or generate through the Services (“User Content”). Lynk does not claim ownership of your content. What belongs to you before using the platform remains yours.

License Granted to Lynk: To enable us to provide the Service effectively, you grant Lynk and our subcontractors acting under our instructions a non-exclusive, worldwide, royalty-free, sublicensable (solely for working with our providers), and transferable (in case of corporate restructuring) license to use, reproduce, process, access, modify, adapt, publish, translate, distribute, and display your User Content, only to the extent necessary to (a) operate, maintain, and improve the Services in accordance with the contract, and (b) develop and train our AI models or algorithms, subject to the Privacy Policy. This means, in practice:

We may store your data on our servers, access it for backup purposes, display it in the interface for you, duplicate it across nodes for performance, etc.
We may adapt or transform your content if needed to make it compatible with the Service (e.g., generating search indexes, converting file formats, or analyzing text for AI).
If you share content with others (e.g., a public AI agent), we may distribute it to the intended recipients.
Regarding service improvement and model training: if you have consented (or if otherwise permitted by law, e.g., anonymized data), we may include portions of your content or derived data in our AI training processes to improve model quality. For example, your interactions with a Lynk chatbot may help refine future responses. This part of the license is limited by the Privacy Policy: without your consent, we will only use anonymized or aggregated data for improvement, never identifiable personal data to train models accessible to others. This license does not allow us to sell your data or use it outside the scope of the Service. It is solely to operate Lynk and its features as intended.

This license on your content ends when you delete said content from the Service or your account, within a reasonable technical timeframe. However, you acknowledge that backup copies of your data may persist for a short period after deletion, and if your content was shared with other users, they may have copies beyond our control (e.g., if you sent a generated response to a colleague, we cannot retract it from their possession). Additionally, any prior use in an AI model cannot be “undone,” but this will only occur in accordance with the Privacy Policy.

Your Warranties on Content: You represent and warrant that you own or have the necessary rights to all User Content you use in Lynk, including to grant the above license. You confirm that neither this content nor its use via Lynk infringes any third-party rights or the law. In other words, you are responsible for your content and its legality. Lynk is not liable for content provided by you or other users through the Service.

6.2. AI-Generated Content

Lynk, through its AI models, may generate content in response to your queries (text, code, responses, etc.). The ownership and use of this Generated Content work as follows:

Free Personal/Business Use: Subject to compliance with these Terms, Lynk grants you a non-exclusive license to use AI-generated results for your legitimate purposes, commercial or otherwise. For example, if Lynk’s AI helps you write an article or software code, you may use, modify, or publish it, including for commercial purposes, provided you do not violate laws or third-party rights (as noted in the acceptable use section). Lynk does not claim ownership of the AI’s creations that you exploit – however, note that the AI may produce outputs based on its training data, so we cannot guarantee that all generated content is entirely original or free of third-party rights.
No Guarantee of Exclusivity or Originality: Given the nature of the generator, similar content may have been generated for another user with a very similar query. Lynk does not guarantee that each AI output is unique to you. Additionally, as the AI is trained on corpora, it may inadvertently recreate sequences existing in its training data (e.g., standard code, proverbs). Lynk strives to avoid responses that are long quotations of protected material but cannot ensure this 100%. It is your responsibility to verify generated content you intend to publish or exploit from an intellectual property perspective.
No Assignment of Copyright by Lynk: To the extent a generated content could be copyrightable, Lynk (or its licensors) may claim rights to the portion of that content constituting an original output of the software. However, Lynk does not prohibit users from using generated content as indicated. This point is mainly relevant in jurisdictions where the software publisher may claim authorship of outputs. In practice, Lynk will not pursue users for using AI-generated content. We only reserve the right to prohibit the use of generated content to harm Lynk or violate the Terms.
Feedback and Suggestions: If you provide Lynk with feedback, ideas, or suggestions for improving the Service (“Feedback”), we may freely use and incorporate these suggestions without compensation or confidentiality obligation. You waive any rights to these suggestions and grant us a free license to exploit them. This allows us to improve Lynk by incorporating good community ideas.

6.3. Lynk’s Intellectual Property

The Lynk Service, as a platform and software, contains numerous elements protected by intellectual property rights owned by Lynk and its potential licensors. Except for the User Content described above, Lynk and/or its licensors own all rights, titles, and interests in the Services, including but not limited to:

The source and executable code of the Lynk software (front-end and back-end).
The user interface design and layout.
The algorithms, AI models, and architectures developed by Lynk.
The integrated knowledge bases and datasets provided by Lynk.
The Lynk name, logos, trademarks, domain names, and other distinctive signs (which are registered or pending trademarks).
The Documentation and promotional materials provided by Lynk.
Any derivative works, improvements, or updates to these elements made by Lynk.

Nothing in these Terms transfers ownership rights to these elements. Lynk grants you only a limited, revocable, non-transferable, and non-exclusive license to access and use the Services (and Documentation) during the term of your contract, solely for using Lynk in accordance with the Terms and Documentation. Any use outside this scope violates our rights.

You agree not to infringe Lynk’s IP rights. This includes not copying, modifying, distributing, selling, or leasing any part of our Services or protected content, and not using the Lynk name or logo in a way that causes confusion about who operates the service (except in authorized white-label contexts where branding is contractually permitted).

If you wish to mention Lynk in a publication or use our logo (e.g., in an article or client case study), you can contact us for authorization and the correct graphic resources. We support you stating that you use Lynk, as long as it is factual and does not imply a non-existent partnership or endorsement.

6.4. Claims for Infringement

Lynk respects the intellectual property of others and expects its users to do the same. If you believe content available via Lynk (e.g., user-generated or uploaded content) infringes your copyright or other intellectual property rights, please send a detailed notice to [copyright@lynk.ai] with the necessary information (identification of the protected work, infringing content, proof of your rights, sworn statement). We will handle these requests in accordance with applicable laws (e.g., DMCA for U.S. copyright).

In case of confirmed infringement, we will remove or disable access to the infringing content and may sanction the offender (up to account termination for repeat violations).

Note that as Lynk is an interactive service, displayed content is often the result of user queries. Lynk is not the publisher of content you submit or that the AI generates in response to your prompts; we act more as a technical intermediary. Nonetheless, we commit to acting promptly on illicit content once properly notified.

7. Warranties, Liability, and Indemnification

7.1. Limited Warranty of Service Conformity

Lynk strives to provide a high-quality service in line with its Documentation. We warrant that, during an active paid subscription, the Service will substantially perform as described in the provided Documentation, and the core features described will be available in substance. In case of a material Service failure (e.g., major bug, prolonged unplanned downtime), your exclusive remedy will be as described in the “Limited Liability” section below (generally limited to a credit or refund for the unprovided service).

However, given technological complexity, we do not guarantee that the Service will be free of minor bugs or brief interruptions. Nor can we guarantee that AI models will provide accurate results for every query – AI is inherently probabilistic and may make errors or hallucinations. You acknowledge that AI responses or outputs are not guaranteed 100% accurate and should not be relied upon blindly for critical decisions.

7.2. General Disclaimer

EXCEPT AS EXPRESSLY PROVIDED IN THESE TERMS, THE LYNK SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” TO THE MAXIMUM EXTENT PERMITTED BY LAW, LYNK DISCLAIMS ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, REGARDING THE SERVICES AND SOFTWARE PROVIDED, INCLUDING (WITHOUT LIMITATION) ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR UNINTERRUPTED AND ERROR-FREE OPERATION.

For example, Lynk does not guarantee:

That the Service will meet your specific requirements or be perfectly suited for a particular use (e.g., medical, legal, safety-critical use).
That the Service will be available at all times, without interruptions or delays, or free from viruses or other harmful components (though we take security precautions).
That results obtained through the Service (especially AI responses) will be accurate, reliable, complete, or up-to-date. You assume the risk of using these results. You are solely responsible for how you interpret and use generated outputs.
That defects or errors will be corrected immediately. We will make reasonable efforts to fix major issues, but no complex software platform is entirely bug-free.

No information or advice obtained from Lynk or through the Service (whether oral or written) constitutes a warranty not expressly stated in these Terms. You understand that experimentation and vigilance are necessary with innovative technology like AI.

7.3. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, LYNK AND ITS OFFICERS, EMPLOYEES, PARTNERS, OR SUPPLIERS WILL NOT BE LIABLE TO YOU OR ANY THIRD PARTY FOR:

Indirect or intangible damages such as loss of profit, loss of data, loss of business, business interruption, or any other consequential or incidental harm arising from or related to the use or inability to use the Services, even if Lynk was informed of the possibility of such damages.
Direct damages beyond the amounts you paid to Lynk in the 12 months preceding the event giving rise to liability (or, if no payment was made, a maximum amount of 100€). In clear terms, Lynk’s total cumulative liability to you will not exceed the fees you actually paid for the Service over the relevant period, and if no fees were paid (e.g., free use), our liability is limited to a nominal amount.

This cap applies regardless of the legal basis of the claim (contract, tort, warranty, etc.), except in cases of gross negligence or willful misconduct on our part, or other liabilities that cannot be limited by law (see below).

7.4. Legal Exceptions

Some jurisdictions may not allow the exclusion of implied warranties or limitation of liability for certain types of damages. To that extent, the above exclusions and limitations may not apply to you. For example, in the European Union, we do not seek to limit our liability for bodily injury or death caused by our negligence, nor for intentional gross misconduct. Similarly, we do not exclude mandatory legal liability (e.g., in France, liability for defective products or certain consumer statutory warranties).

If you are a consumer with non-derogable legal rights (e.g., statutory conformity warranties in Europe), nothing in these Terms affects those rights. These Terms are primarily drafted for a B2B context, and to the extent permitted, the provisions will limit our liability. If the law imposes a minimum liability, it will apply.

7.5. User Liability

You use Lynk at your own risk. You agree that Lynk will not be liable for your own actions or omissions related to the use of the Service, nor for those of your End Users if you are a partner or administrator.

You are responsible for:

Compliance of your use with the law and these Terms.
Backing up your data: while we maintain backups, you are advised to keep copies of critical data outside Lynk. We will not be liable for the loss or corruption of data hosted on Lynk beyond our legal obligations.
Any decisions made based on AI results. For example, if Lynk’s AI provides code or analysis and you use it as-is without verification, leading to an issue, it is at your risk.

7.6. Indemnification

Indemnification by User: You agree to defend, indemnify, and hold harmless Lynk, its affiliates, and their directors, employees, and agents from any claim, demand, lawsuit, or proceeding by a third party, and all resulting costs, damages, and expenses (including reasonable attorneys’ fees), arising from or related to:

Your use of the Services in violation of these Terms or applicable law.
Any User Content you provided or generated through Lynk, including allegations that such content infringes third-party rights (e.g., copyright, privacy) or caused harm.
Your interactions with your own clients/End Users (if you are white-label or reselling the Service). For example, if one of your End Users sues Lynk due to your failure (e.g., overselling features or improperly obtaining consent), you will indemnify us.
Generally, any breach by you of your representations and warranties in these Terms or any law or third-party rights.

This indemnification obligation includes taking charge of Lynk’s legal defense if applicable or reimbursing Lynk for all costs, damages, or judgments incurred within the above limits. Lynk reserves the right, at its expense, to assume exclusive defense and control of any matter subject to your indemnification, in which case you will cooperate with us in asserting available defenses.

Indemnification by Lynk: In the unlikely event a third party (unrelated to you) brings a lawsuit alleging that Lynk’s technology itself infringes their patent, copyright, or trademark, Lynk will handle the defense of this claim and indemnify you against any monetary damages finally awarded by a court (or negotiated via settlement) for such infringement, provided you promptly notify us of the claim, allow us exclusive control of the defense and settlement, and fully cooperate. This clause does not apply if the claim results from unauthorized use of the platform, your modification of the Service, or combining the Service with elements not provided by Lynk. If the Service is found to infringe, Lynk may, at its option and expense, obtain the right to continue its use, modify it to cease infringement, or, if these options are not reasonably feasible, terminate your subscription with a pro-rata refund. This section states Lynk’s entire liability for third-party IP infringement claims.

8. Term and Termination

8.1. Contract Duration

These Terms take effect upon your acceptance (or when you begin using the Service) and remain in force until terminated by either party as described below.

If you use a plan without a fixed-term subscription (e.g., free or pay-as-you-go without commitment), the contract remains in effect until you close your account or Lynk terminates the Service.
If you have subscribed to a fixed-term plan (monthly/annual), the contract renews automatically as explained in the Payment section, unless terminated.
Specific provisions may apply for framework contracts (e.g., a 12-month enterprise contract, renewable or not).

8.2. Termination by User

Free Termination: You may stop using Lynk and close your account at any time via the interface (when available) or by contacting support. If you terminate during a paid period, unless refund provisions apply, you will not be refunded for the remaining period (we will, however, maintain access until the paid term ends, unless you request otherwise).

To avoid automatic subscription renewal, you must cancel before the renewal date. For example, for a monthly subscription, cancel before the next billing cycle begins. Once canceled, your account may be downgraded to a free tier or deactivated at the end of the current period.

Account Deletion: Full deletion of your data will occur per our Privacy Policy. If you want expedited deletion, please specify (subject to our legal retention obligations).

8.3. Termination or Suspension by Lynk

For Breach: Lynk may temporarily suspend your access or immediately terminate your account without notice if you materially or repeatedly violate these Terms or there is a legitimate reason, such as:

Non-payment of amounts owed after reminder.
Attacks on service security or clearly prohibited misuse (e.g., hacking attempts, dissemination of major illicit content).
IP rights or legal violations posing a legal risk to Lynk.
Flagrant non-compliance with acceptable use rules despite warning.
If you are subject to bankruptcy, cessation of business, or other changes jeopardizing contract performance.

In most cases, we will favor prior warning and dialogue, but if the situation demands (e.g., ongoing illegal activity), we may act without notice. You will be informed of the termination/suspension and the reason.

For Convenience (Free Services): For free/inactive accounts, Lynk may close your account with reasonable notice, e.g., if you have not logged in for over a year (as noted in the Account section).

Service Discontinuation: Lynk reserves the right to discontinue all or part of the Services (e.g., product discontinuation) with reasonable notice to affected users. In such cases, if you paid in advance, we will refund the pro-rata unused portion of your subscription, unless conversion to an equivalent service is offered.

8.4. Consequences of Termination

Upon termination or expiration of the contract, for any reason:

Access Cessation: You will no longer have the right to access or use the Service (except public parts). Any license to use Lynk’s software is immediately revoked.
Data Deletion: We will close your account and delete your data in accordance with our Privacy Policy. We are not obligated to retain or provide your data afterward, except as required by law. We advise exporting any needed data (e.g., reports, generated content) before termination, as permitted by the Service. Lynk may retain backup copies for a limited time, but without guarantee.
Remaining Credits: Unused credits at the termination date are forfeited without compensation, unless a contractual provision or local law mandates otherwise. For example, we do not refund purchased but unconsumed credits, as they were available during the active service period.
Survival: Provisions intended to survive by nature will survive: confidentiality obligations, warranty disclaimers, liability limitations, indemnification, intellectual property provisions, and anything intended to have effect post-termination.

Termination does not affect rights accrued or liabilities incurred by either party up to the termination date. If you owe money prior to termination, you remain obligated to pay. If Lynk owes you a refund, we will fulfill it.

8.5. Force Majeure

Neither party will be liable for delays or failures in performing obligations (except payment obligations) due to events beyond their reasonable control (force majeure). This includes natural disasters, wars, riots, terrorist attacks, non-employee strikes, widespread internet outages, large-scale DDoS attacks beyond usual protections, government injunctions, pandemics, etc. In case of force majeure, obligations are suspended for the duration of the event plus a reasonable recovery period. Each party will strive to minimize effects and resume performance as soon as possible.

9. Confidentiality and Personal Data

Lynk places great importance on confidentiality and data protection. Our comprehensive Privacy Policy is an integral part of this agreement (though a separate document) and explains how we collect, use, store, and share information about you. By accepting these Terms, you acknowledge that you have reviewed our Privacy Policy.

Key highlights:

Your personal data is processed in compliance with the GDPR (if applicable) and other laws.
We use your data primarily to provide and improve the Service and will only share it with third parties as outlined in the Privacy Policy (e.g., providers, legal obligations).
For data you provide to train your AI on Lynk, we often act as a data processor for you (if it’s your business data) – see the Privacy Policy for the distinction. You are responsible for the legality of the data you integrate (e.g., if you include client data, ensure you have necessary permissions). We offer a Data Processing Agreement (DPA) to contractually guarantee our GDPR compliance as a processor, available upon request or during signup.
Unless otherwise stated or with your consent, we do not individually review your data content, except to resolve technical issues or support requests.
See the Privacy Policy for details on opting in to use your data for improving our AI models. By default, without opt-in, we will not use your personal data to train models for other clients, and if we use anonymized data or with consent, it will be explicitly governed.
You have rights over your data (access, rectification, deletion, etc.) as described in the Privacy Policy.

If you are a White-Label Partner, you must also respect the confidentiality of your End Users’ data. For example, you must ensure that any personal data of these clients processed via Lynk is collected and used in compliance with laws (obtaining required consents, providing adequate information in your policy, etc.). As a reseller, you typically act as the data controller for your End Users, and Lynk will be your processor for the technical part. We can enter a DPA with you to this effect.

Confidentiality of Non-Public Information: Beyond personal data, the parties may exchange confidential information (e.g., you may share sensitive business data, or we may provide non-public technical details). Each party agrees to treat as confidential any information identified as such or reasonably understood to be confidential, obtained from the other party under the contract. You will use our confidential information only to benefit from the Service, and we will use yours only to provide it. We will implement appropriate safeguards. This confidentiality obligation survives 5 years post-contract, or longer for trade secrets as long as they remain confidential.

Information is not considered confidential if already legally known, made public without fault, received from a third party legitimately, or independently developed. If legally required to disclose confidential information (e.g., court order), the party will, if possible, notify the other before disclosure.

10. Miscellaneous Provisions

10.1. Governing Law

These Terms and any use of Lynk are governed by French law. If you are a consumer residing in another EU country, you also benefit from mandatory provisions of your country of residence (which may supersede French law for those aspects). This choice of law does not deprive you of protections you are entitled to under your country’s laws, if applicable.

10.2. Jurisdiction

Any dispute arising from or related to these Terms that cannot be resolved amicably will be submitted to the exclusive jurisdiction of the courts of Paris, France, unless mandatory law provides otherwise. If you are a consumer, you may also bring an action in the courts of your domicile.

Additionally, if your country’s law requires (e.g., EU consumers), you may use an alternative dispute resolution method. For example, the EU’s Online Dispute Resolution (ODR) platform is available to resolve disputes online: http://ec.europa.eu/consumers/odr/.

10.3. Waiver and Severability

Lynk’s failure to exercise or enforce any right or provision of these Terms does not constitute a waiver of that right or provision. If any provision of the Terms is deemed invalid or unenforceable by a competent court, the other provisions remain in force. The invalid provision will be interpreted to best reflect the parties’ original intent, as permitted by law.

10.4. Entire Agreement

These Terms (along with any additional agreed contract or addendum, such as an Enterprise contract, DPA, or specific offer terms) constitute the entire agreement between you and Lynk regarding the use of the Services, superseding any prior agreements (written or oral) on the same subject. No statement, promise, or commitment not expressly stated in this document binds the parties.

You acknowledge that in agreeing to these Terms, you do not rely on any representation made by Lynk or its representatives not expressly recorded in these Terms.

10.5. Assignment

You may not assign or transfer your rights or obligations under these Terms, in whole or in part, without Lynk’s prior written consent (any unauthorized assignment attempt is void). Lynk may assign the contract or any rights/obligations to any subsidiary or successor entity (e.g., in case of merger, acquisition, or sale of business related to the Services), with appropriate notification. The Terms bind and benefit the parties’ authorized successors and assignees.

10.6. Relationship of the Parties

The parties are independent contractors. The Terms do not create any agency, partnership, joint venture, employment, or franchisor-franchisee relationship between you and Lynk. Neither party has the authority to bind the other or act on their behalf, except as expressly agreed in writing.

10.7. Notifications

Lynk may send you notifications via email (to the address associated with your account), announcements on our website or user interface, or postal mail (if you provided a physical address for legal matters). You are responsible for keeping your contact details updated and regularly checking Lynk’s communications.

You may send notifications to contact@getlynk.co for ordinary communications. For legal notifications (e.g., termination for cause, disputes), please send them in writing to our registered postal address (listed in the site’s legal notices).

Electronic notifications are deemed received 24 hours after sending, unless the sender receives an error message indicating non-delivery. Postal notifications are presumed delivered 5 business days after sending (if domestic) or 10 days (if international).

10.8. Headings and Interpretation

Headings and subheadings in these Terms are for readability but have no legal effect. Unless the context indicates otherwise: (a) singular includes plural and vice versa; (b) “including” means “including without limitation”; (c) references to laws or regulations include their amendments or replacements.

10.9. Contract Language

This agreement is drafted in French. If a translation is provided, the French version prevails in case of interpretation discrepancies.

(If our site targets an international audience, we could add a note about a possible English version. Here, French appears to be the reference language.)

10.10. Customer Support

For any questions about these Terms or our Services, or for assistance, you can contact the Lynk team at support@lynk.ai or via the channels listed on our website. We will strive to assist you promptly.

By clicking “I Accept” or continuing to use Lynk, you confirm that you have read and understood these Terms of Use and agree to be bound by them. Thank you for your trust, and we look forward to helping you harness the power of Lynk for your projects! Enjoy using Lynk!