Skip to content
Phoenixtech|Links

Legal

Privacy Policy

What personal data we collect when you use Phoenixtech | Links, why we collect it, who we share it with, and your rights under EU/Greek law.

Last updated: 30 April 2026

Who is the data controller

Phoenixtech, based in Athens, Greece, is the data controller for personal data processed through links.phx.gr. Any privacy question goes to [email protected].

We try to keep this notice short and specific. If you'd prefer a longer-form lawyer version, ask us and we'll send one.

What we collect

1. Account data

When you sign up:

  • Email address
  • A username (your public slug)
  • Display name and bio (you choose what to put here)
  • Avatar image you upload (optional)

2. Page content

When you build your profile page:

  • Block titles, URLs, text body, and ordering
  • Theme preferences (preset, accent, button style, button corners, background)
  • Social links you add
  • Visibility flags on each block and social

3. Visitor analytics

When someone visits your public page or clicks a link on it, we record:

  • Page-view event with timestamp
  • Click event for each link
  • Hashed IP address — we don't store the raw IP, we hash it for fraud and abuse purposes
  • User agent string
  • Referrer (where the visitor came from)
  • Approximate device type (mobile or desktop) and country, derived from IP at the moment of the event

We do not collect the names or email addresses of people who visit your public page.

4. Billing data (when Pro launches)

When paid Pro launches in a future product update, billing is handled by our merchant of record, Paddle. We receive a customer ID, subscription state, and basic invoice metadata from Paddle. We do not see card numbers or full payment details.

Why we collect it

Each category has a specific purpose and a GDPR Article 6 basis:

DataPurposeLegal basis
AccountProvide the service you signed up forContract
Page contentRender your public profileContract
Visitor analyticsShow you how your page performs; detect abuse; improve the serviceLegitimate interest
Billing (future)Process payment, comply with tax lawContract + legal obligation

We do not use your data for advertising, profiling, or selling to third parties. There is no advertising layer in this product, and there are no plans to add one.

Who we share with

We use a small set of processors to operate the service. Each is bound by a data-processing agreement.

ProcessorRoleRegion
SupabaseDatabase, authentication, file storage, email deliveryEU
HostingerWeb hostingEU
Paddle (Paddle.com Market Limited)Billing, tax, refunds — merchant of record. Active once Pro launches; not in use today.UK / global

We do not share personal data with any other party except where legally required (e.g. a valid court order from a competent authority).

International transfers

Supabase processing happens in our EU region. When billing goes live, Paddle — UK-based — processes transactional data internationally under the UK adequacy decision and standard contractual clauses where applicable.

How long we keep data

  • Account data and page content: kept while your account exists. When you ask us to delete your account, we erase the account, page, blocks, social links, and uploaded files within 14 days.
  • Visitor events: kept for as long as needed to provide you with analytics. We will publish a formal retention window (likely 13 months rolling, with older events aggregated to monthly summaries) before we add this as an automated process; we will revise this section when we do.
  • Billing records (once Pro launches): 7 years from the transaction date, as required by Greek tax law.
  • Hashed IPs in events: never re-identifiable; retained alongside the event and dropped with the event.

Backup snapshots of the database may persist briefly during normal operations and are routinely overwritten.

Your rights under GDPR

You can:

  • Access the data we hold about you — we'll send a JSON copy
  • Rectify anything that's wrong (most fields you can edit yourself in the dashboard)
  • Erase your data — we'll delete your account, page, and uploaded files within 14 days. Self-service deletion from the dashboard is on our roadmap.
  • Restrict processing in certain cases
  • Object to processing based on legitimate interest (e.g. visitor analytics)
  • Port your data — we'll provide a JSON export of your account, page, and events
  • Withdraw consent where consent is the basis (none today; relevant once we add optional analytics)

To exercise any of these, email [email protected]. We respond within 30 days as required by GDPR.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα) if you think we've handled your data poorly.

Cookies

We currently use only strictly necessary cookies. The full list lives on the Cookie Policy. Once Pro launches, Paddle.js may set cookies during checkout — that will be disclosed there before checkout goes live.

Children

This service isn't designed for users under 16. If you're under 16, please don't sign up. If we discover we've collected data from a minor, we delete it.

Changes to this policy

If we make material changes (a new processor, a new data category, a longer retention window), we'll email registered users at least 14 days before the change takes effect. Cosmetic changes update the "Last updated" date without notification.

Contact

For anything privacy-related — [email protected].