Privacy Policy

This Privacy Policy explains how Link Skipper ("Link Skipper", "we", "us") processes your personal data when you use our website, our Telegram bot and mini app, and our developer API (together, the "Service"). Link Skipper is the data controller responsible for that processing.

If you have any question about this policy or about how your data is handled, or if you want to exercise any of the rights described below, you can contact us by email at [email protected]. We deal with privacy enquiries through the same address.

Telegram identity. When you sign in with Telegram, we receive and store the identity details Telegram passes to us through the login: your Telegram user ID, your username if you have one, your first and last name as set on Telegram, and your interface language. We use these to create and recognise your account.

Account data. We store the account we create for you, your settings, your daily free-resolve allowance, your current credit balance, and the developer API keys you generate. API keys are credentials that authenticate requests to our API on your behalf.

Purchase and payment records. When you buy credits we store records of the transaction: the pack purchased, the amount, the currency, the status, timestamps, the order or transaction reference, and the customer identifier our payment provider returns so we can link the purchase to your account. We never receive or store your full card number, card expiry, or security code.

Resolve and usage data. We process the shortened links you submit so we can resolve them and return the destination to you, and we keep usage records such as the number of resolves you make, your remaining allowance, credit deductions, and the API key used for each request.

Technical data. Like any online service, our systems and our infrastructure providers process technical data including your IP address, device and browser information, request timestamps, and similar diagnostic data, together with cookies and similar technologies used to keep you signed in and to keep the Service secure and reliable.

We process your data to create and manage your account and authenticate you through Telegram; to provide the core link-resolving Service across the website, the bot and mini app, and the API; to operate your free allowance, credit balance, and API keys; and to process your purchases and credit your account.

We also process data to issue receipts and handle billing matters, refunds, and disputes; to keep the Service secure and to detect, prevent, and investigate fraud, abuse, and misuse; to comply with our legal, accounting, and tax obligations; and to maintain, troubleshoot, and improve the Service.

We do not sell your personal data, and we do not use it for unrelated advertising or profiling.

Where Turkish data protection law (the KVKK, Law No. 6698) applies, we rely on the conditions in Articles 5 and 6: processing necessary for the establishment or performance of the contract between us, processing necessary to comply with our legal obligations, processing necessary for our legitimate interests where those are not overridden by your rights, and your explicit consent where it is required.

Where the EU/EEA General Data Protection Regulation (GDPR) applies because you are located there, we rely on Article 6: performance of our contract with you to provide the Service and complete your purchases (Art. 6(1)(b)); our legitimate interests in securing the Service, preventing abuse and fraud, and improving what we offer (Art. 6(1)(f)); compliance with our legal obligations such as accounting and tax record-keeping (Art. 6(1)(c)); and your consent where we ask for it (Art. 6(1)(a)), which you may withdraw at any time.

We share personal data only with the service providers we need to run the Service, and only to the extent necessary. These providers act as our processors or, where the law treats them as such, as independent controllers in their own right.

Payments. Card and other off-Telegram payments are handled by Dodo Payments acting as our Merchant of Record. Dodo Payments receives the payment data needed to take and settle your payment and operates under its own privacy policy as an independent controller for that processing. In-Telegram payments are handled through Telegram Stars under Telegram's own terms. From these providers we receive only the purchase result and a provider customer identifier, which we link to your account.

Telegram. Because sign-in and the bot and mini app run on Telegram, Telegram processes data inherent to using its platform under its own privacy policy.

Hosting and infrastructure. We use hosting, database, and infrastructure providers to run and store the Service. They process data on our behalf under contractual confidentiality and security commitments.

Analytics. We use Google Analytics, provided by Google, to measure traffic and understand how the Service is used. Google processes the analytics data described in the cookies section on our behalf, under its own terms and privacy policy.

We may also disclose data where we are legally required to do so, to enforce our terms, or to protect the rights, safety, and security of Link Skipper, our users, or the public.

Some of our providers, including our payment and infrastructure partners, may process data outside your country, including outside Türkiye and the EU/EEA. Where we transfer personal data internationally, we do so in line with applicable law: under the KVKK on the legal grounds it allows for cross-border transfers, and under the GDPR on the basis of an adequacy decision or appropriate safeguards such as the European Commission's standard contractual clauses.

You can contact us at [email protected] for more information about the safeguards that apply to a specific transfer.

We keep your account data for as long as your account exists. If you ask us to delete your account, we delete or anonymise the associated data, except where we must keep certain records.

We retain purchase, payment, and invoicing records for the periods required by applicable accounting, tax, and consumer-protection law. We keep security and abuse-prevention logs for as long as needed for those purposes, and resolve and usage data only for as long as needed to provide the Service and to protect it against misuse.

Under the KVKK (Article 11) you have the right to learn whether your data is processed and to request information about it, to know the purpose of processing and whether it is used accordingly, to know the third parties to whom it is transferred, to request correction of incomplete or inaccurate data, to request its deletion or destruction, to request that any correction or deletion be notified to third parties, to object to outcomes that result from automated analysis, and to claim compensation for damage caused by unlawful processing.

Where the GDPR applies, you have the rights of access, rectification, erasure, restriction of processing, data portability, and objection to processing, as well as the right to withdraw any consent you have given without affecting prior processing.

To exercise any of these rights, contact us through the Telegram bot or by email at [email protected]. We will respond within the time limits set by applicable law. Some rights are subject to records we are required to keep for legal, accounting, and anti-fraud purposes.

On our website we use strictly necessary cookies and similar technologies to keep you signed in, to remember your preferences such as your language, and to keep the Service secure. These are essential to providing the Service you request.

We also use Google Analytics, a service provided by Google, to measure traffic and understand how the Service is used. It sets analytics cookies and processes data such as your IP address, device and browser information, and the pages you visit, acting as a processor on our behalf. We use it for analytics only, not for advertising.

You can control or delete cookies through your browser settings, and you can opt out of Google Analytics using Google's opt-out browser add-on. Disabling essential cookies may stop parts of the Service from working.

The Service is intended for adults and is not directed at children. We do not knowingly collect personal data from children below the age required to consent to online services in their country.

If you believe a child has provided us with personal data, contact us at [email protected] and we will take appropriate steps to delete it.

We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration, and disclosure, including access controls, encryption in transit, and the practice of never storing card numbers ourselves.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security; we keep our measures under review and improve them over time.

We may update this Privacy Policy from time to time. When we make material changes we will update the date shown above and, where appropriate, give notice through the Service. The policy is effective as of the date shown at the top of this page.

If you believe your data has been processed unlawfully you can contact us first at [email protected] so we can address it. You also have the right to lodge a complaint with the Turkish Personal Data Protection Authority (KVKK Kurumu) and, if you are in the EU/EEA, with the supervisory authority of your country of residence, place of work, or the place of the alleged infringement.