Privacy Policy

1. Introduction

Link123 ("we," "us," or "our") operates the Link123 mobile application and website at link123.ie (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy. Our architecture is built on zero-knowledge principles and end-to-end encryption, meaning that for encrypted content, even we cannot access your data.

Link123 is operated from Ireland. We are committed to protecting your data in accordance with the principles of the General Data Protection Regulation (GDPR). While we continuously work to align our practices with GDPR standards, if you have any data-related requests, we will process them following the GDPR framework.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you register, we collect your email address or phone number, username, and password (stored as a cryptographic hash using PBKDF2 with 600,000 iterations; we never store your plaintext password).
• Profile Information: You may optionally provide a display name, avatar, and bio.
• Content: You may create and store 13 content types: text memos, voice memos, content groups (media bundles), locations, people, organizations, tags, web bookmarks, structured data, life events, attachments, narration subtitles, and articles. Content you designate as encrypted is end-to-end encrypted on your device before transmission.
• Communications: Messages you send through our messaging feature. Messages in encrypted conversations are end-to-end encrypted and cannot be read by us.
• AI Interactions: Content you voluntarily submit to AI features (such as text for summarization, images for analysis, or prompts for content generation). See Section 5 for details.

2.2 Information Collected Automatically

• Device Information: Device type, operating system version, and unique device identifiers for push notification delivery.
• Usage Data: Anonymous, aggregated usage statistics to improve the Service. This does not include the content of your data.
• Log Data: Server logs that record IP addresses (stored in masked/anonymized form), request timestamps, and error information. These logs are retained for a limited period for operational and security purposes.
• Login Activity: Login timestamps, approximate location (city/country level derived from IP), and session information for security purposes.
• Search Queries: Search terms you enter (e.g., unified search across your MySpace, topic feed search) are processed in real-time. A small portion may be retained in aggregated/de-identified form to improve search ranking and Topic recommendations. We do not store your raw search history linked to your identity beyond service improvement purposes.

2.3 Information We Do Not Collect by Default

• We do not read or access your end-to-end encrypted content.
• We do not use cookies for tracking or advertising on our website.
• We do not access your contacts, photos, calendar events, microphone, or location by default. Each is accessed only when you actively trigger the corresponding feature in the app:
  • Contacts — when you tap "Find Friends" to discover Link123 users in your address book.
  • Photos / Videos — when you upload media to a content group, voice memo cover, or message attachment.
  • Microphone — when you record a voice memo or audio message.
  • Location — when you create a location entry or share a live location in a message.
  • Calendar — when you enable iOS Calendar sync for smart event suggestions (see Section 5.5).

3. End-to-End Encryption

Link123 implements end-to-end encryption (E2EE) using a zero-knowledge architecture. Here is what this means for you:

• Device-Side Encryption: When you enable encryption for content, your data is encrypted on your device using keys derived from your credentials before it is sent to our servers.
• Zero-Knowledge Storage: Our servers store only encrypted ciphertext for E2EE content. We do not possess the keys to decrypt it. We cannot read, analyze, or share your encrypted data.
• Key Management: Encryption keys are derived on your device. Your Data Encryption Keys (DEK) are protected by your account credentials and are never transmitted in plaintext.
• Encrypted Messaging: Private conversations use per-session encryption keys. Messages are encrypted before leaving your device and can only be decrypted by the intended recipients.
• Dual-Field Architecture: Each content field exists as either plaintext or encrypted ciphertext, never both simultaneously. This ensures clear data isolation.

Important: Because we cannot access your encryption keys, if you lose access to your account credentials and recovery mechanisms, we cannot recover your encrypted data. We recommend keeping a secure backup of your recovery information.

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service.
• Process your account registration and manage your account.
• Deliver messages between users (encrypted messages are transmitted as ciphertext).
• Provide graph-based content discovery and recommendation features using only non-encrypted metadata (such as content type, creation date, and tags you have made public).
• Send service notifications (e.g., security alerts, account updates).
• Detect, prevent, and address technical issues, fraud, and security threats.
• Monitor errors and service health through privacy-preserving error tracking (see Section 6).
• Comply with legal obligations.

We do not use your encrypted content for advertising, profiling, or any purpose other than delivering it to you and your intended recipients.

5. AI Features and Third-Party AI Providers

The Service includes AI-powered features for content creation, analysis, and assistance. When you use AI features, certain content you submit may be processed by third-party AI service providers. Here is how this works:

5.1 AI Service Providers

We use the following third-party AI providers:

• OpenAI (USA) — Text generation, content summarization, entity extraction, image analysis, voice transcription (Whisper), and text-to-speech.
• Google Cloud AI (USA/EU) — Text generation (Gemini), image generation (Imagen), text-to-speech (Chirp), and translation services.
• Fish Audio — Text-to-speech for narration and subtitle audio generation.
• HeyGen (USA) — AI avatar video generation (digital human videos).

We may add or change AI providers over time. Material changes will be reflected in updates to this policy.

5.2 What Data Is Sent to AI Providers

• Only content you explicitly submit to an AI feature is sent to the provider (e.g., text you ask the AI to summarize, images you ask it to analyze).
• E2EE content is never automatically sent to AI providers. If you choose to use an AI feature on encrypted content, the content is decrypted locally on your device and then submitted to the AI feature by your explicit action.
• We do not send your private messages, passwords, encryption keys, or account credentials to AI providers.
• API usage metadata (token counts, response times) is logged for billing and service monitoring, but does not include your content.

5.3 AI Provider Data Handling

Our agreements with AI providers require them to process your data solely for the purpose of providing the requested AI service. Your content is not used to train or improve AI models. Data submitted to AI features is processed in real-time and is not retained by the AI provider after the response is delivered (subject to each provider's data handling policies). Please refer to each provider's privacy policy for their specific data handling practices:

• OpenAI: openai.com/policies/privacy-policy
• Google Cloud: cloud.google.com/terms/cloud-privacy-notice
• HeyGen: heygen.com/privacy

5.4 MCP Server and AI Client Access (Launched 2026-04-25)

Link123 operates an MCP (Model Context Protocol) Server at mcp.link123.ie that allows external AI clients (such as Claude Desktop, Claude Web Pro/Enterprise, and other MCP-compatible AI assistants) to access your MySpace content on your behalf. This access is entirely opt-in and under your control:

• Explicit Authorization Required: No AI client can access your data unless you complete an OAuth 2.0 authorization flow (PKCE S256 + Dynamic Client Registration). You see the requested permission scopes (e.g., "read memos", "create voice memos") before granting access.
• Scope-Limited Access: Permissions follow the principle of least privilege. We provide three preset scope bundles — reader (read-only), creator (read + create), and full (including delete). We strongly recommend authorizing only what you need.
• E2EE Content Cannot Be Decrypted by AI Clients: End-to-end encrypted MySpace entities (e.g., E2EE TextMemo, E2EE messages) are returned to AI clients as encrypted ciphertext only. The AI client cannot read your E2EE content because the decryption keys never leave your device.
• Two-Factor Confirmation for High-Risk Actions: Operations such as content deletion, public publishing, or AI delegate tasks trigger a push notification to your Link123 mobile app. You must approve the action with diff preview before it is executed.
• Instant OAuth Revocation: You can revoke any AI client's access at any time in the Link123 app (Settings → Authorized Applications). All access tokens and refresh tokens for that client are invalidated immediately, and the AI client loses access without delay.
• GDPR Article 30 Audit Logs: Every tool call (read, write, delete) is recorded in an internal audit log (MCPAuditLog) including the actor (AI client), the requested scope, the parameters, and the outcome. You can request a copy of your audit log via Section 8 (Your Data Rights).
• 30-Day Token Lifetime + Refresh Rotation: Access tokens expire after 30 days by default. Refresh tokens rotate on each use; if a refresh token is reused (indicating possible theft), the entire token family is revoked.
• Tool calls go through Link123 servers: The AI client communicates with mcp.link123.ie over HTTPS. The MCP Server then queries your MySpace data and returns the result to the AI client. AI clients do not connect directly to your databases or storage.

The MCP Server runs on the same EU-based infrastructure (Google Cloud europe-west1) as the rest of the Service. Audit logs and OAuth tokens are stored alongside other account data and follow the retention rules in Section 9. For configuration steps and detailed OAuth flow questions, please contact us at link123.ie/contact.

5.5 Calendar Sync (iOS / macOS)

If you choose to enable iOS / macOS Calendar sync, Link123 reads events from your Apple Calendar via the EventKit framework and converts them into Life Events in your Link123 MySpace. This integration is entirely opt-in:

• Permission Required: The first sync triggers a system permission dialog (NSCalendarsFullAccessUsageDescription on iOS 17+, NSCalendarsUsageDescription on iOS 14-16). You can revoke access at any time in iOS Settings → Privacy → Calendars → Link123 (or System Settings → Privacy & Security → Calendars on macOS).
• Two-Way Sync with Loop Prevention: Calendar events you accept smart suggestions on (e.g., adding a person to an event) are written back to your Apple Calendar event notes. We track last_pulled_at and last_pushed_at timestamps to prevent infinite sync loops.
• E2EE Calendar Events Are Excluded: If you mark a Life Event as encrypted in Link123, Calendar sync will skip it to protect your encrypted content.
• No External Calendar Data Transmission: Calendar event contents stay between your device, your Link123 account database, and optionally the AI provider (Gemini Flash) when you request AI suggestions for that event. We do not share calendar data with any other third party.
• Note Tagging Only: When you accept a suggestion to add a person, we append a "Participants: ..." line to the event's notes. Apple's EKEvent.attendees field is read-only on iOS, so we never call private APIs to bypass this.

5.6 AI Smart Recommendations

Link123 includes AI-powered smart recommendations (e.g., suggesting people, places, and organizations for your Life Events; topic feed ranking; entity summaries). Here is how it works:

• Source Data: Recommendations are derived solely from your own private MySpace graph (entities you created, relationships you established, AI memory generated when you create entities). We do not use other users' data to recommend things to you.
• AI Rerank: Candidate entities are reranked by an AI model. By default we use Gemini 2.5 Flash Lite (Google Cloud, EU/US). You can change the model in settings; available options include Gemini 2.5 Flash, Gemini 2.0 Flash, and GPT-4o-mini.
• Caching: Generated suggestions are cached in our PostgreSQL database for up to 24 hours and invalidated when relevant entities change. The cache stores the recommendation reason text (auto-translated for your preferred language using the EnglishTranslationField pattern) but never raw E2EE content.
• User Control: You can ignore any suggestion, force regeneration with a fresh query, or disable AI memory generation per entity (each MySpace entity has an is_memory_enabled toggle).
• E2EE Boundary: AI rerank for E2EE Life Events is blocked at the API layer (returns E2EE_NO_DEK) — encrypted content cannot be sent to AI providers because we do not hold the key.

6. Third-Party Services and Infrastructure

In addition to AI providers, we use the following third-party services to operate the Service:

• Google Cloud Platform (hosting, database, file storage) — Your data is stored on Google Cloud servers in the EU (europe-west1 region). Media files are stored in Google Cloud Storage with server-side encryption.
• CloudFlare (CDN, DNS, DDoS protection) — Handles web traffic routing and security for link123.ie.
• Sentry (error monitoring) — Collects anonymized error reports to help us fix bugs. PII (personal identifiable information) is automatically filtered before transmission to Sentry. No user content is included in error reports.
• Neo4j Aura (graph database) — Stores non-encrypted metadata for knowledge graph features (content relationships, tags, connections). No encrypted content is stored in the graph database.
• Upstash (Redis cache) — Used for temporary session data and background task queuing. Data is encrypted in transit.

7. Data Sharing and Disclosure

We do not sell your personal data. We may share information only in the following circumstances:

• With Your Consent: When you explicitly choose to share content with other users or make it publicly visible through audience controls.
• Service Providers: With the third-party services listed in Sections 5 and 6, solely for the purpose of operating the Service. These providers are contractually bound to protect your data.
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request. For encrypted content, we can only provide the encrypted ciphertext, as we do not have the decryption keys.
• Safety: If we believe disclosure is necessary to protect the safety of our users or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will make reasonable efforts to inform affected users, and any successor entity will be expected to honor this privacy policy or provide its own.

8. Your Data Rights

We are committed to respecting your data rights. Regardless of your location, we will process the following requests in accordance with GDPR principles:

• Access: You can request a copy of the personal data we hold about you. For encrypted data, we can only provide the encrypted ciphertext, as we do not hold the decryption keys.
• Rectification: You can update or correct your account and profile information at any time through the app.
• Deletion (Right to be Forgotten): You can request deletion of your account and associated data. We will make reasonable efforts to remove your data from active systems without undue delay (typically within 30 days), and from backups during our standard backup rotation cycle (typically within 90 days).
• Data Portability: You can export your data in a standard machine-readable format.
• Restriction of Processing: You can request that we restrict the processing of your personal data under certain conditions.
• Objection: You can object to the processing of your personal data for certain purposes.
• Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time.
• Revoke System Permissions: Permissions like Contacts, Calendar, Photos, Microphone, and Location can be revoked at any time in your device settings (iOS / macOS Settings → Privacy → [permission] → Link123). Revoking permissions does not delete data already imported; combine with the deletion right above to fully remove imported data.

To exercise any of these rights, please contact us at info@link123.ie. We aim to respond to your request within 30 days in accordance with GDPR guidelines.

9. Data Retention

• Active Accounts: We retain your data for as long as your account is active and as needed to provide the Service.
• Deleted Content: When you delete content, it is removed from the app immediately but retained in backups for a limited period (typically up to 30 days) to support undo functionality, after which it is permanently removed.
• Account Deletion: Upon account deletion, we make reasonable efforts to purge personal data from active systems without undue delay and from backups during our standard rotation cycle.
• Server Logs: Operational logs are retained for up to 90 days for security and debugging purposes.
• AI Interaction Logs: Metadata about AI feature usage (token counts, timestamps) is retained for billing purposes. The content of your AI interactions is not stored by us after processing.
• AI Memory Index: Stored in your private knowledge graph (Graphiti) and tied to the source entity's lifetime. Deleted automatically when you delete the source entity (cascading via post_delete signal).
• Life Event Suggestions Cache: Cached for up to 24 hours and invalidated when relevant entities change. Applied or dismissed suggestions are retained as historical record for product improvement (no longer counted in active cache).
• Legal Holds: We may retain data for longer periods when required by applicable law or legal proceedings.

10. Data Security

We implement robust security measures to protect your data:

• End-to-end encryption (ChaCha20-Poly1305) for sensitive content and private messages.
• TLS 1.3 encryption for all data in transit.
• Server-side encryption at rest for all stored data.
• Password hashing with PBKDF2 (600,000 iterations, OWASP 2023 standard).
• API credentials encrypted with Fernet symmetric encryption on the server.
• Strict access controls and authentication for server infrastructure.
• PII filtering in error monitoring and logging systems (Sentry).
• Rate limiting and threat detection to prevent abuse.

11. International Data Transfers

Our primary servers are located in the European Union (Google Cloud, europe-west1, Belgium). However, when you use AI features, your submitted content may be processed by AI providers in the United States or other jurisdictions. We strive to put appropriate safeguards in place for such transfers, such as standard contractual clauses where applicable. For encrypted content, the data remains encrypted during any transfer.

12. Children's Privacy

The Service is not intended for children under the age of 16 in the EU/EEA (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe your child has provided us with personal data, please contact us at info@link123.ie.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, particularly during the beta period as the Service evolves. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after such changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: info@link123.ie
• Website: link123.ie/contact