Privacy Policy

Last updated: April 2026

1. Introduction

Link123 ("we," "us," or "our") operates the Link123 mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy. Our architecture is built on zero-knowledge principles and end-to-end encryption, meaning that for encrypted content, even we cannot access your data.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you register, we collect your email address, username, and password (stored as a cryptographic hash; we never store your plaintext password).
  • Profile Information: You may optionally provide a display name, avatar, and bio.
  • Content: You may create and store various content types including notes, bookmarks, contacts, locations, voice memos, tags, files, and more. Content you designate as encrypted is end-to-end encrypted on your device before transmission.
  • Communications: Messages you send through our messaging feature. Messages in encrypted conversations are end-to-end encrypted and cannot be read by us.

2.2 Information Collected Automatically

  • Device Information: Device type, operating system version, and unique device identifiers for push notification delivery.
  • Usage Data: Anonymous, aggregated usage statistics to improve the Service. This does not include the content of your data.
  • Log Data: Server logs that record IP addresses, request timestamps, and error information. These logs are retained for a limited period for operational and security purposes.

2.3 Information We Do Not Collect

  • We do not read or access your end-to-end encrypted content.
  • We do not collect your location data unless you explicitly create a location entry.
  • We do not access your device contacts, photos, or files unless you explicitly choose to import them.

3. End-to-End Encryption

Link123 implements end-to-end encryption (E2EE) using a zero-knowledge architecture. Here is what this means for you:

  • Device-Side Encryption: When you enable encryption for content, your data is encrypted on your device using keys derived from your credentials before it is sent to our servers.
  • Zero-Knowledge Storage: Our servers store only encrypted ciphertext for E2EE content. We do not possess the keys to decrypt it. We cannot read, analyze, or share your encrypted data.
  • Key Management: Encryption keys are derived on your device. Your Data Encryption Keys (DEK) are protected by your account credentials and are never transmitted in plaintext.
  • Encrypted Messaging: Private conversations use per-session encryption keys. Messages are encrypted before leaving your device and can only be decrypted by the intended recipients.
  • Dual-Field Architecture: Each content field exists as either plaintext or encrypted ciphertext, never both simultaneously. This ensures clear data isolation.

Important: Because we cannot access your encryption keys, if you lose access to your account credentials, we cannot recover your encrypted data. We recommend keeping a secure backup of your recovery information.

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Process your account registration and manage your account.
  • Deliver messages between users (encrypted messages are transmitted as ciphertext).
  • Provide graph-based content discovery and recommendation features using only non-encrypted metadata.
  • Send service notifications (e.g., security alerts, account updates).
  • Detect, prevent, and address technical issues, fraud, and security threats.
  • Comply with legal obligations.

We do not use your encrypted content for advertising, profiling, or any purpose other than delivering it to you and your intended recipients.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information only in the following circumstances:

  • With Your Consent: When you explicitly choose to share content with other users or make it publicly visible through audience controls.
  • Service Providers: We may engage trusted third-party service providers for hosting, analytics, and error monitoring (e.g., cloud infrastructure, crash reporting). These providers are contractually bound to protect your data and are prohibited from using it for any other purpose.
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request. For encrypted content, we can only provide the encrypted ciphertext, as we do not have the decryption keys.
  • Safety: If we believe disclosure is necessary to protect the safety of our users or the public.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you. For encrypted data, we will provide the encrypted ciphertext.
  • Rectification: You can update or correct your account and profile information at any time through the app.
  • Deletion: You can request deletion of your account and associated data. Upon account deletion, your data will be permanently removed from our active systems within 30 days and from backups within 90 days.
  • Data Portability: You can export your data in a standard machine-readable format.
  • Restriction of Processing: You can request that we restrict the processing of your personal data under certain conditions.
  • Objection: You can object to the processing of your personal data for certain purposes.
  • Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at info@link123.ie. We will respond to your request within 30 days.

7. Data Retention

  • Active Accounts: We retain your data for as long as your account is active and as needed to provide the Service.
  • Deleted Content: When you delete content, it is soft-deleted and retained for 30 days (to support undo functionality), after which it is permanently removed.
  • Account Deletion: Upon account deletion, personal data is purged from active systems within 30 days and from encrypted backups within 90 days.
  • Server Logs: Operational logs are retained for up to 90 days for security and debugging purposes.
  • Legal Holds: We may retain data for longer periods when required by applicable law or legal proceedings.

8. Data Security

We implement robust security measures to protect your data:

  • End-to-end encryption for sensitive content and private messages.
  • TLS 1.3 encryption for all data in transit.
  • Encryption at rest for server-stored data.
  • Regular security audits and penetration testing.
  • Strict access controls and authentication for server infrastructure.
  • PII filtering in error monitoring and logging systems.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our protections.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place, including standard contractual clauses approved by relevant data protection authorities. For encrypted content, the data remains encrypted during any transfer.

10. Children's Privacy

The Service is not intended for children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe your child has provided us with personal data, please contact us at info@link123.ie.

11. Third-Party Links and Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to read the privacy policies of any third-party services you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide a more prominent notice (such as an in-app notification or email). Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: