Dualink

Privacy Policy

Last Updated: February 8, 2026

Introduction

dualink.io ("we," "us," "our") respects your privacy. This Privacy Policy explains what information we collect and how we use it in a concise, transparent, and intelligible manner. If you are in the EU/EEA, UK, or California, your data is processed in compliance with GDPR, UK GDPR, or CCPA/CPRA as applicable. We act as the data controller. This Policy complies with applicable data protection laws in the US, EU, and UK, including transparency requirements under these regulations.

Information We Collect

  • Account Information: Name, email, password
  • Payment Information: Processed through Stripe (we don't store full card details)
  • Usage Data: Pages visited, features used, IP address, browser type
  • Cookies: We use essential cookies for authentication, analytics cookies for usage insights. Consent for non-essential cookies is obtained via our cookie consent banner, and you can manage preferences via browser settings or the banner. Opt-out of non-essential cookies does not affect core functionality.

We collect this data based on legitimate interests (e.g., service provision), consent (e.g., cookies), or contractual necessity (e.g., account info).

How We Use Your Information

We use your information for specific purposes:

  • To provide and maintain the Service (contractual necessity)
  • To process payments (contractual necessity)
  • To send transactional emails (legitimate interests)
  • To improve the Service (legitimate interests)
  • To comply with legal obligations (legal requirement)

We do not use your data for automated decision-making or profiling that produces legal effects.

Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers (Supabase, Stripe, AWS SES). We require service providers to adhere to data protection agreements and conduct periodic audits.
  • Legal authorities when required by law

Data may be transferred to the US or other countries. For transfers outside the EU/EEA or UK, we use Standard Contractual Clauses, UK Addendum, or equivalent safeguards to ensure adequate protection under GDPR/UK GDPR. For US transfers under the UK-US Data Bridge or EU-US Data Privacy Framework, we ensure recipients are certified where applicable.

Data Retention

  • Account data: Retained while active, deleted within 30 days upon request
  • Payment records: Retained per legal/tax requirements (e.g., up to 7 years)
  • Usage logs: Retained for 90 days

We retain data only as long as necessary for the purposes outlined, or as required by law.

Your Rights

Depending on your location, you have the following rights under GDPR, UK GDPR, CCPA/CPRA, or other applicable laws:

  • Right to access your data
  • Right to correct inaccurate data
  • Right to request deletion (erasure)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing (e.g., for direct marketing)
  • Right to withdraw consent at any time, without affecting prior processing
  • Right to opt-out of the sale or sharing of personal information (we do not sell or share for targeted advertising)
  • Right not to be subject to automated decision-making
  • Right to non-discrimination for exercising rights (under CCPA/CPRA)

To exercise these rights, contact us at privacy@dualink.io. We will respond within 30 days (extendable under GDPR) or 45 days (under CCPA). If in California, you may use an authorized agent. We verify requests for security.

Security

We implement industry-standard security measures including encryption and secure authentication. Data is encrypted in transit and at rest. In the event of a data breach, we will notify affected users and authorities as required by law (e.g., within 72 hours under GDPR/UK GDPR, or as per US state laws).

Third-Party Services

Our Service uses Supabase, Stripe, and AWS SES. Review their privacy policies. We ensure they comply with applicable data protection laws.

Children

The Service is not intended for users under 13 (US COPPA) or under 16 (GDPR/UK GDPR for consent-based processing). We do not knowingly collect information from children. We may require age verification for certain features and will delete data if we learn it belongs to a child under the applicable age.

Changes to Policy

We may update this policy. We will notify you of material changes via email or on the Service. Continued use indicates acceptance.

Contact

For privacy concerns: privacy@dualink.io. For GDPR/UK GDPR inquiries, you may also contact our Data Protection Officer at dpo@dualink.io. You have the right to lodge a complaint with your local supervisory authority (e.g., ICO in UK, relevant DPA in EU, or AG in California).

← Back to Home