Privacy Policy

1. Introduction

This privacy policy explains how LinkVerse.Work collects, uses and protects your personal data. Written to be understood, not to confuse you.

2. Data we collect

We collect only what is strictly needed for the service to work and to give you a good experience.

2.1 Account data

• Name and username
• Email address
• Password (always encrypted)
• Preferred language and timezone

2.2 Usage data

• Access logs and IP addresses (for security)
• Spaces you create and join
• Technical metrics (browser, OS)

3. How we use your data

Your data is only used to:

• Operate and maintain the service
• Authenticate your session and keep you logged in
• Communicate with you (notifications, support)
• Improve the platform with aggregated data
• Comply with legal obligations

4. Who has access

We do not share data with third parties except essential processors (Stripe for payments, Cloudflare for CDN edge/security/R2 storage, Google Workspace for transactional email delivery), and only what is strictly necessary.

4.1 Self-hosting of external assets (CDN-free)

To minimize exposure of your IP to third parties and meet GDPR by default, we host locally all visual assets and libraries that would typically be loaded from external CDNs:

• Typography: Inter and Montserrat are served from our own server (not from fonts.googleapis.com / fonts.gstatic.com). Your IP never reaches Google servers just by loading typography.
• JS/CSS libraries: FontAwesome, normalize.css, animate.css, particles.js, flag-icons — all served from linkverse.work. No connection to cdnjs, jsDelivr, unpkg, or similar.
• Zero cross-origin requests to CDNs: All baseline browsing (HTML, CSS, JS, fonts, images) is served from our domain. You can verify by opening browser DevTools → Network — you will not see requests to third-party domains without your explicit consent.

The only exceptions are analytics and payment processing scripts: these are only loaded after your explicit consent (Google Tag Manager / Google Analytics 4 / Microsoft Clarity / Cloudflare Web Analytics — only if you accept the "Analytics" category in the cookie banner; Stripe.js — only during checkout). See the Cookie Policy for details.

5. Your rights (GDPR)

You have full rights over your data:

• Access: Request a copy of everything we hold about you
• Rectification: Correct inaccurate or outdated data
• Erasure: Request permanent deletion of your account
• Portability: Receive your data in a structured format
• Objection: Object to certain types of processing

6. How we protect it

We apply industry best practices:

• TLS 1.3 for all communication
• bcrypt hashing for passwords
• Daily offsite backups (encrypted at rest by Cloudflare R2)
• Role-based restricted access

7. How long we keep it

We keep your data while your account is active. After deletion, backups are rotated (daily up to 14 days, weekly up to 8 weeks, monthly up to 24 months); manual scrub can be requested in specific cases. Security logs: 2 months.

8. Minors

LinkVerse.Work is not intended for users under 13. We do not knowingly collect data from children.

9. Changes to this policy

We may update this policy. Significant changes will be communicated by email 30 days in advance.

10. Contact

11. Supervisory authority

If you feel we have not responded properly, you may file a complaint with the relevant authority:

• Portugal: CNPD