Privacy Policy
Last updated: March 2, 2026
This Privacy Policy applies to all users of ConnectTwelve, including users in the European Economic Area (EEA), United Kingdom, and California. We are committed to full compliance with the General Data Protection Regulation (GDPR), UK GDPR, and the California Consumer Privacy Act (CCPA).
1. Data Controller Information
ConnectTwelve ("we," "us," or "our") is the data controller responsible for your personal data. We operate the website at connecttwelve.com and the ConnectTwelve link-in-bio platform. For any privacy-related inquiries, you may contact us at [email protected].
2. Information We Collect
We collect information you provide directly to us, information collected automatically when you use the Service, and information from third-party sources.
Information You Provide
When you create an account, we collect your name, email address, and authentication credentials. When you subscribe to a paid plan, payment information is processed by our payment processor Stripe and we store only a reference identifier — we never store your full card number or CVV. When you create link trees, we collect the links, titles, descriptions, and customization settings you provide.
Information Collected Automatically
When you use the Service, we automatically collect log data including your IP address, browser type, operating system, referring URLs, pages visited, and timestamps. When visitors click links on your public profile pages, we collect anonymized click data, referrer information, and general geographic location (country/region level) for analytics purposes.
Cookies and Tracking Technologies
We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze Service usage. Please see our Cookie Policy for detailed information about the cookies we use and how to manage them.
3. Legal Basis for Processing (GDPR)
For users in the EEA and UK, we process your personal data under the following legal bases as defined by the GDPR:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Contract performance (Art. 6(1)(b)) |
| Processing subscription payments | Contract performance (Art. 6(1)(b)) |
| Providing link tree and analytics features | Contract performance (Art. 6(1)(b)) |
| Sending transactional emails | Contract performance (Art. 6(1)(b)) |
| Sending marketing emails | Consent (Art. 6(1)(a)) |
| Analytics and service improvement | Legitimate interests (Art. 6(1)(f)) |
| Fraud prevention and security | Legitimate interests (Art. 6(1)(f)) |
| Legal compliance and record-keeping | Legal obligation (Art. 6(1)(c)) |
4. How We Use Your Information
We use the information we collect to provide, maintain, and improve the Service; process transactions and send related information including purchase confirmations and invoices; send technical notices, updates, security alerts, and support messages; respond to your comments and questions; send marketing communications where you have consented; monitor and analyze usage trends to improve the user experience; detect and prevent fraudulent transactions and other illegal activities; and comply with legal obligations.
5. Data Sharing and Third Parties
We do not sell your personal data to third parties. We share your information only in the following circumstances:
Service Providers: We share data with trusted third-party service providers who assist us in operating the Service, including Stripe (payment processing), cloud hosting providers, and email delivery services. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership.
6. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States. When we transfer personal data from the EEA or UK to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms. By using the Service, you consent to such transfers.
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, accounting, or regulatory purposes. Analytics data is retained in aggregated, anonymized form indefinitely for service improvement purposes.
8. Your Rights (GDPR & CCPA)
Depending on your location, you have the following rights regarding your personal data:
| Right | GDPR | CCPA |
|---|---|---|
| Access your personal data | ✅ Art. 15 | ✅ |
| Correct inaccurate data | ✅ Art. 16 | ✅ |
| Delete your data ("right to be forgotten") | ✅ Art. 17 | ✅ |
| Restrict processing | ✅ Art. 18 | — |
| Data portability | ✅ Art. 20 | ✅ |
| Object to processing | ✅ Art. 21 | ✅ (opt-out) |
| Withdraw consent | ✅ Art. 7(3) | ✅ |
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or 45 days for complex requests). We may ask you to verify your identity before processing your request. You also have the right to lodge a complaint with your local data protection authority.
9. Children's Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. If you believe that a child under 13 has provided us with personal information, please contact us at [email protected].
10. Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit using TLS/SSL, secure password hashing, regular security assessments, and access controls limiting who can access personal data. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide a more prominent notice, such as an email notification. Your continued use of the Service after any changes constitutes your acceptance of the new Privacy Policy.
12. Contact and Data Protection Officer
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
EEA and UK users have the right to lodge a complaint with their local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.