Affiliyo

Legal/Privacy

Privacy policy.

Last updated 20 April 2026

This policy explains what personal data Affiliyo collects, what we do with it, and the rights you have over it. Plain language, no dark patterns.

Who we are

Affiliyo is an affiliate link monitoring service. We act as the data controller for the personal data described below. For privacy questions, email affiliyo.mail@gmail.com.

What we collect

  • Account data. Email address and a hashed password when you sign up. Optional name if you set it.
  • Link data. The URLs you ask us to monitor, the slugs you create, and the check history (status codes, AI verdicts, response times).
  • Click events. If you use managed URLs, we record timestamps, referring domain, and anonymized IP when someone clicks a managed URL. We do not store the full IP address or build visitor profiles.
  • Billing data. If you upgrade, Stripe handles payment. We receive a customer ID and subscription status. We never see your card details.
  • Support correspondence. If you email us, we keep the thread.

How we use it

We use the data you provide to run the service you asked for: monitoring your links, sending alerts when they break, processing payments if you upgrade, and responding to support. We don't sell your data. We don't share it with advertisers. We don't use it to train AI models.

Third parties we use

A small number of services process data on our behalf:

  • Stripe. Payments. Sees your card details, never us.
  • Postmark. Transactional email (alerts, account email).
  • Groq. AI-powered page analysis for availability checks. We send a short extract of the destination page; not your personal data.
  • Hetzner. Server hosting (EU).
  • Cloudflare Web Analytics. Aggregate page views. Cookie-less, no personal identifiers, no cross-site tracking. We see totals, not individuals.
  • Google reCAPTCHA. Spam protection on the waitlist form. Google receives the request token and may use technical signals (browser metadata, mouse movement, etc.) to score whether the visitor is human. Subject to Google's privacy policy.

How long we keep it

Active account data is kept while your account is active. If you delete your account, we purge personal data within 30 days. Managed URL redirects survive account deletion. They keep working so your audience isn't affected. But the identifying account link is removed.

Link check history is kept for 30 days on Starter and 90 days on Pro, then aggregated and the raw records deleted.

Your rights

Under GDPR, you can request access to your data, correction of inaccurate data, deletion (the "right to be forgotten"), portability, and restriction of processing. Email affiliyo.mail@gmail.com. We respond within 30 days.

If you're in the EU and believe we're mishandling your data, you also have the right to lodge a complaint with your national data protection authority.

Cookies

We use a minimal set of cookies, mostly for session management and security. Full detail is on the cookie policy.

Security

Data is encrypted in transit (HTTPS) and at rest. Passwords are hashed with bcrypt. Production access is limited to a small number of people. We don't run copies of production data on developer machines.

Changes to this policy

If we materially change this policy, we'll note it at the top of this page and email active accounts. Small typo fixes and clarifications don't trigger notification.

Contact

Privacy questions, data requests, or anything unclear, email affiliyo.mail@gmail.com.