Back to Home
LinkWrangler

Privacy Policy

Version 1.0 Effective Date: [INSERT DATE] Last Updated: [INSERT DATE]

1. Introduction

LinkWrangler Pty Ltd (ACN 694 414 152, ABN 38 694 414 152) ("LinkWrangler," "we," "us," or "our") is committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth), the European General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website at www.linkwrangler.com (the "Site") and our analytics services (collectively, the "Services").

Contact Information: LinkWrangler Pty Ltd Email: privacy@linkwrangler.com

2. Information We Collect

2.1 Customer Account Information

When you create an account with LinkWrangler, we collect:

  • Full name
  • Email address
  • Company name and details
  • Password (stored as a cryptographic hash)
  • Billing information (processed and stored by Stripe; we do not store credit card details)
  • User roles and permissions within your organization
  • Communication preferences (opt-in/opt-out for product updates and marketing)

2.2 Scan Event Data

When an end-user scans a GS1 Digital Link QR code that uses our Services, we collect:

  • Timestamp of the scan
  • Location data (GPS coordinates where available, or approximate location derived from IP address or other means)
  • IP address
  • Device type and operating system
  • Browser type and version
  • Data contained within the GS1 Digital Link QR code (e.g., product identifiers, batch numbers)
  • Referrer information

Important: We do not collect personally identifiable information (such as names, email addresses, or phone numbers) from end-users who scan QR codes unless such information is voluntarily provided or is part of the customer's product data.

2.3 Product Data

Our customers may upload or import product information to create customized scanning experiences. This data is provided by our customers and may include:

  • Product names and descriptions
  • Product identifiers (GTINs, Serial Numbers, Batch Numbers)
  • Product images and specifications
  • Rules and logic for consumer experiences
  • Any other product-related information our customers choose to provide

We process this data solely to provide our Services to customers.

2.4 Cookies and Tracking Technologies

We use both first-party and third-party cookies:

First-Party Cookies:

  • Session cookies to maintain user authentication and provide core functionality
  • HTTP-only, SameSite cookies to protect against Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks
  • Cookies to remember user preferences and settings

Third-Party Cookies:

  • Google Analytics and other analytics services to understand how our Site is used
  • These third parties may collect information about your online activities over time and across different websites

You can control cookie preferences through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Services.

2.5 Automatically Collected Information

We automatically collect certain technical information when you visit our Site:

  • IP address
  • Browser type and version
  • Operating system
  • Referring website
  • Pages viewed and time spent on pages
  • Click data and navigation paths

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide Our Services

  • Create and manage customer accounts
  • Process scan events and provide analytics
  • Enable customized consumer experiences based on QR code scans
  • Provide customer support and respond to inquiries
  • Process payments through Stripe

3.2 To Improve Our Services

  • Analyze usage patterns and trends
  • Develop new features and functionality
  • Conduct internal research and development
  • Troubleshoot technical issues

3.3 To Communicate With You

  • Send service-related notifications and updates
  • Send product updates and feature announcements (with your consent)
  • Send tips, best practices, and educational content (with your consent)
  • Send promotional offers and discounts (with your consent)
  • Send industry insights and case studies (with your consent)
  • Respond to your questions and requests

3.4 For Analytics and Reporting

  • Create de-identified, aggregated reports on scan trends, industries, product types, and user experiences
  • Publish case studies using anonymized data
  • Generate internal business intelligence

3.5 For Legal and Security Purposes

  • Comply with legal obligations and respond to lawful requests
  • Protect against fraud, unauthorized access, and security threats
  • Enforce our Terms of Service and other agreements
  • Protect the rights, property, and safety of LinkWrangler, our customers, and others

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our Services under our agreement with you
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Services, fraud prevention, and network security
  • Consent: Processing based on your explicit consent, such as for marketing communications
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations

You have the right to withdraw consent at any time where we rely on consent as the legal basis for processing.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Services:

  • Stripe: Payment processing (credit card information is processed and stored solely by Stripe)
  • Railway: Database hosting services (servers located in North America)
  • Vercel: Website and application hosting (servers located in North America)
  • Loop.so: Email delivery and communication services
  • Google Analytics: Website analytics
  • Third-party database backup providers: Secure data backup and disaster recovery
  • Authentication providers: Google Authentication services
  • Customer support platforms: As we implement customer service tools

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Customer Access

Customers have access to scan event data and analytics related to their own products and QR codes. Customers are responsible for their own use of this data.

5.3 Aggregated and De-Identified Data

We may share aggregated, de-identified data that cannot reasonably be used to identify individuals. This may include:

  • Industry trend reports
  • Product category insights
  • Case studies and research findings
  • Benchmarking data

5.4 Legal Requirements

We may disclose information when required by law or in response to:

  • Court orders, subpoenas, or other legal processes
  • Requests from government authorities
  • Situations involving potential threats to safety or security
  • Protection of our legal rights and property

5.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.

6. International Data Transfers

LinkWrangler is based in Australia. Our service providers (Railway, Vercel) use servers located in North America. By using our Services, you acknowledge that your information may be transferred to, stored, and processed in countries outside your country of residence, including Australia and the United States.

For users in the EEA, we ensure appropriate safeguards are in place for international data transfers, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Other legally approved transfer mechanisms

7. Data Security

We implement industry-standard security measures to protect your information:

Technical Safeguards

  • Encryption in Transit: All data transmitted to and from our Services uses HTTPS/SSL encryption
  • Encryption at Rest: Data stored in our databases is encrypted at rest
  • Password Security: User passwords are hashed using strong cryptographic algorithms and are never stored in plain text
  • Parameterized Queries: Database interactions use parameterized queries to prevent SQL injection attacks
  • Input Validation: Strict input validation and sanitization using the Zod library to prevent malicious data submission
  • Secure Session Management: HTTP-only, SameSite cookies to protect against XSS and CSRF attacks

Administrative Safeguards

  • Role-Based Access Control (RBAC): Strict permission checks (Owner/Admin/Editor/Viewer) to ensure users can only access authorized data
  • Audit Logging: Comprehensive logging of access and changes to sensitive resources (admin actions, billing, team management) to an immutable audit log
  • Limited Access: Access to personal information is restricted to employees and service providers who need it to perform their duties
  • Security Training: Regular security awareness training for our team

Physical Safeguards

  • Use of secure, certified data centers operated by Railway and Vercel
  • Regular security assessments and updates

Despite our security measures, no system is completely secure. We cannot guarantee absolute security of your information.

8. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Investigate: Immediately investigate the nature and scope of the breach
  • Contain: Take steps to contain and remediate the breach
  • Assess: Assess the potential impact on affected individuals
  • Notify Authorities: Report the breach to relevant supervisory authorities within 72 hours where required by law (e.g., under GDPR)
  • Notify Affected Users: Notify affected individuals without undue delay if the breach is likely to result in high risk to their rights and freedoms
  • Document: Maintain documentation of all data breaches, including facts, effects, and remedial actions taken

Breach notifications will include:

  • Description of the nature of the breach
  • Categories and approximate number of individuals affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Contact information for further inquiries

9. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specific Retention Periods

  • Customer Account Information: Retained for the duration of your account plus 3 months after account closure
  • Scan Event Data: Retained for 3 months after account closure
  • Product Data: Retained for 3 months after account closure
  • Backup Data: Data contained in backups will be retained until the backup rotation cycle naturally expires and old backups are deleted
  • Financial Records: Retained for 7 years to comply with tax and accounting regulations
  • Audit Logs: Retained for security and compliance purposes as required by law

After the retention period, we will securely delete or anonymize your information.

10. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

10.1 Rights Under Australian Privacy Law

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Complaints: Lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC)

10.2 Rights Under GDPR (EEA Residents)

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request restriction of processing in certain circumstances
  • Data Portability: Request transfer of your data to another service provider
  • Objection: Object to processing based on legitimate interests or for direct marketing
  • Withdraw Consent: Withdraw consent where processing is based on consent
  • Lodge a Complaint: File a complaint with your local supervisory authority

10.3 Rights Under CCPA (California Residents)

  • Know: Request disclosure of personal information collected, used, and shared
  • Delete: Request deletion of personal information
  • Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
  • Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

10.4 Exercising Your Rights

To exercise any of these rights:

  • Email us at privacy@linkwrangler.com
  • Log into your account and access your data download feature
  • For account deletion, submit a request through your account settings or contact us directly

We will respond to your request within:

  • 30 days (Australian Privacy Law and CCPA)
  • 1 month (GDPR), with possible extension to 2 months for complex requests

10.5 Data Download and Deletion

Customers can:

  • Download Data: Access and download all their data through their account dashboard
  • Request Deletion: Request deletion of all data from production environments by contacting privacy@linkwrangler.com
  • Backup Data: Please note that data contained in backups will remain until the natural backup rotation cycle expires

11. Children's Privacy

Our Services are not intended for individuals under the age of 18 (or the age of majority in their jurisdiction). We do not knowingly collect personal information from children.

Regarding Scan Event Data: We have no way of determining the age of individuals who scan product QR codes. We do not knowingly collect, use, or disclose personal information from children through scan events. Since scan event data does not include personally identifiable information, we do not believe this data collection involves children's personal information.

If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete such information as soon as possible. If you believe we have collected information from a child, please contact us at privacy@linkwrangler.com.

12. Marketing Communications

You can control your communication preferences at any time:

  • Opt-In: You must explicitly opt-in to receive marketing communications
  • Opt-Out: You can opt-out at any time by:
    • Clicking the "unsubscribe" link in any marketing email
    • Updating your preferences in your account settings
    • Emailing us at privacy@linkwrangler.com

Please note that even if you opt-out of marketing communications, we will still send you service-related notices (such as account notifications, security alerts, and billing information).

13. Third-Party Links and Services

Our Site and Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you use.

Our integration with third-party services includes:

  • Stripe for payment processing
  • Google for authentication
  • Google Analytics for website analytics
  • Loop.so for email services

These third parties have their own privacy policies governing their use of your information.

14. Customer Responsibilities

If you are a LinkWrangler customer, you are responsible for:

  • Ensuring you have appropriate rights to collect and share product data with us
  • Complying with applicable privacy laws when using our Services
  • Providing clear notice to end-users who scan your QR codes about data collection
  • Obtaining any necessary consents from end-users
  • Using scan event data in accordance with applicable laws and regulations

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • For material changes, we will notify you by:
    • Displaying a prominent notice in your account dashboard requiring review and acknowledgment
    • Sending an email notification to your registered email address
    • Posting a notice on our Site

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after changes become effective constitutes your acceptance of the revised policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

LinkWrangler Pty Ltd Email: privacy@linkwrangler.com Website: www.linkwrangler.com

For EEA Residents

If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local supervisory authority.

For Australian Residents

If you have a complaint about how we handle your personal information, please contact us first. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Email: enquiries@oaic.gov.au

For California Residents

California residents may contact us with privacy requests and can also submit complaints to the California Attorney General.

Acknowledgment: By using LinkWrangler's Services, you acknowledge that you have read, understood, and agree to this Privacy Policy.