Privacy policy.

We collect the minimum we need to run the Link Audit and the early access program. That includes the affiliate URLs you submit for scanning, your email address, your full name, your role (creator, publisher, agency, brand, or other), and the optional checkboxes you tick when you sign up.

If you choose to share your monthly affiliate income to get a more accurate loss estimate, we store that field encrypted at rest. We never log it to error monitoring, never include it in URLs, and never share it with subprocessors beyond what is required to render the estimate inside your own session.

We use a privacy-preserving hash of your IP address for rate limiting and abuse detection. The hash is sha256(ip + dailySalt) where dailySalt rotates at UTC midnight. We never persist raw IP addresses. After the daily salt rotates, the previous day’s hashes can no longer be linked to the underlying IP.

Scan records auto-purge after 90 days. That includes the original URLs, redirect chains, cookie state, findings, and any narrative text. Share pages at vigilink.app/g/<shortid> stop loading once the underlying scan is purged.

Email signups persist until you ask to be removed. Contact form submissions persist until we have responded and closed the thread.

We use email magic-link authentication and do not store passwords. Magic links expire after one use and have a short validity window. Authentication itself is operated by Supabase as our subprocessor, with delivery via Resend.

We use a small set of subprocessors to run VigiLink. Each is contractually bound to the same data-handling requirements we commit to here.

• Supabase: database, authentication, file storage.
• Resend: transactional email delivery.
• Fly.io: browser worker hosting for the Link Audit scans.
• Anthropic: narrative generation on individual scan findings.
• Vercel: web application hosting.
• PostHog: product analytics with PII stripped from event properties.
• Sentry: error monitoring. Income disclosures and raw IP addresses are never sent to Sentry.

We set a session cookie for authenticated users of the Link Audit and a small number of functional cookies required to keep your session alive. We do not set advertising cookies and we do not sell or share cookie data with third parties for ad targeting.

We do not sell your data. We do not share your data with affiliate networks. We may share aggregated, de-identified statistics in industry research or public writing (for example, an industry-level claim that a percentage of iOS Safari sessions show ITP cookie capping). Such aggregates are never traceable to an individual.

You have the right to ask us to delete every record we hold about you. To exercise that right, email team@vigilink.app from the address you signed up with. We will confirm and complete the deletion. You also have the right to export the scan records and findings tied to your account.

For any privacy question, email team@vigilink.app. We read every message.