Privacy Policy
Effective from: 22 May 2026
# Privacy Policy
**Effective date:** 2026-05-22 **Version:** 2.0
## 1. Who We Are and How to Contact Us
Plink ("we", "us", "our") operates the website plink.chat. We are the data controller responsible for your personal data.
Contact for privacy matters: **privacy@plink.chat**
## 2. Personal Data We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, email address, password (bcrypt hash) | Account management |
| Profile data | Display name, bio, phone, social links | Public profile display |
| Vehicle data | Licence plate number, vehicle photo | Plate profile |
| Transaction data | Credit purchases, voucher records | Payment processing |
| Communication data | Messages sent/received | Message delivery |
| Verification data | Vehicle photo submitted for ownership verification | Identity verification |
| Technical data | IP address, browser type, session data | Security, fraud prevention |
| Consent records | Records of agreements accepted | Legal compliance |
## 3. Data We Do Not Collect
We do not access government vehicle registration databases. We do not collect payment card numbers (payments are processed by third-party payment processors under their own privacy policies). We do not track your physical location. We do not build advertising profiles.
## 4. Legal Basis for Processing (GDPR / UK GDPR)
| Processing activity | Legal basis |
|---|---|
| Operating your account | Contract performance (Art. 6(1)(b)) |
| Showing your public plate profile | Consent (Art. 6(1)(a)) |
| Sending service notifications | Legitimate interests (Art. 6(1)(f)) |
| Processing Credits and vouchers | Contract performance |
| Maintaining security and preventing fraud | Legitimate interests |
| Retaining consent records | Legal obligation (Art. 6(1)(c)) |
## 5. How We Use Your Data
We use your data to: operate and maintain your account; display the public profile information you choose to publish; process Credit purchases and voucher transactions; deliver messages between users; verify plate ownership; communicate service updates; detect and prevent fraud and abuse; comply with legal obligations.
We do not sell your personal data. We do not share your data with third parties for their marketing purposes.
## 6. Data Sharing
We share data only with:
- **Payment processors** (e.g. Stripe, PaySera): for Credit purchase transactions, under their own privacy policies.
- **Service Providers**: your name and messaging contact are shared with the Service Provider only when you redeem a voucher.
- **Legal and regulatory authorities**: where required by law or court order.
- **Successors**: in the event of a merger, acquisition or sale of assets, with appropriate protections.
## 7. International Data Transfers
Where we transfer your data outside the UK/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on adequacy decisions.
## 8. Data Retention
| Data type | Retention period |
|---|---|
| Active account data | For the life of the account |
| Account data after deletion | Deleted within 30 days (anonymised audit logs retained) |
| Consent records | 7 years (legal obligation) |
| Message content | Until deleted by the account holder or 3 years from last activity |
| Transaction records | 7 years (financial record-keeping) |
| Verification photos | Deleted after review; not retained beyond 90 days |
| Technical / server logs | 90 days |
## 9. Your Rights
Under UK GDPR / GDPR, you have the right to:
- **Access** the personal data we hold about you.
- **Rectify** inaccurate data.
- **Erase** your data ("right to be forgotten") where no overriding legal obligation applies.
- **Restrict** processing while a dispute is resolved.
- **Port** your data in a machine-readable format.
- **Object** to processing based on legitimate interests.
- **Withdraw consent** at any time (this does not affect lawfulness of prior processing).
To exercise your rights, email privacy@plink.chat. We will respond within 30 days.
## 10. Security
We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, and access controls. No system is 100% secure; please notify us immediately of any suspected breach.
## 11. Cookies
We use a single session cookie strictly necessary to keep you signed in. We do not use advertising, analytics, or tracking cookies. No cookie consent banner is required because we do not set non-essential cookies.
## 12. Children
The Platform is not directed at persons under 18. We do not knowingly collect data from children. If you believe a child has registered, please contact privacy@plink.chat.
## 13. Changes
We will notify you of material changes by email and/or a notice on the Platform. The current version is always available at plink.chat/legal.
## 14. Complaints
You have the right to lodge a complaint with your local data protection authority. For UK users: Information Commissioner's Office (ico.org.uk). For EEA users: your national supervisory authority.
**Effective date:** 2026-05-22 **Version:** 2.0
## 1. Who We Are and How to Contact Us
Plink ("we", "us", "our") operates the website plink.chat. We are the data controller responsible for your personal data.
Contact for privacy matters: **privacy@plink.chat**
## 2. Personal Data We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, email address, password (bcrypt hash) | Account management |
| Profile data | Display name, bio, phone, social links | Public profile display |
| Vehicle data | Licence plate number, vehicle photo | Plate profile |
| Transaction data | Credit purchases, voucher records | Payment processing |
| Communication data | Messages sent/received | Message delivery |
| Verification data | Vehicle photo submitted for ownership verification | Identity verification |
| Technical data | IP address, browser type, session data | Security, fraud prevention |
| Consent records | Records of agreements accepted | Legal compliance |
## 3. Data We Do Not Collect
We do not access government vehicle registration databases. We do not collect payment card numbers (payments are processed by third-party payment processors under their own privacy policies). We do not track your physical location. We do not build advertising profiles.
## 4. Legal Basis for Processing (GDPR / UK GDPR)
| Processing activity | Legal basis |
|---|---|
| Operating your account | Contract performance (Art. 6(1)(b)) |
| Showing your public plate profile | Consent (Art. 6(1)(a)) |
| Sending service notifications | Legitimate interests (Art. 6(1)(f)) |
| Processing Credits and vouchers | Contract performance |
| Maintaining security and preventing fraud | Legitimate interests |
| Retaining consent records | Legal obligation (Art. 6(1)(c)) |
## 5. How We Use Your Data
We use your data to: operate and maintain your account; display the public profile information you choose to publish; process Credit purchases and voucher transactions; deliver messages between users; verify plate ownership; communicate service updates; detect and prevent fraud and abuse; comply with legal obligations.
We do not sell your personal data. We do not share your data with third parties for their marketing purposes.
## 6. Data Sharing
We share data only with:
- **Payment processors** (e.g. Stripe, PaySera): for Credit purchase transactions, under their own privacy policies.
- **Service Providers**: your name and messaging contact are shared with the Service Provider only when you redeem a voucher.
- **Legal and regulatory authorities**: where required by law or court order.
- **Successors**: in the event of a merger, acquisition or sale of assets, with appropriate protections.
## 7. International Data Transfers
Where we transfer your data outside the UK/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on adequacy decisions.
## 8. Data Retention
| Data type | Retention period |
|---|---|
| Active account data | For the life of the account |
| Account data after deletion | Deleted within 30 days (anonymised audit logs retained) |
| Consent records | 7 years (legal obligation) |
| Message content | Until deleted by the account holder or 3 years from last activity |
| Transaction records | 7 years (financial record-keeping) |
| Verification photos | Deleted after review; not retained beyond 90 days |
| Technical / server logs | 90 days |
## 9. Your Rights
Under UK GDPR / GDPR, you have the right to:
- **Access** the personal data we hold about you.
- **Rectify** inaccurate data.
- **Erase** your data ("right to be forgotten") where no overriding legal obligation applies.
- **Restrict** processing while a dispute is resolved.
- **Port** your data in a machine-readable format.
- **Object** to processing based on legitimate interests.
- **Withdraw consent** at any time (this does not affect lawfulness of prior processing).
To exercise your rights, email privacy@plink.chat. We will respond within 30 days.
## 10. Security
We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, and access controls. No system is 100% secure; please notify us immediately of any suspected breach.
## 11. Cookies
We use a single session cookie strictly necessary to keep you signed in. We do not use advertising, analytics, or tracking cookies. No cookie consent banner is required because we do not set non-essential cookies.
## 12. Children
The Platform is not directed at persons under 18. We do not knowingly collect data from children. If you believe a child has registered, please contact privacy@plink.chat.
## 13. Changes
We will notify you of material changes by email and/or a notice on the Platform. The current version is always available at plink.chat/legal.
## 14. Complaints
You have the right to lodge a complaint with your local data protection authority. For UK users: Information Commissioner's Office (ico.org.uk). For EEA users: your national supervisory authority.
