LEGAL

Privacy Policy

Last updated: 8 May 2026

This policy explains what data Linkspector collects, why, and how it is handled — across the website, the browser extension, and the B2B API.

Who we are

Linkspector is a URL safety scanner built for Australian users. The service is operated by Linkspector (Ashlin Technologies PTY LTD), an Australian registered company. Questions about this policy can be directed to privacy@linkspector.io.

What we collect and why

URLs you scan. When you scan a URL, it is processed to produce a safety verdict. Free scans contribute anonymised signal data (verdict, score, TLD, and detected flags — never the full URL) to Linkspector's Australian threat intelligence database. Pro deep scans resolve shortened links to their final destination and submit the URL to VirusTotal and Google Safe Browsing for real-time analysis.

Account information. If you create a Linkspector account, your email address is collected via Clerk (our authentication provider) and used to manage your subscription. We do not store passwords — authentication is handled entirely by Clerk.

Payment information. Payments are processed by Stripe. Linkspector never sees or stores your card details. Stripe provides us with a subscription status only.

Anonymous session data. Free users are assigned an anonymous session ID stored in a secure, httpOnly cookie. This is used solely to track the number of free deep scans used in the current session. It is not linked to any personal identifier.

Scan history (Pro). For Pro users, a record of each deep scan is stored — including the URL scanned, the verdict, score, flag count, and timestamp. This powers the scan history feature in your account. Scan history is only accessible to you when signed in and is never shared.

Browser extension

The Linkspector Chrome extension operates as follows:

  • When you scan a URL, it is sent to Linkspector's servers for analysis. Free scans use the B2B API endpoint. Pro scans use the extension scan endpoint.
  • If you sign in, a session token is generated and stored locally in Chrome's extension storage (chrome.storage.sync). This token is used to authenticate Pro scan requests. It is valid for 7 days.
  • No browsing history, page content, or link data is collected automatically. The extension only sends a URL when you explicitly choose to scan it.
  • Signing out of the extension deletes the session token from local storage immediately.

Third-party services

Linkspector integrates with the following third-party services. Each has its own privacy policy.

ClerkAuthentication and user managementEmail address, session tokens
StripePayment processingSubscription status only (no card data)
VirusTotalURL threat intelligence (Pro scans)URL submitted for analysis
Google Safe BrowsingMalware and phishing detection (Pro scans)URL submitted for lookup
Anthropic (Claude)AI plain-English scan summary (Pro scans)URL, scan findings, domain data
SupabaseDatabase (scan records, session data)Stored in Australia/US region
VercelHosting and serverless computeRequest logs (standard web server logs)

Data retention

  • Anonymous session cookies expire after 30 days.
  • Extension session tokens expire after 7 days.
  • Pro scan history records are retained while your account is active.
  • Anonymised telemetry data (verdict, score, TLD) is retained indefinitely as part of the threat intelligence database.
  • If you delete your account, your personal data and scan history are deleted within 30 days.

Your rights

Under Australian Privacy law and GDPR (for users in the EU), you have the right to:

  • Request a copy of the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated personal data.
  • Withdraw consent for data processing at any time.

To exercise any of these rights, email privacy@linkspector.io.

Cookies

Linkspector uses one first-party cookie:

  • ls_session — a secure, httpOnly cookie containing an anonymous UUID. Used to track free deep scan usage only. No tracking, no advertising.

No third-party tracking or advertising cookies are used.

Children

Linkspector is not directed at children under 13. We do not knowingly collect personal data from children.

Changes to this policy

We may update this policy from time to time. The date at the top of this page will reflect the most recent revision. Continued use of Linkspector after changes constitutes acceptance of the updated policy.

Questions about this policy?

Contact Us