Privacy Policy
Last Update: 31 March 2025
Introduction
Clinkt provides a technological service that allows users to upload files and share them with third parties via a URL link, in exchange for payment.
The aim of this policy is to explain how Clinkt processes personal data as a data controller, in compliance with its obligations under applicable data protection regulations.
This document is drafted in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and the French Data Protection Act (Loi n°78-17 du 6 janvier 1978).
Definitions
- Application: The Clinkt mobile application available on the App Store, Google Play and WebApp.
- Data Subject: Any individual whose personal data is processed by Clinkt, including Uploaders and Downloaders.
- Uploader: An individual of legal age who uploads files via the Application.
- Downloader: An individual of legal age who downloads files via a paid link.
- Download Page: A specific web page from which files can be accessed once payment is made.
- File: Any file (e.g., photo, video, audio, document) uploaded and shared via the Clinkt service.
- Solution: Refers collectively to the Application and the Download Pages.
Personal Data Collected and Processed
Clinkt processes various categories of personal data, depending on whether the user is an Uploader or Downloader.
For Uploaders
- Identity and contact data: full name, birth date, email, address, phone number
- Login data: credentials, IP address, session timestamps, location, session history
- Financial data: payment details, transaction history, withdrawal information
- Uploaded content: photographs, videos, voice messages
- Device information: OS, language
- Usage data: app navigation, activity logs
- Verification data: identity documents, facial photograph (selfie)
- Sanctions and warnings in case of inappropriate or illegal content
For Downloaders
- Full name and email address
- Device information: OS and language
Certain data is mandatory for access to the service (e.g., identity verification). If this data is not provided, access may be denied. Payment and identity verification data are handled by third-party providers only.
Data Processing, Purposes and Legal Basis
| No. | Data Processing | Purpose | Legal Basis |
|---|---|---|---|
| 1 | Account creation and management | To allow Uploaders to register and use the Application | Performance of a contract |
| 2 | User login and authentication | To identify Uploaders and give them access to their account | Performance of a contract |
| 3 | Support requests and service access | To assist users and deliver agreed functionalities | Performance of a contract |
| 4 | Identity verification | To verify the identity of users creating an account | Legitimate interest |
| 5 | File sharing | To allow Uploaders to share files and Downloaders to access them after payment | Performance of a contract |
| 6 | Payment processing | To facilitate payment transactions for file purchases | Performance of a contract |
| 7 | Content filtering | To detect and block illicit content on the platform | Legitimate interest |
| 8 | Cookies and trackers | To operate and improve the service, provide security features, and analyze site performance | Legitimate interest / Consent |
| 9 | Fraud prevention | To protect against fraud, including payment fraud | Legitimate interest |
Data Recipients
Personal data is shared only with Clinkt’s internal teams or with its data processors where necessary. No data is sold.
Illegal content may be reported to competent authorities such as the FBI, Interpol, or PHAROS (France).
Categories of Data Processors
- Operations: Hosting, age checks, filtering, error tracking, and app updates
- Financial Services: Payment solutions
- Security and Anti-bot: Turnstile (Cloudflare) for form protection and bot filtering
- Analytics: Google Analytics for website usage insights (only after consent)
- Marketing & Communication: Emailing and social media analytics tools
- Maintenance: Emergency technical access providers
- Advisory: Legal, financial, or audit advisors
Retention of Personal Data
- Account data: retained until deletion or 2 years after last activity
- Files: retained for 3 months by default (or longer if specified by Uploader or if illegal)
- Downloaders’ emails: retained as long as needed to send the file
- Session logs: retained for 6 months
- Support data: retained as long as needed to resolve the issue
- Illicit file data: retained for analysis and action
- ID documents: retained only for the time needed for verification
- Cookies: kept for 0 to 179 days depending on type
Clinkt will anonymize, archive, or delete data once the retention period ends, unless legal obligations require otherwise.
Data Transfers
Data is hosted by Amazon Web Services in Ireland. Some data may be transferred outside the EU (e.g., to the US). In such cases, Clinkt ensures proper safeguards are in place (e.g., Standard Contractual Clauses).
Cookies and Trackers
Cookies and tracking tools are used for essential operations, security, performance, and analytics purposes.
Users are informed and must give consent, except for strictly necessary cookies such as those used for security (e.g., Turnstile). Consent can be withdrawn at any time via the cookie module or by contacting Clinkt.
Types of Cookies and Trackers Used
- Turnstile (Cloudflare): Used to protect forms against bots. This is considered strictly necessary and does not require user consent.
- Google Analytics: Used to analyze site usage and improve the service. Activated only if the user has accepted cookies.
When enabled, Google Analytics may collect the following categories of data:- Browser and device information (e.g., browser type, operating system, screen resolution)
- Approximate geographic location (country, city)
- IP address (anonymized by default in the EU)
- Pages visited and time spent on each page
- Referrer URLs (source of traffic)
- Interactions and events (e.g., clicks, scrolls, downloads)
These data are used for aggregated statistical analysis and are not used to identify individuals. - Payment processing: Used during the session to process purchases
- Error detection (e.g., Sentry): Kept for up to 6 months
- Consent tracking: Stored for up to 6 months
Data Subject Rights
Description of Rights
Data subjects have the right to:
- Access their data
- Rectify or delete incorrect data
- Object to or restrict processing
- Withdraw previously given consent
- Request data portability
- Provide instructions for data after death
- File a complaint with the CNIL or other authority
Exercising Rights
To exercise these rights, contact:
- Email: [email protected]
- Postal mail: Clinkt, Personal Data, 60 RUE FRANCOIS IER, 75008 PARIS France
Clinkt may require identity proof and will respond within a reasonable time. Requests are free unless manifestly excessive or unfounded.
Security Measures
Clinkt implements robust physical, logical, and organizational measures to secure personal data. No security downgrade will occur during updates.
Changes to this Privacy Policy
Clinkt may update this policy when services evolve or regulations change. In case of major updates, users will be informed at least 15 days in advance via email or in-app notice.