Draft — under legal review. This content is not final and is not legal advice.
Legal
What we collect, why, who we share it with, and the choices you have.
Effective date and version: see the live privacy changelog. [[REVIEW: confirm the effective date to display here]]
The short version
In short: OwnBio runs this service; contact us with any privacy question. (Summary — the full text below governs.)
OwnBio is a free link-in-bio and mobile business page service operated by [[REVIEW: legal entity name]], [[REVIEW: registered address]]. For any privacy question or request, contact [[REVIEW: privacy contact email — e.g. privacy@ownbio.app]].
In short: your account email + page content; your date of birth (for age eligibility only); and, only with your permission, preferences and privacy-first analytics.
Account data: your email address and the content you add to your page. Date of birth: collected at onboarding and used only to confirm your age is appropriate for the service — never for advertising. Consent records: the privacy choices you make and the version of the notice you saw (no advertising identifiers). Functional preferences: if you allow them, your language, use case, and favorite templates, stored on your device and mirrored to your account. Analytics: if you allow it, a random analytics identifier and aggregate usage events. We do not store your raw IP address or your full browser user-agent in our privacy records — only your approximate country (ISO country code) and a coarse device class.
In short: to run your account (contract), honor the choices you make (consent), keep the service safe (legitimate interest), and meet the law (legal obligation).
To provide the service and your account (contract). To remember your preferences, measure what works, and — only if you allow it — support marketing and personalized recommendations (your consent). To keep the service secure and prevent abuse (legitimate interest). To meet legal obligations, such as honoring your rights requests and confirming age eligibility (legal obligation).
In short: we tailor the page from your current visit only (like which link you clicked from), never from stored tracking, and we keep nothing.
Before you consent to anything, we may adapt what you see using only signals from your current request, read for that page render and never stored: the page path, campaign parameters in the link (UTM, for that view only), the class of site you came from (for example "Instagram" or "Google", never the full address), your approximate country, your language preference, your device class (mobile or desktop), and any intent you declared in the link. Nothing here is written to your device, and none of it identifies you.
In short: before you consent we set only what's strictly necessary; everything else is your choice.
We explain every cookie and storage key, and how your consent controls them, in our Cookie Policy. Before you consent we set only strictly necessary storage (including the cookie that remembers your privacy choices).
In short: six categories, all off until you turn them on (except the essentials), changeable anytime, and Global Privacy Control always wins.
You control six categories: strictly necessary (always on), functional personalization, analytics, marketing, AI personalization, and email marketing. Everything except strictly necessary is off until you turn it on, and you can change your mind anytime in Privacy & cookie settings. We honor Global Privacy Control signals: when your browser sends one, marketing stays off no matter what else you have chosen.
In short: only the service providers that help us run OwnBio. We do not sell your data, and we run no advertising trackers today.
We use service providers who process data on our behalf under contract:
We do not sell or "share" (as defined by US privacy laws) your personal information, and we run no advertising or marketing pixels today. If we ever enable advertising partners, they would load only after you turn on marketing, and only for the specific events needed. Payment processing: [[REVIEW: payment processor, if/when paid plans launch]].
In short: our providers may process data outside your country under appropriate safeguards.
OwnBio is operated from the United Arab Emirates. Your data may be processed outside your country by the providers above. Where required, transfers rely on appropriate safeguards. [[REVIEW: confirm Supabase project region + Cloudflare/Resend regions and the transfer mechanism (e.g. SCCs) to state here]].
In short: we keep things only as long as needed, delete expired data on a schedule, and keep a few records the law requires (like unsubscribe records).
In short: you can access, correct, delete, port, or object to your data, and withdraw consent anytime.
Depending on where you live, you may have the right to access, correct, delete, port, or object to the use of your data, and to withdraw consent at any time. Your date of birth and all other account data are included in access and deletion requests. When we delete, we verify the deletion across our systems before we mark it complete; a small number of records the law requires us to keep (such as unsubscribe records and consent evidence within its retention window) are retained on that legal basis. To exercise a right, contact [[REVIEW: rights request contact / DSR email]]. You can withdraw consent yourself anytime in Privacy & cookie settings.
In short: the same controls apply everywhere; here is how they map to your local law.
UAE (PDPL): we operate on a consent-default basis and honor access, correction, deletion, restriction, portability, objection, and consent-withdrawal requests; you may also complain to the UAE Data Office. [[REVIEW: designate a UAE contact/representative if required]]
EU / UK (GDPR / UK GDPR): our legal bases are described in section 3; you have the rights in section 10 and may lodge a complaint with your supervisory authority (in the UK, the ICO). International transfers rely on the safeguards in section 8. [[REVIEW: EU/UK representative under Art. 27, if required]]
California (CCPA/CPRA): we collect the categories in section 2, for the purposes in section 3. We do not sell or share your personal information, and we honor Global Privacy Control as an opt-out signal. We do not discriminate against you for exercising your rights. Use "Your Privacy Choices" in the footer or Privacy & cookie settings.
India (DPDP): you have rights of access, correction, erasure, and grievance redress. We are preparing for full DPDP obligations, which take effect in stages (with broader requirements expected from 2027). [[REVIEW: designate a grievance officer + timeline when DPDP rules require it]]
Saudi Arabia (PDPL): we process on a consent basis for marketing and honor withdrawal and access/correction/deletion requests.
In short: we ask your date of birth to confirm eligibility, and under-18s get no marketing or behavioral profiling.
OwnBio is not for children under 13, and we do not knowingly collect their data. We ask your date of birth at onboarding solely to confirm eligibility. If you tell us you are under 18, we do not show you marketing or email-marketing options and we never run behavioral profiling or advertising audiences for your account. In India, the service is not directed to anyone under 18.
In short: recommendations use only what you told us, never your behavior unless you allow it, and never sensitive inferences.
Smart recommendations suggest templates and order your links using only the answers you gave us (your use case, audience platform, and goal). Behavioral personalization — learning from what you do on the site — is off unless you turn on AI personalization. We never infer sensitive categories such as religion, health, ethnicity, sexuality, or political views; our recommendation inputs simply do not include anything like that. We do not make decisions with legal or similarly significant effects about you automatically.
In short: significant changes are versioned and, where required, we ask again for consent.
If we make a significant change, we will update the version and effective date and, where required, ask for your consent again. Our version history is on the Trust page.
Privacy questions or requests: [[REVIEW: privacy contact email]]. Security reports: [[REVIEW: security contact email, e.g. security@ownbio.app]]. Legal / law enforcement: [[REVIEW: legal contact email, e.g. legal@ownbio.app]].
Claim your handle, add your links, capture enquiries, and share it anywhere — free forever.
No credit card · No ads · No forced watermark · Privacy-first