← Back to Home

Privacy Policy

Last updated: March 19, 2026

1. Introduction

Backly.io ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website and service at backly.io ("the Service"). This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

Backly.io is the data controller responsible for your personal data. For any privacy-related inquiries, you can contact us at support@backly.io.

3. Data We Collect

We collect the following categories of personal data:

  • Account information: Name, email address, and profile picture provided through Google OAuth during sign-in
  • Subscription data: Billing information processed and stored by Stripe (our payment processor). We store your Stripe customer ID and subscription status but do not store credit card numbers or payment details directly
  • Usage data: Website URLs you submit for analysis, generated content, and generation history
  • Technical data: IP address, browser type, device information, and cookies necessary for the Service to function

4. Legal Basis for Processing

We process your personal data on the following legal bases under the GDPR:

  • Contract performance: Processing necessary to provide you with the Service (Article 6(1)(b))
  • Legitimate interest: Processing for analytics, security, and improving the Service (Article 6(1)(f))
  • Legal obligation: Processing required to comply with applicable laws, such as tax and accounting requirements (Article 6(1)(c))

5. How We Use Your Data

We use your personal data to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Process subscription payments through Stripe
  • Analyze your submitted URLs to generate backlink opportunities
  • Send transactional emails related to your account and subscription
  • Monitor for abuse and ensure the security of the Service

We do not sell your personal data. We do not use your data for advertising purposes.

6. Third-Party Services

We share data with the following third-party processors, all of which are GDPR-compliant:

  • Google OAuth: For authentication. Subject to Google's Privacy Policy
  • Stripe: For payment processing. Stripe acts as an independent data controller for payment data. Subject to Stripe's Privacy Policy
  • OpenRouter / AI providers: For AI-powered analysis and content generation. Website URLs you submit are sent to AI model providers for processing. No personal account data is shared with AI providers
  • Neon (database hosting): For secure storage of your account and usage data
  • Vercel: For hosting and serving the application

7. Data Retention

We retain your account data for as long as your account is active. Generation history and associated content are retained for the duration of your account. Upon account deletion, we will delete your personal data within 30 days, except where retention is required by law (e.g., billing records for tax compliance, which may be retained for up to 7 years).

8. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate personal data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: Request that we limit how we use your data
  • Right to data portability: Request your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interest

To exercise any of these rights, please contact us at support@backly.io. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies

We use only essential cookies required for the Service to function, including authentication session cookies and theme preference storage (localStorage). We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Because we only use strictly necessary cookies, consent is not required under the GDPR ePrivacy Directive.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS/HTTPS), secure database hosting, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. International Data Transfers

Your data may be processed by third-party services located outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

12. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

14. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us at support@backly.io.