Privacy Policy

Last updated: February 16, 2026

Lynq Studio (“lynq.studio”, “we”, “us”, or “our”) operates a web analytics platform. This Privacy Policy explains how we collect, use, and protect data — both from people who use our platform (customers) and from visitors to websites that use our tracking technology (end users).

1. Who We Are

Lynq Studio is a web analytics service operated by Lynq Studio. Our registered address is Istanbul, Turkey. For data protection inquiries, contact us at privacy@lynq.studio.

2. Data We Collect

2.1 From Our Customers (Account Holders)

When you create an account, we collect:

  • Name and email address (for account management)
  • Password (stored as a bcrypt hash — we never store or see your password in plain text)
  • Website domain (to configure tracking)
  • Payment information (processed by our payment provider — we do not store card details)

Legal basis: Contract performance (GDPR Art. 6(1)(b)) — we need this data to provide the service you signed up for.

2.2 From Website Visitors (End Users)

When someone visits a website that uses Lynq tracking, we collect:

  • Page information: URL path, page title, referrer URL
  • Device data: Browser type and version, operating system, device type (mobile/desktop/tablet), screen resolution, browser language
  • Location: Country and city (derived from IP address — see below)
  • Traffic source: Referrer domain, UTM parameters (if present in the URL)
  • Events: Page views, e-commerce actions (product views, cart additions, purchases), and any custom events configured by the website owner
  • Pseudonymous identifiers: A randomly generated visitor ID stored in a first-party cookie, and a session ID stored in browser session storage

2.3 What We Do NOT Collect

  • We do not collect names, email addresses, or any personally identifiable information from end users
  • We do not store IP addresses — IPs are hashed with a daily-rotating salt for GeoIP lookup, then discarded
  • We do not use browser fingerprinting
  • We do not track users across different websites
  • We do not use third-party cookies
  • We do not sell, rent, or share data with third parties for advertising purposes

3. How We Use Data

End user data is used solely to provide analytics reports to the website owner. Specifically:

  • Generating traffic reports (visitor counts, page views, sessions)
  • Showing traffic sources and campaign performance
  • Providing device, browser, and geographic breakdowns
  • E-commerce analytics (product performance, conversion funnels, revenue tracking)
  • Real-time visitor monitoring

We do not use end user data for profiling, advertising, or any purpose other than providing analytics to the website owner.

4. Legal Basis for Processing

4.1 For Customer Data

Contract performance (GDPR Art. 6(1)(b)): Processing your account data is necessary to provide the service.

4.2 For End User Data

Legitimate interest (GDPR Art. 6(1)(f)): Website owners have a legitimate interest in understanding how their website is used. We balance this against end user rights by:

  • Not collecting personally identifiable information
  • Not tracking users across websites
  • Hashing and discarding IP addresses
  • Using only first-party cookies (no third-party tracking)
  • Providing data retention controls to website owners

This approach is consistent with guidance from European data protection authorities and the assessment published by independent legal analyses of first-party analytics under GDPR and the ePrivacy Directive.

5. Cookies

Our tracking script uses two first-party cookies:

  • _lynq_id — A randomly generated visitor identifier. Expires after 2 years. Used to distinguish unique visitors.
  • _lynq_attr — Campaign attribution data (traffic source). Expires after 90 days. Used to attribute conversions to the correct marketing channel.

Session data is stored in browser sessionStorage (automatically cleared when the tab is closed).

We do not set any third-party cookies. We do not use cookies for advertising, retargeting, or cross-site tracking.

6. Data Storage and Security

  • Analytics data is stored in ClickHouse (columnar database optimized for analytics)
  • Account data is stored in PostgreSQL
  • All data is hosted on EU-based infrastructure
  • All connections use TLS/HTTPS encryption in transit
  • Passwords are hashed using bcrypt with a cost factor of 12
  • IP addresses are hashed with a daily-rotating salt and never stored in raw form
  • Database access is restricted to application servers only

7. Data Retention

  • Analytics events: 2 years (configurable by the website owner)
  • Raw event logs: 6 months
  • Error logs: 3 months
  • Account data: Retained while the account is active, deleted within 30 days of account closure

8. Data Sharing

We do not sell data. We share data only in these limited circumstances:

  • With the website owner: Analytics data is accessible to the customer who owns the tracked website
  • Infrastructure providers: Our hosting providers (Railway, ClickHouse Cloud, Neon) process data on our behalf under data processing agreements
  • Legal requirements: If required by law, court order, or regulatory authority

We do not share data with advertising networks, data brokers, or any other third parties.

9. Your Rights

9.1 For Customers

Under GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a machine-readable format
  • Object to processing
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact privacy@lynq.studio.

9.2 For Website Visitors

Since we do not collect personally identifiable information from website visitors, individual data subject requests are generally not applicable. However:

  • You can clear our cookie by deleting _lynq_id from your browser
  • You can use browser privacy settings or ad blockers to prevent tracking
  • If you believe we hold data about you, contact us and we will investigate

10. International Transfers

All data processing occurs within the European Union. We do not transfer personal data outside the EU/EEA unless required by a customer's specific configuration and with appropriate safeguards in place (Standard Contractual Clauses).

11. Children

Our service is not directed at children under 16. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to registered customers. The “last updated” date at the top indicates the most recent revision.

13. Contact

For privacy-related inquiries: