Data Compliance & Security
Last Updated: 29 September 2025
Protolinker is designed to handle data responsibly. This page explains our approach to data protection, compliance, security, and customer trust at a high level.
This page is intended as a practical overview. Our Privacy Policy explains how we collect, use, and share personal data in more detail.
1. Our Data Handling Principles
Protolinker follows these principles when handling customer and user data:
- We collect only the data needed to provide, secure, support, and improve the service.
- We do not sell personal data.
- We do not store full payment card numbers.
- We use trusted third-party providers for services such as payment processing, authentication, hosting, backend infrastructure, support, and communications.
- We apply access controls so data is available only to authorized personnel or systems with a valid need.
- We retain data only for as long as necessary for service, legal, security, or operational purposes.
- We delete or anonymize data when it is no longer needed, unless retention is legally required or justified.
- We avoid accessing customer configuration or connected service data unless required to provide the selected functionality, support the user, troubleshoot issues, or protect the service.
2. Account Data
Protolinker may process account data such as name, email address, authentication information, account identifiers, subscription status, billing metadata, and support communications.
This data is used to manage accounts, provide support, process billing, secure the service, and communicate important service information.
3. Customer Configuration and Connector Data
When users configure connectors, workflows, protocol mappings, scripts, tags, or third-party integrations, Protolinker may process the data required to perform the requested actions.
This may include:
- Protocol settings.
- Connector names.
- Endpoint metadata.
- Tag mappings.
- Workflow rules.
- Scripts.
- Connection metadata.
- Error logs.
- Diagnostic information.
- Integration configuration.
The data processed depends on the services, devices, connectors, permissions, and workflows configured by the user.
Protolinker does not access connected service data unless required to provide the functionality selected by the user, respond to support requests, troubleshoot issues, or protect the service.
Users should avoid submitting secrets, credentials, confidential production data, or sensitive operational data unless required for the selected functionality.
4. Payment Data
Payments are handled by third-party payment processors such as Stripe.
Protolinker may receive payment metadata, subscription status, invoices, customer identifiers, and billing records, but does not store full credit card numbers.
5. Security Measures
Protolinker uses reasonable technical and organizational safeguards to protect data, including encrypted communications, authentication and access controls, permission-based internal access, monitoring for errors, abuse, and suspicious activity, secure handling of support and operational data, limiting access to authorized personnel or systems with a valid need, regular review of data handling practices, secure configuration of third-party services where applicable, and retention controls for data that is no longer needed.
No system is completely secure, but Protolinker aims to apply reasonable and industry-standard safeguards.
We avoid publishing sensitive implementation details that could weaken the security of our systems.
6. Subprocessors and Third-Party Providers
Protolinker uses selected third-party providers to operate, secure, and improve the service.
These may include providers for hosting and infrastructure, authentication and user management, database and backend
services, payment processing, analytics and product usage measurement, error reporting and crash diagnostics, customer support, and email delivery and communications.
Where appropriate, these providers are required to protect customer data and process it only for authorized purposes.
A current list of subprocessors may be provided upon request where required.
For requests, contact:
Email: support@protolinker.com
7. GDPR and UK GDPR
Where GDPR or UK GDPR applies, Protolinker supports privacy rights such as access, correction, deletion, restriction, objection, portability, and withdrawal of consent.
Depending on the context, Protolinker may act as a data controller for account, billing, website, support, and business relationship data.
Protolinker may act as a data processor for certain customer data processed through user-configured workflows, connectors, protocol mappings, scripts, or integrations.
Where Protolinker acts as a processor, we process customer data only according to the customer’s documented instructions, unless otherwise required by law.
Business customers that require a Data Processing Agreement can contact:
Email: support@protolinker.com
8. CCPA/CPRA
Where California privacy laws apply, Protolinker supports applicable consumer rights, including the right to know, delete, correct, opt out of certain sale or sharing of personal information, and non-discrimination for exercising privacy rights.
Protolinker does not sell personal data.
If Protolinker becomes subject to additional California privacy notice requirements, we may update our Privacy Policy or provide additional disclosures.
9. International Data Transfers
Protolinker may use third-party providers located in different countries.
Where personal data is transferred internationally, Protolinker uses appropriate safeguards where required by applicable law, such as contractual protections, Standard Contractual Clauses, adequacy decisions, or other legally recognized transfer mechanisms.
10. Data Retention and Deletion
Data is retained only for as long as necessary to provide the service, comply with legal obligations, resolve disputes, maintain security, prevent abuse, and enforce agreements.
Users may request deletion of personal data by contacting:
Email: support@protolinker.com
Some information may be retained where required for legal, tax, accounting, fraud prevention, security, or legitimate business purposes.
11. Incident Response
If Protolinker becomes aware of a security incident involving personal data, we will investigate, take appropriate
steps to reduce harm, and notify affected users or authorities where required by applicable law.
12. Early-Stage Company Status
Protolinker is currently in an early-stage phase and may not yet operate through a formally registered legal entity.
As the business develops, this page may be updated to include additional legal, company, security, compliance, subprocessor, and operational details.
13. Contact
For privacy, security, or compliance questions, contact:
Email: support@protolinker.com
