Data Compliance & Security

Last Updated: 29 September 2025

Protolinker is designed to handle data responsibly. This page explains our approach to data protection, compliance, security, and customer trust at a high level.

This page is intended as a practical overview. Our Privacy Policy explains how we collect, use, and share personal data in more detail.

1. Our Data Handling Principles

Protolinker follows these principles when handling customer and user data:

  • We collect only the data needed to provide, secure, support, and improve the service.
  • We do not sell personal data.
  • We do not store full payment card numbers.
  • We use trusted third-party providers for services such as payment processing, authentication, hosting, backend infrastructure, support, and communications.
  • We apply access controls so data is available only to authorized personnel or systems with a valid need.
  • We retain data only for as long as necessary for service, legal, security, or operational purposes.
  • We delete or anonymize data when it is no longer needed, unless retention is legally required or justified.
  • We avoid accessing customer configuration or connected service data unless required to provide the selected functionality, support the user, troubleshoot issues, or protect the service.

2. Account Data

Protolinker may process account data such as name, email address, authentication information, account identifiers, subscription status, billing metadata, and support communications.

This data is used to manage accounts, provide support, process billing, secure the service, and communicate important service information.

3. Customer Configuration and Connector Data

When users configure connectors, workflows, protocol mappings, scripts, tags, or third-party integrations, Protolinker may process the data required to perform the requested actions.

This may include:

  • Protocol settings.
  • Connector names.
  • Endpoint metadata.
  • Tag mappings.
  • Workflow rules.
  • Scripts.
  • Connection metadata.
  • Error logs.
  • Diagnostic information.
  • Integration configuration.

The data processed depends on the services, devices, connectors, permissions, and workflows configured by the user.

Protolinker does not access connected service data unless required to provide the functionality selected by the user, respond to support requests, troubleshoot issues, or protect the service.

Users should avoid submitting secrets, credentials, confidential production data, or sensitive operational data unless required for the selected functionality.

4. Payment Data

Payments are handled by third-party payment processors such as Stripe.

Protolinker may receive payment metadata, subscription status, invoices, customer identifiers, and billing records, but does not store full credit card numbers.

5. Security Measures

Protolinker uses reasonable technical and organizational safeguards to protect data, including encrypted communications, authentication and access controls, permission-based internal access, monitoring for errors, abuse, and suspicious activity, secure handling of support and operational data, limiting access to authorized personnel or systems with a valid need, regular review of data handling practices, secure configuration of third-party services where applicable, and retention controls for data that is no longer needed.

No system is completely secure, but Protolinker aims to apply reasonable and industry-standard safeguards.

We avoid publishing sensitive implementation details that could weaken the security of our systems.

6. Subprocessors and Third-Party Providers

Protolinker uses selected third-party providers to operate, secure, and improve the service.

These may include providers for hosting and infrastructure, authentication and user management, database and backend

services, payment processing, analytics and product usage measurement, error reporting and crash diagnostics, customer support, and email delivery and communications.

Where appropriate, these providers are required to protect customer data and process it only for authorized purposes.

A current list of subprocessors may be provided upon request where required.

For requests, contact:

Email: support@protolinker.com

7. GDPR and UK GDPR

Where GDPR or UK GDPR applies, Protolinker supports privacy rights such as access, correction, deletion, restriction, objection, portability, and withdrawal of consent.

Depending on the context, Protolinker may act as a data controller for account, billing, website, support, and business relationship data.

Protolinker may act as a data processor for certain customer data processed through user-configured workflows, connectors, protocol mappings, scripts, or integrations.

Where Protolinker acts as a processor, we process customer data only according to the customer’s documented instructions, unless otherwise required by law.

Business customers that require a Data Processing Agreement can contact:

Email: support@protolinker.com

8. CCPA/CPRA

Where California privacy laws apply, Protolinker supports applicable consumer rights, including the right to know, delete, correct, opt out of certain sale or sharing of personal information, and non-discrimination for exercising privacy rights.

Protolinker does not sell personal data.

If Protolinker becomes subject to additional California privacy notice requirements, we may update our Privacy Policy or provide additional disclosures.

9. International Data Transfers

Protolinker may use third-party providers located in different countries.

Where personal data is transferred internationally, Protolinker uses appropriate safeguards where required by applicable law, such as contractual protections, Standard Contractual Clauses, adequacy decisions, or other legally recognized transfer mechanisms.

10. Data Retention and Deletion

Data is retained only for as long as necessary to provide the service, comply with legal obligations, resolve disputes, maintain security, prevent abuse, and enforce agreements.

Users may request deletion of personal data by contacting:

Email: support@protolinker.com

Some information may be retained where required for legal, tax, accounting, fraud prevention, security, or legitimate business purposes.

11. Incident Response

If Protolinker becomes aware of a security incident involving personal data, we will investigate, take appropriate

steps to reduce harm, and notify affected users or authorities where required by applicable law.

12. Early-Stage Company Status

Protolinker is currently in an early-stage phase and may not yet operate through a formally registered legal entity.

As the business develops, this page may be updated to include additional legal, company, security, compliance, subprocessor, and operational details.

13. Contact

For privacy, security, or compliance questions, contact:

Email: support@protolinker.com