Privacy Policy

Last Updated: February 6, 2026

At ClickKing, a product of Metallicode LTD, we take your privacy—and the privacy of your visitors—seriously. This policy outlines how we collect, use, and protect data across our platform.

1. Information We Collect as a "Data Controller"

We collect information directly from you when you create an account or communicate with us:

  • Account Data: Name, email address, and password hashes.
  • Billing Data: Transaction history and subscription status. Note: Full payment card details are handled exclusively by our Merchant of Record (Lemon Squeezy).
  • Communication Data: Records of support tickets and emails sent to Metallicode LTD.

2. Information We Process as a "Data Processor"

When an end-user clicks a ClickKing link (Short or Embed), we process technical data on your behalf. We do not build personal profiles of your visitors. Data processed includes:

  • Anonymized IP Address: Used to determine country/city level location before being truncated.
  • Technical Headers: User-Agent (Browser/OS) and Referrer (the source of the click).
  • Timestamp: To provide time-based analytics.

Client-side fallback redirects: Each short link contains an encoded copy of the destination URL in the URL fragment (after the #). If our servers are temporarily unavailable, the visitor's browser redirects using this fragment entirely client-side. No data is sent to or collected by ClickKing during a fallback redirect.

3. Legal Basis for Processing (UK GDPR)

We process your data under the following legal bases as defined by the UK General Data Protection Regulation:

  • Contractual Necessity (Article 6(1)(b)): To provide the tracking and link-management services you have purchased or registered for.
  • Legitimate Interests (Article 6(1)(f)): For platform security, fraud and abuse prevention, rate-limiting, and system optimisation. This includes the short-term retention and automated deletion of security logs (see Section 5).
  • Legal Obligation (Article 6(1)(c)): Where required to comply with applicable UK law, including tax and accounting obligations.
  • Consent (Article 6(1)(a)): Where you have opted in to receive marketing communications. You may withdraw consent at any time.

4. Data Sub-Processors

To provide our service, we use the following third-party sub-processors who meet strict data security standards:

Entity Purpose Location
Lemon Squeezy, LLC Merchant of Record (Payments & Tax) USA / Global
Cloudflare, Inc. Edge Infrastructure & Security Global
Render Web Hosting USA (Global)
Supabase Database Storage EU (Frankfurt)

5. Data Retention & Automated Deletion

We retain personal data only for as long as is necessary for the purposes for which it was collected, in accordance with the data-minimisation principle (UK GDPR Article 5(1)(c) and (e)). The specific retention periods are:

Data Category Retention Period Deletion Method
Account data (name, email) Duration of active account + 30 days after deletion request Manual upon request, or automated on account closure
Click tracking metadata Plan-specific data window (5–365 days depending on tier) Automated daily at 03:00 UTC
Expired short links 30 days after link expiry Automated daily at 03:00 UTC
Security & rate-limiting logs (IP addresses) 14 days Automated daily at 03:30 UTC
Billing & transaction records 6 years (UK legal requirement) Managed by Lemon Squeezy

Automated deletion jobs run on a daily schedule. Once data is deleted it cannot be recovered. You should export any data you wish to keep before the relevant retention period ends.

6. International Data Transfers

As we use global infrastructure, your data may be transferred to and processed in countries outside of the European Economic Area (EEA). We ensure Standard Contractual Clauses (SCCs) are in place with all sub-processors to protect your data.

7. Your Rights Under the UK GDPR

Under the UK General Data Protection Regulation, you have the following rights in relation to your personal data:

  • Right of Access (Article 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Article 17): Request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to Restriction of Processing (Article 18): Request that we limit how we use your data.
  • Right to Data Portability (Article 20): Request your data in a structured, commonly used, machine-readable format (CSV export is available from your dashboard).
  • Right to Object (Article 21): Object to processing based on legitimate interests.

To exercise any of these rights, please contact our Data Protection Officer at support@clickking.io. We will respond within 30 days of receiving your request, as required by law.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Return to Homepage Terms of Service