Privacy Policy
Last updated: April 2026
1. Controller
Andreas Enzenhofer
Erlachgasse 126
1100 Vienna, Austria
Email: hello@splitlink.io
2. Overview
SplitLink is an online service for creating agreements when sharing digital assets. This Privacy Policy explains what personal data we collect, why we collect it, and how we use it.
3. Legal Basis
We process personal data on the following legal bases under the GDPR:
- Art. 6(1)(a) GDPR: Consent (e.g. when registering an account)
- Art. 6(1)(b) GDPR: Performance of a contract (e.g. creating agreements, sending notifications)
- Art. 6(1)(f) GDPR: Legitimate interests (e.g. security and operation of the service)
4. Data We Collect
When registering:
- Email address (via Supabase Authentication)
When creating an agreement:
- Creator name
- Recipient name and email address
- Asset name, split percentage, usage terms
When a recipient accepts an agreement:
- IP address: Written exclusively into the generated PDF document as proof of consent. The IP address is NOT stored in our database.
Uploaded files:
- Files are stored temporarily in our cloud storage and deleted after the expiry date set by the creator.
5. Third-Party Services
We use the following third-party services to operate SplitLink. Personal data may be transferred to the United States:
Supabase (Supabase Inc., USA)
- Purpose: Database, authentication, file storage
- Data: Email address, agreement data, uploaded files
- Legal basis for transfer: Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR
- DPA: https://supabase.com/legal/dpa
- Privacy Policy: https://supabase.com/privacy
Vercel Inc. (USA)
- Purpose: Hosting and delivery of the web application
- Data: IP address, usage data (server logs)
- Legal basis for transfer: Standard Contractual Clauses (SCCs)
- DPA: https://vercel.com/legal/dpa
- Privacy Policy: https://vercel.com/legal/privacy-policy
Resend Inc. (USA)
- Purpose: Sending email notifications
- Data: Recipient email address, notification content
- Legal basis for transfer: Standard Contractual Clauses (SCCs)
- Privacy Policy: https://resend.com/legal/privacy-policy
6. Cookies
SplitLink uses only technically necessary cookies for authentication (session cookies via Supabase Auth). These cookies are required for the service to function and are not used for tracking or advertising purposes. No consent is required for technically necessary cookies.
We do not use any analytics, marketing, or tracking cookies.
7. Data Retention
- Account data (email): As long as the user account exists
- Agreement data: As long as the user account exists or until deleted by the user
- Uploaded files: Until the expiry date set by the creator
- Server logs (Vercel): According to Vercel's retention policy (typically max. 30 days)
8. Your Rights
Under the GDPR, you have the following rights:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
To exercise your rights, contact us at: hello@splitlink.io
9. Right to Lodge a Complaint
You have the right to lodge a complaint with the competent supervisory authority:
Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40-42
1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at
10. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy to reflect changes in law or changes to our service. The current version is always available on this page.