Privacy Policy

LaaS – Links as a Service

Last updated: June 17, 2026

§ 1. Data Controller

The data controller for the processing of your personal data is: Dream Eighteen ApS, CVR: 46039491, Brassøvej 33, 8240 Risskov, Denmark.

Data protection enquiries can be sent to contact@linksasaservice.com with the subject line "Data Protection". Response time is 1–3 business days.

§ 2. What This Policy Covers

This privacy policy describes how LaaS ("we", "us", "our") collects, processes, and protects personal data when you access linksasaservice.com, app.linksasaservice.com, or use our services.

The policy applies to: (a) visitors to our website, (b) customers who create an account and place orders, (c) publishers who list websites on the platform, and (d) contacts who reach out via our forms.

§ 3. What Personal Data We Collect

3.1 Data you provide directly

  • Contact form: name, email address, subject, and message
  • Account creation: name, email address, company name, and website URL
  • Orders: target URLs, anchor texts, article instructions, and delivery preferences
  • Payment information: card payments are processed directly and securely by Stripe Inc. – we do not store card numbers or banking details. For direct invoicing, we process invoice-relevant data (name, company name, address, email) internally and retain it for 5 years in accordance with the Danish Bookkeeping Act.
  • Publisher application: website URL, contact details, and payout information

3.2 Data collected automatically

  • IP address and approximate geographic location
  • Browser type, version, and operating system
  • Pages visited, session length, and referral sources via Google Analytics (GA4)
  • Cookie identifiers – see our Cookie Policy

3.3 Crawling and analysis of customer websites (Managed customers)

For customers using our Managed Link Building service, we are entitled under the agreement terms (§ 10) to crawl and analyse content on the websites the Customer wishes to link to. Data collected in this way is used exclusively for content production and link strategy in connection with the Customer's order and is not processed for any other purpose.

§ 4. Purposes and Legal Basis (GDPR Art. 6)

We process your personal data on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)): Processing and delivery of orders, account administration, customer support, and publisher payouts.
  • Legitimate interest (Art. 6(1)(f)): Fraud prevention, platform improvement, and service-related communications. Our legitimate interest has been balanced against data subjects' interests and assessed to take precedence in these cases.
  • Legal obligation (Art. 6(1)(c)): Compliance with the Danish Bookkeeping Act (5-year retention obligation), tax legislation, and other Danish and EU law.
  • Consent (Art. 6(1)(a)): Analytics cookies and any marketing communications. Consent may be withdrawn at any time without consequence for the rest of the agreement.

§ 5. Sharing with Third Parties and Data Processors

We only share your personal data with third parties to the extent necessary for service delivery or required by law. We enter into data processing agreements with all relevant suppliers.

Our primary data processors:

  • Google LLC (Google Analytics GA4): Anonymised traffic analysis. Google Analytics is configured with IP anonymisation and data sharing with Google is disabled.
  • Stripe Inc. (card payments): Stripe is PCI DSS certified and processes card details directly without LaaS having access to them. For direct invoicing, invoice data is processed internally by LaaS and is not shared with third parties.
  • Hosting provider: Our platform is hosted on secure servers with an EU/EEA-certified or SCC-protected provider.

We never sell personal data to third parties and do not share data for marketing purposes without consent.

§ 6. International Data Transfers

Some of our data processors are established outside the EU/EEA, primarily in the USA. These transfers are protected by:

  • The EU-US Data Privacy Framework (European Commission adequacy decision of July 2023) – applicable to Google LLC and Stripe Inc.
  • The European Commission's Standard Contractual Clauses (SCCs) as a supplement or alternative.

You may request information about the specific transfer mechanisms by contacting us at contact@linksasaservice.com.

§ 7. Retention Periods

We retain your personal data for the period necessary for the purpose for which it was collected:

  • Account data: For as long as the account is active, plus 30 days after closure.
  • Order and invoice data: 5 years after the end of the financial year (Danish Bookkeeping Act § 10).
  • Support enquiries: 3 years from case closure.
  • Analytics data (Google Analytics): 26 months (Google Analytics default setting with IP anonymisation).
  • Crawl data from Managed customers: Deleted upon termination of the agreement, no later than 30 days thereafter.

Upon expiry of the retention period, data is deleted or anonymised, unless a legal obligation requires continued retention.

§ 8. Security

We apply appropriate technical and organisational measures to protect your personal data, including encryption of data in transit (TLS/HTTPS), access controls, and regular security reviews.

In the event of a data breach that poses a risk to data subjects, we will notify the Danish Data Protection Authority within 72 hours and affected data subjects without undue delay, pursuant to GDPR Art. 33–34.

§ 9. Your Rights Under GDPR

As a data subject you have the following rights, which you may exercise by contacting us at contact@linksasaservice.com:

  • Access (Art. 15) – request a copy of the personal data we process about you
  • Rectification (Art. 16) – have inaccurate or incomplete information corrected
  • Erasure (Art. 17) – request deletion where no legal obligation requires retention
  • Restriction (Art. 18) – request temporary restriction of processing
  • Data portability (Art. 20) – receive your data in a structured, machine-readable format
  • Object (Art. 21) – object to processing based on legitimate interest
  • Withdrawal of consent (Art. 7(3)) – at any time, without affecting the lawfulness of prior processing

We respond to requests within 30 days (extendable to 90 days with justification). No fee is charged for reasonable requests.

§ 10. Cookies

We use cookies to ensure the platform's core functionality and for anonymised traffic analysis. A detailed overview of all cookies, their purposes, and retention periods is available in our Cookie Policy at linksasaservice.com/cookie-policy. Cookies that are not strictly necessary require your consent.

§ 11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you, pursuant to GDPR Art. 22.

§ 12. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be notified by email to your registered address with at least 14 days' notice, in accordance with Terms § 1.4. The current version is always available at linksasaservice.com/privacy-policy.

§ 13. Contact and Complaints

Questions about our processing of personal data should be directed to:

Dream Eighteen ApS · CVR: 46039491 · Brassøvej 33, 8240 Risskov · Email: contact@linksasaservice.com

If you wish to complain about our processing of your personal data, you have the right to lodge a complaint with the Danish Data Protection Authority:

Datatilsynet · Carl Jacobsens Vej 35 · 2500 Valby · dt@datatilsynet.dk · datatilsynet.dk