Privacy

Privacy Policy

How we collect, use, and protect personal data for Backlink Warranty.

Privacy Policy

Backlink Warranty (“Service”)

Website: https://backlinkwarranty.com

Data Controller: Breia Oy (EU VAT: FI 31818059)

Registered address: Yliopistonkatu 31, 20100 Turku, Finland

Email: Email support (enable JavaScript)

Effective date: January 28, 2026

This Privacy Policy explains how Breia Oy (“Breia”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you visit our website, create an account, invite team members (where applicable), or use Backlink Warranty.

This Policy should be read together with our Terms and Conditions and Refund Policy.

1. Personal Data We Collect

1.1 Account and profile data

  • Email address
  • First name
  • Last name
  • Optional company name

1.2 Team/seat data (multi-seat plans)

If your plan supports multiple seats (e.g., Medium/Large):

  • Team member names (if provided), email addresses, and role/permission settings
  • Invitation and membership status (invited/accepted/removed)
  • Audit/security events related to team access (e.g., invite accepted)

1.3 Service data you provide (campaign/backlink data)

We process information you submit to the Service, such as:

  • Backlink URLs, target URLs/domains, anchor texts, campaign names/tags, and monitoring configuration
  • Results generated by the Service (e.g., status checks, indexing indicators, computed ratios, and associated metrics)

This data is generally business/website data. Please avoid entering personal data into campaign fields unless necessary.

1.4 Technical, usage, and log data

When you use the Service or visit our website, we may collect:

  • IP address and approximate location derived from IP
  • Device/browser information, operating system, language, and time zone
  • Pages/features accessed, timestamps, and interaction events
  • Error logs, security logs, and authentication/session events

1.5 Support communications

If you contact us:

  • Your email address and any information you provide in messages/attachments
  • Support history and troubleshooting notes

1.6 Payment and billing data (via Paddle)

Payments are processed by Paddle. We do not store full payment card details. Paddle may process billing and transaction data (such as billing contact details, VAT/tax information, transaction identifiers, and subscription status). We may receive limited information from Paddle (e.g., subscription status, country, transaction reference) to manage access and support.

2. How We Use Personal Data

We use personal data to:

  • Provide and operate the Service (account creation, authentication, link monitoring, reporting)
  • Manage teams and seats (invites, permissions, access control)
  • Process subscriptions and billing (through Paddle)
  • Communicate with you (transactional emails, service notices, support responses)
  • Secure the Service (abuse prevention, fraud prevention, bot detection, monitoring, auditing)
  • Maintain and improve the Service (debugging, performance, product improvements)
  • Measure and improve our website and in-app experience (where permitted—see Cookies/Tracking)
  • Send marketing communications if you opt in
  • Comply with legal obligations and enforce our Terms

3. Legal Bases for Processing (GDPR)

We process personal data under the following legal bases:

  • Contract (Art. 6(1)(b)): to provide the Service, manage accounts, deliver subscribed features, administer seats, and provide support.
  • Legitimate interests (Art. 6(1)(f)): to secure the Service, prevent abuse/fraud, maintain availability, and improve reliability (balanced against your rights).
  • Consent (Art. 6(1)(a)): for non-essential cookies and tracking/analytics/advertising tools (e.g., Google Analytics, Microsoft Clarity, Meta Pixel, Google Ads/remarketing tags) where required; and for marketing emails when you opt in. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): for tax/accounting and other mandatory compliance.

4. Cookies, Analytics, Session Replay, and Advertising

4.1 Strictly necessary cookies

We use necessary cookies/technologies for core functionality and security (e.g., login sessions, maintaining user state, fraud prevention). These are required for the Service to work.

4.2 Security and bot protection (CAPTCHA)

We use Cloudflare CAPTCHA on registration/sign-in pages to prevent abuse and automated attacks. This may process IP address, browser/device signals, and interaction patterns. Legal basis: legitimate interests in protecting the Service.

4.3 Analytics (consent-based)

If you accept analytics cookies, we may use:

  • Google Analytics to understand how visitors and users interact with our website and Service.

4.4 Session replay / UX diagnostics (consent-based)

If you accept analytics/experience cookies (as presented in our cookie banner), we may use:

  • Microsoft Clarity on both the public website and the logged-in Service to understand user interactions (e.g., session replay/heatmaps) and improve usability.

Clarity may capture interaction events and device/browser information. We configure these tools to avoid collecting sensitive data intentionally, but you should not enter sensitive personal data into forms.

4.5 Advertising and conversion measurement (consent-based)

We may use advertising and conversion measurement tools in connection with paid marketing (for example, Google Ads and Meta products). Depending on your consent choices and our configuration, this may involve cookies or similar identifiers used to:

  • measure advertising performance (e.g., conversions);
  • build audiences for remarketing; and/or
  • improve ad relevance.

Meta Pixel is used on the public website only (not inside the logged-in Service).

Google Ads may require cookies/tags that are separate from Google Analytics. Where required, we activate such tags only after you consent to marketing/advertising cookies.

4.6 Managing your cookie preferences

Where required, optional analytics/advertising tools are activated only after consent via our cookie banner. You can withdraw or change cookie consent at any time using our cookie settings (where available) or by clearing cookies in your browser (note: browser settings may not control all technologies in all cases).

5. How We Share Personal Data

We share personal data only as necessary to provide and improve the Service:

5.1 Payment processing — Paddle

Paddle processes payments, taxes, fraud checks, refunds, and subscription billing. Paddle may collect additional information required for checkout and compliance.

5.2 Infrastructure and security providers

We host the Service in the European Union and use service providers for delivery, security, and reliability (including reverse proxy/CDN and security services). These providers may process IP addresses and technical data to protect and deliver the Service.

5.3 Email delivery — Mailgun (EU)

We use Mailgun (EU infrastructure) to send transactional/service emails (e.g., verification emails, password resets, billing notices, service announcements) and, where you have opted in, marketing emails.

5.4 Analytics, session replay, and advertising providers (consent-based where required)

If you consent, relevant data may be processed by:

  • Google (Google Analytics and, where enabled, Google Ads tags)
  • Microsoft (Microsoft Clarity)
  • Meta (Meta Pixel)

5.5 SEO metrics provider — Moz

We use the Moz API to retrieve SEO metrics (e.g., Domain Authority, Page Authority, Spam Score) related to backlinks/domains. This typically concerns website/link data. Limited technical request metadata may be processed in connection with API calls.

5.6 Legal, compliance, and protection

We may disclose personal data if required by law, to respond to lawful requests, to enforce our agreements, or to protect rights, safety, and security.

We require processors to protect personal data and process it only on our instructions, using appropriate contractual safeguards.

6. International Data Transfers

Some providers (for example, Cloudflare, Google, Microsoft, Meta, or Paddle) may process data outside the EEA or permit access from outside the EEA.

Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as:

  • European Commission adequacy decisions (where applicable), and/or
  • Standard Contractual Clauses (SCCs) and additional measures as required.

You may contact Email support (enable JavaScript) to request more information about transfer safeguards.

7. Marketing Communications

We may send marketing emails only if you opt in. You can unsubscribe at any time using the unsubscribe link in emails or by contacting Email support (enable JavaScript) .

Service/transactional emails (e.g., account verification, billing notifications, important service updates) are not marketing and may be sent as necessary to provide the Service.

8. Data Retention

We retain personal data only as long as necessary for the purposes described:

  • Account and Service data: retained while your account is active.
  • Post-cancellation/account deletion: if you request deletion via support or your account is canceled/terminated, we will delete or anonymize your account and Service data within 90 days, unless we must retain certain data for legal reasons.
  • Logs and security records: retained for up to 90 days (unless a longer period is necessary to investigate abuse/security incidents or comply with law).
  • Billing/tax records: retained as required by applicable law (often several years).

If you request deletion, we will comply subject to legal exceptions (e.g., required recordkeeping or to establish/exercise/defend legal claims).

9. Your Rights (GDPR)

If you are in the EEA/UK (and in many other jurisdictions), you may have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion (subject to legal exceptions)
  • Restrict processing
  • Object to processing based on legitimate interests
  • Data portability (where applicable)
  • Withdraw consent at any time (for consent-based processing)
  • Lodge a complaint with a supervisory authority

To exercise your rights, contact Email support (enable JavaScript) . We may request information to verify your identity.

Supervisory authority (Finland)

You can lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) or your local EEA/UK authority.

10. Special Categories of Data

We do not intend to process special categories of personal data (such as health data, biometric data, political opinions, religious beliefs, or trade union membership). Please do not submit such data to the Service.

11. Security

We implement reasonable technical and organizational measures designed to protect personal data (e.g., access controls, encryption where appropriate, monitoring, and secure development practices). No system is perfectly secure. You are responsible for keeping your credentials confidential and using a strong password.

12. Children

The Service is not intended for children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us at Email support (enable JavaScript) .

13. Third-Party Links

Our website or Service may link to third-party sites. Their privacy practices are governed by their own policies. We are not responsible for third-party practices.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will be posted on this page with a revised effective date. If changes are material, we will take reasonable steps to notify you (e.g., email or in-app notice).

15. Contact

For privacy questions or requests, contact: Email support (enable JavaScript)