Privacy Statement

Last updated: April 14, 2026

1. Who we are

LinkLook is a browser for iOS that helps people spot suspicious links early and make safer decisions online.

LinkLook is operated by LinkLook B.V., a Dutch private limited company (besloten vennootschap) registered with the Netherlands Chamber of Commerce (Kamer van Koophandel) under number 42030902, with its registered office at Manpadslaan 12, 2105 MA Heemstede, the Netherlands. LinkLook B.V. is the controller responsible for the processing of personal data described in this Privacy Statement.

2. What this statement covers

This Privacy Statement explains what personal data LinkLook may process in the current version of the app, why we process it, the legal bases we rely on, how long we keep it, when external providers may be involved, and what choices and rights you have.

3. The privacy choices in LinkLook

On-device link checks are always on and are the foundation of LinkLook's protection.

In addition, you can independently enable one or more cloud protection features. Each feature maps to one specific privacy action and one specific endpoint on LinkLook's server:

• Threat Database Lookup (optional, default on): compares a short hash prefix of the link against an external threat database provider. The full web address never leaves your device.
• Cloud link check (optional, default off): sends the link (web address) to LinkLook's server for an AI-based risk check. The page behind the link is not fetched.
• Safe Preview (optional, default off): LinkLook's server fetches the page on your behalf and returns a screenshot, so you can see it without opening it on your device.
• Deep Page Analysis (optional, default off): LinkLook's server fetches the page and analyzes its content to detect fake login forms, brand impersonation, urgency language, and other scam patterns.

When you first open LinkLook, a consent screen lets you pick between On-device only, Cloud link check only, and Full cloud protection (all three cloud features). You can change any of these settings at any time in Settings → Enhanced Cloud Protection.

No cloud feature sends any data before you explicitly enable it and — for features that fetch a page — confirm when prompted.

4. What data we may process

LinkLook may process:

• the link you enter, open, scan, or share into the app — for on-device checking, and (only if you opt in) for the specific cloud feature you enabled
• webpage data needed on your device to display pages and perform on-device checks
• hash prefixes of links when you use Threat Database Lookup — designed so the full web address never leaves your device
• the page behind a link, when you enable Safe Preview or Deep Page Analysis and confirm the fetch: our server visits the page and either returns a screenshot (Safe Preview) or analyzes the page content to detect scam signals (Deep Page Analysis). Page content is processed in memory on our server and discarded after analysis; it is not kept as user content.
• app settings and local preferences stored on your device
• browsing history stored on your device to support history features in LinkLook
• limited technical and diagnostic information needed to operate, secure, and troubleshoot the app
• short-term server-side request metadata (request ID, timestamp, response code) for the cloud features you enabled, used to operate and secure the service
• contact details if you contact us directly

When you choose to open a webpage, the destination website and its service providers may receive standard browser and network information needed to load that page, such as your IP address, browser request data, and device or browser metadata, as with any browser.

We aim to limit processing to what is needed for the requested app function. Before any cloud feature sends data, LinkLook scans the link on your device for sensitive information (email addresses, tokens, account IDs, and other patterns). If sensitive data is found, LinkLook shows you what was detected and lets you choose to send it unmasked, send a masked version, or cancel the check.

5. Why we process data

We may process data to:

• perform link checks requested by the user
• identify suspicious or malicious patterns
• check links against the configured threat database provider, where enabled
• provide warnings, context, and analysis results
• display webpages inside the browser
• store your settings and app preferences
• support history features in LinkLook
• secure and maintain the app
• respond to support requests
• comply with legal obligations

6. Legal bases for processing

Depending on the situation, LinkLook processes personal data because:

• processing is necessary to provide the requested app function or browser service
• the user has given consent, where processing is optional and based on user choice
• processing is necessary to comply with a legal obligation
• LinkLook has a legitimate interest in keeping the app secure, reliable, and up to date

Where processing is based on consent, you may withdraw that consent at any time for future processing.

7. External providers and sub-processors

LinkLook relies on the following categories of providers. Each is used only for the specific feature mentioned, and only when that feature is enabled.

• Threat Database Lookup provider — receives short hash prefixes of links when this setting is on. The full web address is never shared.
• LinkLook cloud infrastructure (Fly.io) — hosts LinkLook's server, which handles requests for Cloud link check, Safe Preview, and Deep Page Analysis when those features are enabled.
• Screenshot provider (Urlbox) — used by Safe Preview to render a JPEG screenshot of the page on our server. Used only when Safe Preview is on and you have confirmed the fetch.
• AI analysis provider (Anthropic) — used by Cloud link check (link only) and Deep Page Analysis (link + page content) to detect scam patterns. Used only when those features are on and the relevant scope applies.
• Standard operational providers — for error monitoring, hosting of our website, support channels, and related business functions. Where these providers process personal data on our behalf, we aim to use appropriate contractual and technical safeguards.

Each provider receives only the data needed for its specific role: the Threat Database provider receives hash prefixes; Urlbox receives the URL to screenshot; Anthropic receives the URL and, for Deep Page Analysis, a representation of the page content. None of these providers receive an account identifier tied to you, because LinkLook has no account system.

We review and update this list when sub-processors change.

8. How long LinkLook keeps data

LinkLook keeps personal data only for as long as needed for the purpose for which it was collected, unless a longer period is required for security, legal, or operational reasons.

• on-device browsing activity, history, and settings remain on your device until you delete them or turn off the relevant feature
• Threat Database Lookup requests, where enabled, are subject to the handling and retention practices of the provider used for that feature
• for Cloud link check, Safe Preview, and Deep Page Analysis: server-side request metadata (request ID, timestamp, response code, reason code of the verdict) is retained for a limited operational period to support reliability, security, and abuse prevention, and is then aggregated or removed
• page content fetched for Safe Preview or Deep Page Analysis is processed in memory on our server and discarded after analysis; it is not stored as user content
• support communications may be kept for as long as needed to handle the request and maintain appropriate records

Where possible, we aim to minimize retention.

9. Sensitive data and user choice

LinkLook is designed to limit unnecessary sharing of sensitive information.

Before any cloud feature sends a link, LinkLook performs an on-device scan for sensitive data patterns in the link — such as email addresses, phone numbers, tokens, account IDs, and similar values. If any are detected, LinkLook shows you what was found and lets you choose to send the link in full, send a masked version, or cancel the check. On-device checks can always be used without any cloud feature enabled.

You remain responsible for what you choose to open, enter, scan, or share in the app. Please avoid submitting sensitive personal information unless it is necessary for the page or service you are using.

10. International processing

Depending on the providers involved, data may be processed outside your country and, where relevant, outside the European Economic Area.

This may apply, for example, if you enable Threat Database Lookup, Cloud link check, Safe Preview, or Deep Page Analysis, or if you contact us directly, visit our website, or use other external services related to LinkLook.

Where required, appropriate safeguards, such as contractual protections, are used.

11. Your rights

Depending on applicable law, you may have rights to access, correct, delete, restrict, or object to the processing of your personal data, and to request data portability where applicable.

You may also have the right to withdraw consent where processing is based on consent.

You may also have the right to lodge a complaint with your local data protection authority, including the Dutch Data Protection Authority where applicable.

12. Contact

If you have questions about this Privacy Statement or about privacy in LinkLook, you can contact LinkLook B.V. at privacy@linklook.app.

13. Children

LinkLook is not directed to children. We do not knowingly collect personal data from children under 16. If you are under 16, please do not use LinkLook without the involvement of a parent or guardian. If we become aware that we have collected personal data from a child under 16 without verified parental consent, we will take steps to delete that information.

14. Changes to this statement

We may update this Privacy Statement from time to time.

If we make material changes, we will update the date at the top of this page.