ittybittylink
Get started free

Legal

Privacy Policy

Last updated: May 13, 2026

ittybittylink, operated by Supply Surplus LLC (“we,” “our,” or “us”) is committed to protecting your privacy. This policy explains what data we collect, how we use it, and what choices you have.

1. Data We Collect

Account Information

  • Email address (required to create an account)
  • Username and display name
  • Profile bio and avatar image (optional, set by you)
  • Password (stored as a secure, salted hash — never in plain text)

Usage Data

  • Click counts on your links (aggregated; we do not log individual visitor identities)
  • Device type and browser category for analytics (e.g., “mobile / Chrome”)
  • Approximate country of visitor (derived from IP, IP is not stored)
  • Timestamps of link clicks and page views
  • Email addresses collected via your email capture forms (stored and owned by you)
  • Purchase history and download activity for digital products

Payment Information

  • Stripe customer ID and connected account ID (references, not raw card data)
  • Transaction amounts, timestamps, and platform fees
  • Payout history

We never see or store your full card number, CVV, or bank account details. All payment data is handled directly by Stripe.

2. How We Use Your Data

  • To operate your account and display your public profile page.
  • To provide click analytics and revenue dashboards in your account.
  • To process Earn Mode transactions and calculate platform fees.
  • To send transactional emails (account confirmation, password resets, payout notifications).
  • To deliver purchased digital products via secure download links.
  • To investigate and resolve support requests.
  • To detect and prevent fraud, abuse, and violations of our Terms of Service.
  • To improve the platform through aggregated, anonymized usage analysis.

We do not sell your personal data. We do not use your data to train AI models. We do not send marketing emails without your explicit opt-in.

3. Data Sharing

We share data with the following third-party services to operate ittybittylink:

Stripe

Payment processing and Stripe Connect payouts

Stripe processes all Earn Mode transactions. Your connected Stripe account is governed by Stripe's Privacy Policy.

Supabase

Database and authentication

Your account data, link configurations, analytics, and email subscribers are stored in Supabase-hosted databases in the United States.

Vercel

Web hosting and edge delivery

Your public profile pages are served via Vercel's global edge network. Vercel may process request metadata (IP, headers) transiently to route traffic.

Vercel Blob

File storage for digital product delivery

Purchased files are stored on Vercel's infrastructure and served via time-limited download links.

Resend

Transactional email delivery

We use Resend to deliver account and notification emails. Your email address is shared with Resend for this purpose only.

We do not share your data with advertisers, data brokers, or any other third parties.

We may disclose data if required by law, court order, or to protect the rights and safety of our users or the public.

4. Cookie Policy

ittybittylink uses a minimal set of cookies and browser storage:

Authentication cookies

Set when you log in. Required for session management. These are first-party, HttpOnly cookies.

Preference storage

Your theme choice and dashboard preferences may be saved in localStorage on your device. No data is sent to us.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies on your profile pages. Visitor analytics are collected server-side without cookies.

5. Your Rights and Choices

You have the following rights regarding your data:

Data export

Export all your data (links, analytics, email subscribers, earnings history) at any time from your dashboard in JSON format.

Account deletion

Delete your account from dashboard settings. Your public profile is taken offline immediately. All personal data is permanently deleted within 30 days, except where retention is required by law (e.g., financial records).

Correction

Update your account information at any time from your dashboard settings.

Opt-out of emails

Unsubscribe from any non-essential emails using the link in each email. Transactional emails (password resets, payout confirmations) cannot be opted out of while your account is active.

To exercise any of these rights or if you have a request we can’t fulfill through the dashboard, email us at support@ittybittylink.com.

6. Data Retention

We retain your account data for as long as your account is active. Analytics data (click counts, revenue summaries) is retained for up to 36 months and then aggregated or deleted.

Financial transaction records are retained for 7 years to comply with tax and accounting requirements, even after account deletion. This data is not associated with your public profile.

7. Data Security

We take reasonable technical and organizational measures to protect your data, including:

  • All data is transmitted over HTTPS/TLS.
  • Passwords are hashed using bcrypt and never stored in plain text.
  • Database access is restricted by row-level security policies.
  • Payment data is handled exclusively by Stripe; we store only opaque references.

No system is completely secure. If you discover a security vulnerability, please disclose it responsibly to support@ittybittylink.com.

8. Children's Privacy

Users must be at least 18 years old to create an account, connect a Stripe account, or use Earn Mode features. We do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe your child has created an account, please contact us at support@ittybittylink.com and we will delete the account promptly.

9. GDPR and CCPA Rights

If you are located in the European Economic Area or California, you may have additional rights under GDPR or CCPA respectively. These may include the right to access, correct, delete, or restrict processing of your personal data, as well as the right to data portability and to object to certain processing activities.

Contact us at support@ittybittylink.com to exercise these rights. We will respond within the timeframe required by applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For material changes, we will notify you by email at least 14 days before the change takes effect.

Continued use of ittybittylink after changes take effect constitutes acceptance of the updated Privacy Policy.

11. Contact

Questions or concerns about this Privacy Policy? Contact us at:

ittybittylink Support

support@ittybittylink.com