Safelink Safelink Back home

Legal

Privacy Policy

Effective date: 28 March 2026
Last updated: 28 March 2026

Safelink ("Safelink", "we", "us", or "our") provides a disposable remote browser sandbox that allows users to open links in an isolated environment.

This Privacy Policy explains how we collect, use, store, and protect personal data when you use:

  • the Safelink website;
  • the Safelink browser extension;
  • the Safelink web application and sandbox sessions;
  • self-service.safelink.dev; and
  • support and other communications with us.

1. Controller

The controller of personal data processed under this Privacy Policy is:

Luca Gesmundo
Email: support@safelink.dev

2. Who this policy applies to

This Privacy Policy applies to individuals who visit our website, request beta access, create an account, use Safelink, or contact us.

Safelink is offered to both individual users and business users.

3. Personal data we collect

We collect the following categories of personal data.

a. Information you provide directly

  • name;
  • email address;
  • information you submit when requesting beta access;
  • information you send to us in support requests or other communications.

b. Account and authentication data

  • account identifiers;
  • session cookies required for login and authenticated access.

c. Minimal service telemetry

We collect limited telemetry about service operation, such as:

  • that a session occurred;
  • session duration;
  • user agent / device or browser information;
  • technical metadata needed to operate, secure, and improve the service.

We do not collect browsing history inside the sandbox in the ordinary course of providing the service.

d. URL processing data

When you use Safelink through the extension or another product surface, we process the URL you submit so that the requested destination can be opened in a remote sandbox.

e. Error and crash data

We retain limited technical error data from sandbox virtual machines and related infrastructure for debugging, crash recovery, reliability, and security purposes.

4. Data we do not intentionally collect for ordinary service use

Safelink is designed to minimize retained browsing data. In particular, we do not intentionally collect or retain, in the ordinary course of service operation:

  • logs of which websites a user visited inside the sandbox;
  • browser history from sandbox sessions;
  • page content viewed in the sandbox;
  • browser cookies from sandbox sessions after the session ends;
  • session recordings of browsing activity;
  • internal browser logs from sandboxed browsers.

We also do not submit URLs, page contents, or user files to third-party scanning or analysis services.

5. How the service works

Safelink allows a user to send a URL to Safelink for remote opening in an isolated browser environment. For example, the browser extension may send a request such as a navigation URL containing the target URL as a query parameter. We process that submitted URL only to provide the requested sandbox navigation experience.

Safelink sessions are designed to be ephemeral. When a session ends, the sandbox workspace is destroyed. Persistent browsing artifacts from the session are not retained as part of ordinary service operation, except for limited telemetry and technical error data described in this Privacy Policy.

6. License and access model

Safelink uses a license-based access model. A license key may be shown once and then discarded. We store only a hash of the license for the duration of its validity. Sandboxes are provisioned using the relevant license hash, and the system is designed so that only the holder associated with that license can access the sandbox.

Based on the current service design, Safelink personnel do not have ordinary access to a user's live navigation activity inside a sandbox.

7. Purposes of processing

We process personal data for the following purposes:

  • to provide the website, extension, application, and sandbox service;
  • to create and manage accounts;
  • to authenticate users and maintain secure sessions;
  • to process requested URLs and launch remote browser sessions;
  • to provide support and respond to inquiries;
  • to maintain service security, integrity, and availability;
  • to detect, troubleshoot, and resolve product errors or infrastructure failures;
  • to generate aggregated or anonymized service statistics where possible;
  • to comply with applicable legal obligations;
  • to enforce our terms and protect our rights, users, and systems.

8. Legal bases for processing

If you are in the European Economic Area, we process personal data on the following legal bases under Article 6 GDPR:

  • performance of a contract or steps taken at your request before entering into a contract, where processing is needed to provide Safelink, create your account, authenticate you, and launch sandbox sessions you request;
  • legitimate interests, where processing is necessary for service security, fraud or abuse prevention, debugging, crash recovery, reliability, and limited service telemetry;
  • legal obligation, where processing is necessary to comply with applicable law or valid legal requests.

Article 6 GDPR recognizes these legal bases, including contract, legitimate interests, and legal obligation.

9. Cookies and analytics

Safelink uses only strictly necessary session cookies required for login and authenticated service access.

We do not use cookies for advertising or cross-site tracking.

We use self-hosted Umami in a cookieless configuration for privacy-friendly analytics.

Under Italian cookie guidance, technical cookies used solely to provide a service requested by the user are treated differently from non-technical tracking tools, which generally require consent.

10. Sharing of personal data

We do not sell personal data.

We do not share personal data with advertisers.

We may share limited personal data only with service providers that host or support the service on our behalf, and only where necessary for the purposes described in this Privacy Policy.

Current infrastructure provider:

  • Hetzner – VPS hosting in Germany.

Other core infrastructure, including database and analytics, is self-hosted by us.

We may also disclose personal data:

  • if required by law or valid legal process;
  • to protect our rights, users, systems, or the public;
  • in connection with a business transfer, merger, acquisition, or reorganization, if that ever occurs.

11. International transfers

At present, Safelink stores and processes data in Germany.

We do not currently intend to transfer personal data outside the European Economic Area as part of ordinary service operation.

12. Data retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy.

In general:

  • account data is retained until the user deletes the account or requests deletion;
  • technical logs and error/crash logs may be retained for up to 90 days;
  • telemetry metadata may be anonymized where possible;
  • license hashes may be retained for the duration of license validity;
  • sandbox session environments are designed to be destroyed at the end of the session.

If you delete your account, we will delete your account data, except where limited technical log references (such as session identifiers already present in logs) may remain for up to 90 days before deletion or rotation.

13. Security

We use appropriate technical and organizational measures designed to protect personal data, including measures such as:

  • encryption;
  • access controls;
  • isolation of sandbox environments;
  • security logging;
  • least-privilege access practices.

No system can guarantee absolute security, but we work to protect personal data in a manner appropriate to the nature of the service and the risks involved.

14. Your rights

If the GDPR or similar privacy laws apply to you, you may have the right to:

  • access your personal data;
  • request correction of inaccurate data;
  • request deletion of your personal data;
  • request restriction of processing;
  • object to certain processing based on legitimate interests;
  • request data portability where applicable;
  • lodge a complaint with a competent supervisory authority.

The GDPR and EDPB guidance recognize these rights, including access, rectification, erasure, restriction, portability, objection, and the right to complain to a supervisory authority.

15. How to exercise your rights

You can update certain account information through self-service.safelink.dev.

For deletion requests or other privacy requests, contact us at:

support@safelink.dev

We will respond without undue delay and, where GDPR applies, generally within one month, although that period may be extended where legally permitted for complex requests.

16. Children

Safelink is not intended for children under 18. We do not design or market the service for children.

If you believe a child under 18 has provided personal data to us, contact us at support@safelink.dev and we will review the request.

17. Business users

Where Safelink is used in a business setting, this Privacy Policy still applies to personal data processed by us in connection with providing the service.

Based on the current product design, organization administrators and Safelink personnel do not have ordinary visibility into live sandbox browsing activity.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

When we do, we will post the updated version on our website and update the "Last updated" date above.

19. Contact

If you have questions about this Privacy Policy or our privacy practices, contact:

Luca Gesmundo
support@safelink.dev

View the en version of this pageView the it version of this page