Privacy Policy

canna.sx (“we”, “us”, the “Service”) is a link-in-bio platform that lets you build a public profile page. This policy covers the website, dashboard, and public profile pages we host.

We collect only what we need to run the Service:

• Account data: your username, email address, and a securely hashed password. We never store your password in plain text.
• Profile content: anything you add to your page — display name, bio, links, social handles, widgets, and uploaded media (avatar, background, audio, cursor, fonts).
• Connected accounts: if you link Discord or Spotify, we store the OAuth tokens needed to show your presence / now-playing. Tokens are encrypted at rest.
• Analytics: aggregate page views and link clicks for your own profile. Views are de-duplicated using a salted, one-way hash of visitor IP + user-agent — we do not store raw visitor IP addresses against views.
• Technical data: we briefly process IP addresses and request metadata to apply rate limits, prevent abuse, and secure logins (e.g. recording the device/location of your active sessions).
• Payment data: if you buy Premium, payments are handled by Stripe. We receive a customer/transaction reference and your plan status — we never see or store your full card details.

• Provide the Service: host your profile, render your customizations, and show analytics.
• Security & abuse prevention: authenticate you, rate-limit requests, and detect fraud or abuse.
• Communication: send essential emails such as verification, password resets, and (if enabled) a weekly analytics digest.
• Billing: process Premium purchases and apply or revoke entitlements.

We do not sell your personal data, and we do not use your content to train advertising profiles.

We use a single, strictly necessary session cookie to keep you logged in. It is HTTP-only and same-site. We also set short-lived functional cookies (for example, to remember that you unlocked a password-protected page or confirmed an age gate). We do not use third-party advertising cookies.

When you use certain features, data is shared with the relevant provider under their own privacy policies:

• Stripe: payment processing for Premium.
• Discord: OAuth login/linking and presence display.
• Spotify: OAuth linking and now-playing display.
• Email provider: to deliver transactional emails.

We keep your data while your account is active. If you delete your account, your profile, uploads, and personal data are removed, except for limited records we must retain for legal, security, or accounting reasons (for example, payment records). Backups are purged on a rolling schedule.

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can edit most data directly in your dashboard, export your analytics as CSV, and delete your account from Settings. For any other request, contact us at support@canna.sx.

We protect your data with measures including password hashing, encryption of sensitive tokens at rest, optional two-factor authentication, session controls, and rate limiting. No system is perfectly secure, but we work to keep your data safe and to respond quickly to issues.

The Service is not directed to children under 13 (or the minimum age required in your country). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will remove it.

We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above and, where appropriate, an in-app notice. Continued use of the Service after changes means you accept the updated policy.

Questions about this policy? Email us at support@canna.sx.