Privacy Policy

Last updated: March 1, 2026

1. Data Controller

DK Tech Solutions UG (limited liability)

Schwanthalerstr. 141, 80339 Munich

Email: support@mdtolink.com

2. What Data We Collect

Account Data

When you create an account, we collect your name, email address, and optionally a profile image. Passwords are securely hashed and never stored in plain text.

Published Content

Markdown files you publish through MDtoLink are stored on our servers to make them accessible via shareable URLs. You retain full ownership of your content.

Session & Security Data

We collect IP addresses, user agent strings, and encrypted session tokens for authentication and security purposes.

Payment Data

Payment processing is handled exclusively by our payment provider (Stripe). We only store your customer ID and subscription status — never your credit card details.

Server Logs

Standard server logs (request URLs, timestamps, IP addresses) are collected for operational and security purposes.

3. How We Use Your Data

  • Providing and operating the MDtoLink platform
  • Authenticating your account and managing sessions
  • Processing payments and managing subscriptions
  • Sending transactional emails (account confirmations, password resets)
  • Monitoring platform security and preventing abuse
  • Complying with legal obligations

4. Third-Party Services

We share data with the following service providers:

  • Stripe — payment processing
  • Cloudflare — CDN, DNS, and DDoS protection
  • Hetzner — server infrastructure (EU-based)

We do not sell your personal data to third parties. Data is only shared as necessary to operate the service.

5. Cookies & Local Storage

MDtoLink uses HTTP-only session cookies for authentication. We also use local storage to persist your theme preference (light/dark mode). We do not use tracking cookies or third-party analytics cookies.

6. Data Storage & Security

Your data is stored on EU-based servers (Hetzner, Germany). We use encryption at rest for database storage, TLS encryption for all data in transit, and HTTP-only cookies for secure session management.

7. Data Retention

  • Account data is deleted within 30 days of account removal
  • Published content is deleted when you remove it or upon account deletion
  • Session data expires automatically
  • Server logs are retained for a maximum of 90 days

8. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Request data portability
  • Restrict processing of your data
  • Withdraw consent at any time

To exercise any of these rights, contact us at support@mdtolink.com.

9. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or a prominent notice on our website. Continued use of the service after changes constitutes acceptance.