Privacy Policy

moLink ("we", "our", or "us") is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable privacy laws. This Privacy Policy explains how we collect, use, store, and protect information when you use our booking and profile platform. By accessing or using moLink, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

We collect the following categories of personal data: • Identity Data: name, username, profile photo • Contact Data: email address, phone number (optional) • Booking Data: appointment dates, times, and session details • Usage Data: pages visited, interactions, booking funnel behaviour (anonymised) • Technical Data: IP address, browser type, device information, timezone • Cookie Data: your cookie preferences and consent timestamp We do not collect sensitive personal data such as health information, payment card numbers, or biometric data unless explicitly required for a specific service and with your consent.

We use your personal data for the following purposes: • To process and confirm your bookings • To send booking confirmation and reminder emails • To enable creators to manage their availability and appointments • To improve the performance and usability of our platform (analytics) • To comply with legal obligations • To send transactional communications (not marketing, unless you opt in) We rely on the following legal bases under GDPR: contractual necessity, legitimate interests, and your explicit consent (for marketing cookies and communications).

We do not sell your personal data to third parties. We may share data with: • Service providers: email delivery (e.g. Supabase, transactional email), calendar integration (Google Calendar) • Analytics providers: anonymised usage data only, with GDPR-compliant processors • Legal authorities: when required by law, court order, or to protect our rights All third-party processors are bound by data processing agreements that comply with GDPR requirements.

We use cookies to operate and improve our platform. You can manage your cookie preferences at any time via the Cookie Settings link in our footer. • Strictly Necessary: Required for core functionality (always active) • Functional: Remembers your preferences and settings • Analytics: Anonymous usage tracking to improve the platform • Marketing: Used to measure campaign effectiveness (requires consent) You have the right to withdraw cookie consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

We retain your personal data only for as long as necessary: • Account data: retained while your account is active, deleted within 30 days of account closure • Booking data: retained for 2 years for record-keeping purposes • Email logs: retained for 6 months • Analytics data: retained in anonymised form indefinitely; personally identifiable data deleted after 12 months • Cookie consent records: retained for 13 months (per GDPR guidance)

Under GDPR, you have the following rights: • Right of Access: Request a copy of the personal data we hold about you • Right to Rectification: Correct inaccurate or incomplete data • Right to Erasure ("Right to be Forgotten"): Request deletion of your data • Right to Restrict Processing: Limit how we use your data • Right to Data Portability: Receive your data in a machine-readable format • Right to Object: Object to processing based on legitimate interests • Right to Withdraw Consent: Withdraw consent for marketing at any time To exercise any of these rights, contact us at privacy@molink.io. We will respond within 30 days.

We implement industry-standard security measures to protect your data, including: • Encrypted data transmission (TLS/HTTPS) • Row-level security on our database • Access controls and authentication for all internal systems • Regular security reviews Despite our precautions, no system is 100% secure. In the event of a data breach affecting your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

If you have questions, concerns, or wish to exercise your rights: Email: privacy@molink.io Subject line: "Privacy Request — [Your Name]" You also have the right to lodge a complaint with your local supervisory authority. In the EU/UK, this is typically the Information Commissioner's Office (ICO) or your national data protection authority.