Privacy Policy

Widely ("we", "us", "our") is a programmable link-in-bio platform operated by Mohamed Hassan Allam, based in Berlin, Germany. Our website is widely.app.

For any privacy-related questions, contact us at: hello@widely.app

We collect only what is necessary to provide the service:

Widely uses only functional cookies — specifically a single session cookie set by Supabase to keep you authenticated. We do not use advertising cookies, third-party tracking pixels, or analytics cookies that require consent under GDPR/ePrivacy.

You can delete this cookie at any time by logging out. Blocking it will prevent login from working.

• To provide and operate the Widely platform
• To authenticate you and secure your account
• To serve your public profile page to visitors
• To count link clicks and return those counts via the API
• To detect and prevent abuse, fraud, and unauthorized API access
• To contact you about important service changes (no marketing without consent)

We do not sell your data, share it with advertisers, or use it for profiling.

For users in the European Economic Area, our legal bases are:

• Contract performance (Art. 6(1)(b)): Processing your account and profile data to deliver the service you signed up for.
• Legitimate interests (Art. 6(1)(f)): Server logs and security monitoring to protect the platform and users.
• Consent (Art. 6(1)(a)): Any optional features that involve additional data collection (we will ask explicitly).

Both sub-processors provide GDPR-compliant data processing agreements. Your data is stored primarily in the EU (Frankfurt region on Supabase).

• Active accounts: Retained as long as your account exists.
• Deleted accounts: Permanently deleted within 30 days of account deletion request.
• Server logs: Retained for up to 30 days, then purged.
• Link click counts: Aggregated counts retained; no individual visitor data stored.

If you are in the EEA, you have the right to:

• Access — request a copy of all data we hold about you
• Rectification — correct inaccurate data (you can edit most of it directly in the app)
• Erasure — request deletion of your account and all associated data
• Portability — receive your data in a machine-readable format
• Restriction — request we limit processing while a dispute is resolved
• Object — object to processing based on legitimate interests

To exercise any of these rights, email us at hello@widely.app. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority (e.g., BfDI in Germany).

We implement industry-standard security measures: TLS encryption in transit, hashed passwords, hashed API keys (we never store the plaintext token after generation), and access controls enforced via Supabase Row Level Security (RLS). No system is 100% secure — if you believe there is a security issue, please contact us immediately at hello@widely.app.

Your Widely profile contains links to external websites. We are not responsible for the privacy practices of those sites. The presence of a link does not constitute endorsement.

Widely is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have done so in error, contact us and we will delete it immediately.

We may update this Privacy Policy from time to time. We will notify registered users by email for material changes. The "Last updated" date at the top of this page will always reflect the most recent revision. Continued use of Widely after an update constitutes acceptance of the revised policy.