1. What this notice covers
This Cookie Notice applies to:
- The Alllinks marketing site at alllinks.cc and the in-product dashboard.
- Any public profile served from an Alllinks address (
alllinks.cc/u/name) or a custom domain pointed at our platform. - Transactional emails we send you and clicks back to our site from those emails.
It works alongside our Privacy Policy — read both together for the full picture.
2. What are cookies?
Cookies are small data files that a website saves to your browser. They let the site remember things between page loads, keep you signed in, count unique visits, or run features like embedded videos.
Cookies we set ourselves are first-party cookies — only Alllinks can read them. Cookies set by another company embedded on a page (a YouTube player, a Spotify embed, a Stripe checkout) are third-party cookies — they belong to that company and follow that company's privacy policy.
Other technologies behave like cookies: localStorage (we use it for things like remembering the last theme you picked in the dashboard), web beacons / tracking pixels in emails, and SDK identifiers in mobile apps. We treat all of these the same way as cookies in this notice.
3. Why Alllinks uses cookies
We use cookies for four specific purposes:
- Strictly necessary — to sign you in, keep your dashboard session alive, remember your CSRF token, and protect against fraud and brute-force login attempts. These cannot be turned off — without them, Alllinks doesn't work.
- Preferences — to remember small choices like your sidebar state, your last-viewed plan toggle (monthly vs yearly), language, and that you've accepted this Cookie Notice.
- Analytics — to count visits and clicks in aggregate, see which features are used, and spot pages that are slow or broken. Our analytics are first-party only; we don't load Google Analytics on creator profile pages.
- Embeds & checkout — when you embed a YouTube, Spotify, SoundCloud, Vimeo, or Twitch player on your page, those services set their own cookies when a visitor presses play. When a buyer pays for a Pro subscription, Paddle's PCI-DSS checkout sets cookies needed to complete the payment safely.
4. The cookies we set
Alllinks first-party cookies
- al_session — session ID, expires when you sign out or after 14 days of inactivity. Strictly necessary.
- al_csrf — anti-CSRF token, expires with the session. Strictly necessary.
- al_prefs — UI preferences (theme, sidebar, currency, monthly/yearly), expires after 12 months. Preferences.
- al_visit — anonymous visit counter on public profile pages (deduplicates the same browser within 24h), expires after 24 hours. Analytics.
- al_cookie_consent — records that you accepted this notice and your selected categories, expires after 12 months. Preferences.
Third-party cookies you may encounter
- Paddle — set during checkout for paid plans. Required to complete a purchase. Governed by Paddle's privacy policy.
- YouTube / Spotify / SoundCloud / Vimeo / Twitch — set when a visitor interacts with an embedded player on a creator's page. Each service uses its own cookies; refer to that service's policy.
- Stripe / PayPal — only on shops that creators choose to enable; set during the buyer's checkout, governed by Stripe / PayPal directly.
- Cloudflare — security cookies that help Cloudflare block bots and DDoS traffic from reaching our origin. Strictly necessary.
5. Cookies on creator pages
Alllinks creators can choose to add embeds and shop integrations to their pages. When a visitor lands on a profile, the only cookie Alllinks sets is al_visit (counted anonymously for the creator's analytics). Any third-party cookies on the page come from content the creator added — for example, pressing play on a YouTube embed will set YouTube's cookies on the visitor's browser. Creators are responsible for disclosing these in line with their local laws.
6. How to control cookies
- From this site: open Cookie Preferences (also reachable from the footer) to accept, reject or selectively allow non-essential categories. Strictly necessary cookies cannot be disabled.
- From your browser: every major browser lets you block cookies, clear them, or get a prompt before they're set. Look for the "Privacy" or "Site Settings" section.
- Mobile devices: on iOS and Android you can reset the advertising identifier and limit ad tracking system-wide.
- Do Not Track: if your browser sends a Do Not Track signal, our analytics treat that session as opted out by default.
If you block strictly necessary cookies, parts of the dashboard — including sign-in, the shop checkout, and analytics — will stop working.
7. Web beacons & email tracking
When we send you a transactional email (welcome, password reset, billing receipt) we may include a tracking pixel to confirm delivery and read state. You can disable image loading in your email client to block these pixels — the emails still work without the images. Marketing emails always include an unsubscribe link.
8. Cookies are not the only tool
We may also use related technologies that don't strictly meet the cookie definition but behave similarly — localStorage and IndexedDB for offline editor state, browser fingerprint hashes for abuse prevention, and SDK identifiers on mobile apps. We treat these as cookies for the purposes of consent and disclosure.
9. Changes to this notice
We update this notice when we add or remove a technology, or when the law requires a clarification. The effective date at the top of the page reflects the latest version. For material changes we'll surface a banner inside the dashboard so account holders see the update.
10. Contact
If you have questions about cookies or want to exercise any of the rights described in our Privacy Policy, email support@alllinks.cc. Billing-specific cookie questions (from Paddle's checkout) can also be raised in your Paddle customer portal.