LRO Privacy Policy

Effective date: 2026-04-23 · Last updated: 2026-04-23

1. General

1.1. This Privacy Policy (the «Policy») describes how personal data of Users of the LRO (Link for Remote Operations) service (the «Service»), available at https://lro.link and https://app.lro.link, is collected, used, stored, and shared by Sole Proprietor LINKRO (the «Operator», «we»).

1.2. The Policy forms an integral part of the Terms of Service and applies together with them. Terms that are not defined here have the meanings given in the Terms of Service.

1.3. By using the Service, the User confirms that they have read this Policy and agree to the conditions for processing their personal data set out in it.

1.4. If the User is located in the EEA, the United Kingdom, or Switzerland, the Operator processes personal data in accordance with the General Data Protection Regulation (GDPR).

2. Principles of processing

The Operator processes personal data in accordance with the following principles:

Lawfulness, fairness and transparency — processing is carried out on lawful grounds and in a way that is understandable to the User.
Purpose limitation — data is collected only for the purposes set out in the Policy and is not used in ways incompatible with them.
Data minimisation — we only ask for data that is necessary to provide the Service.
Accuracy — the User has the right to correct their data at any time.
Storage limitation — data is kept no longer than is required for the processing purposes.
Integrity and confidentiality — technical and organisational measures are applied to protect data against unauthorised access.

3. What data we collect

3.1. Account data

email address;
password hash (the password itself is never stored in plain text);
display name (optional);
interface language;
organisation membership and role within it;
email verification status, global administrator flag.

3.2. Agent and connection data

Agent name (set by the User);
Agent identifier and public key (cryptographic);
IP addresses from which the Agent connected;
Agent connect and disconnect times;
traffic volume per Agent (in bytes);
tunnel configuration: names, endpoint identifiers, allowed IP addresses.

3.3. Tunnel metadata

tunnel open and close times;
identifiers of the tunnel's two ends;
traffic volume that passed through the tunnel.

The content of data transmitted through tunnels is not stored and is not accessible to the Operator — traffic is end-to-end encrypted between Agents.

3.4. Payment data

transaction history: type, amount in coin/USD, date, link to subscription/package;
payment identifiers in the Paddle system.

The Operator does not store payment card details — they are processed by Paddle (see section 6).

3.5. Technical data

IP address and user-agent at web panel sign-in;
log data from the web server and server-side components for diagnostics and security purposes.

3.6. Browser local storage

The web panel and the landing page use the browser's localStorage to:

store the JWT session token;
remember the chosen interface language.

No tracking cookies or third-party analytics scripts are used.

4. Purposes of processing and legal bases

Purpose	Data	Legal basis (GDPR art. 6)
Registration, authentication, and account management	3.1	Performance of contract (b)
Provision of Service features (tunnels, agents)	3.2, 3.3	Performance of contract (b)
Billing, traffic accounting, invoicing	3.2, 3.4	Performance of contract (b)
Sending transactional emails (email verification, password reset, subscription notifications)	3.1	Performance of contract (b)
Protection of the Service and prevention of abuse	3.2, 3.3, 3.5	Legitimate interest (f)
Compliance with statutory requirements (tax, accounting)	3.4	Legal obligation (c)
Handling disputes and claims	all	Legitimate interest (f)

Marketing communications based on User consent are currently not sent. If they are introduced, the Operator will request a separate consent that can be withdrawn at any time.

5. Retention periods

Category	Period
Account data	Until the User deletes the account, plus 90 days of technical retention for dispute resolution
Agent and connection metadata	Up to 12 months after the Agent is disconnected
Tunnel metadata (open/close/volumes)	Up to 12 months
Payment history	In accordance with tax-law requirements of the applicable jurisdiction (typically 5 years)
Web server and server-side component logs	Up to 30 days
Tunnel content	Not stored

After the period expires, data is deleted or anonymised. Backups are retained for up to 90 days and then destroyed under the standard rotation schedule.

6. Sharing data with third parties

The Operator engages the following sub-processors:

Processor	Role	Jurisdiction	Data transferred
Paddle.com Market Ltd	Payment processing, Merchant of Record	United Kingdom / EU	email, name, country, card details (directly to Paddle), transaction amount
Cloud infrastructure provider	Hosting of the Service's server-side components	EU	all data processed by the Service
Transactional email provider	Delivery of system and service emails	USA	recipient email, email content

A current list of sub-processors with their legal names is provided on request at info@lro.link.

The Operator does not sell or transfer personal data to third parties for purposes unrelated to providing the Service, except in the following cases:

receipt of a binding request from competent state authorities;
protection of the Operator's rights and interests in court;
existence of the User's written consent.

7. International data transfers

7.1. The Service's primary infrastructure is located in the EU.

7.2. When transferring data to sub-processors outside the EEA (for example, to the transactional email provider in the USA), the Operator relies on Standard Contractual Clauses (SCC) approved by the European Commission and on additional safeguards where applicable.

8. Data subject rights

The User has the following rights regarding their personal data:

Access — obtain a copy of the data processed about them.
Rectification — correct inaccurate or incomplete data through the web panel or by request to support.
Erasure («right to be forgotten») — delete the account and associated data, subject to mandatory retention periods (section 5).
Restriction of processing — pause processing in case of a dispute about accuracy or lawfulness.
Portability — receive their data in a machine-readable format (JSON).
Objection — object to processing based on legitimate interest.
Withdrawal of consent — withdraw previously given consent at any time (where processing is based on consent).
Lodging a complaint — file a complaint with the data-protection supervisory authority in their country.

Requests are accepted at info@lro.link. A response is provided within 30 days of receipt of the request; for complex requests the period may be extended to 60 days with notice to the User.

9. Security

The Operator applies technical and organisational measures to protect personal data, including:

HTTPS (TLS) on all public endpoints;
password hashing using bcrypt;
cryptographic authentication of Agents (Noise XK);
end-to-end encryption of tunnel traffic between Agents;
role-based access control within organisations;
a limited set of staff with access to server-side infrastructure;
regular backups;
audit logging of actions related to permission changes and billing.

Notwithstanding these measures, no transmission of data over the internet is completely secure. In the event of a data breach likely to result in significant risk to Users, the Operator will notify affected Users and, where applicable, the supervisory authority within 72 hours of becoming aware of it.

10. Children

10.1. The Service is not intended for use by persons under the age of 16.

10.2. The Operator does not knowingly collect personal data of children under 16. If we become aware that such data has been collected, it will be deleted.

11. Changes to the Policy

11.1. The Operator may amend the Policy. The current version is published at https://lro.link/privacy/en with the date of update.

11.2. Material changes (affecting categories of processed data, purposes, retention periods, or the list of sub-processors) take effect no earlier than 14 days after publication. The User is notified by email.

11.3. Continued use of the Service after changes take effect constitutes the User's acceptance of the new version.

12. Contacts

Questions about personal data processing, requests to exercise data subject rights, and incident reports:

Operator: Sole Proprietor LINKRO
Registered address: 050000, Republic of Kazakhstan, Almaty, Baiseitova str. 11/13 — 4
Tax ID (IIN): 780508302277
Email: info@lro.link