Back to Home

Privacy Policy

Last updated: 10/23/2025

Introduction

Welcome to Clink ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Information We Collect

Personal Information

When you register for an account or use our service, we may collect:

  • Email address
  • Name (if provided through OAuth providers)
  • Profile picture (if provided through OAuth providers)
  • Authentication credentials (OAuth tokens)

OAuth Authentication

We use OAuth authentication services including Google and GitHub. When you authenticate using these services, we receive:

  • Your email address
  • Your public profile information
  • Access tokens (stored securely and never shared)

Usage Data

We automatically collect certain information when you use our service:

  • IP address
  • Browser type and version
  • Pages visited and time spent
  • Device information
  • Analytics data (via Amplitude and Sentry)

Project Data

When you create projects using our service, we store:

  • Project names and descriptions
  • Code and files you create
  • AI model preferences and settings
  • Images and assets you upload

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our service
  • Authenticate users and manage accounts
  • Process and complete transactions
  • Send administrative information and updates
  • Improve and optimize our service
  • Monitor and analyze usage patterns
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

Data Storage and Security

We implement appropriate technical and organizational security measures to protect your personal information:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure cloud storage with Google Cloud Storage
  • Regular security audits and monitoring
  • Access controls and authentication
  • Error tracking and monitoring via Sentry

However, no method of transmission over the Internet is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

Your AI Authentication Tokens

We store your AI provider authentication tokens with industry-standard encryption. Clink is a sandbox execution service that runs your AI agents on your behalf. Here's how we handle your authentication tokens:

Token Storage and Security

  • Encrypted storage: Your authentication tokens for OpenAI, Anthropic (Claude), and Google Gemini are encrypted using AES-256-GCM encryption before being stored in our database
  • Secure key management: Encryption keys are managed separately and securely, using environment-based secrets
  • No sharing or selling: We never share, sell, or use your tokens for any purpose other than executing your requested AI tasks
  • Limited access: Only our secure sandbox environment can decrypt and use your tokens, and only when you actively request AI operations

How We Use Your Tokens

Your tokens are used exclusively to run specific AI coding agents:

  • OpenAI Codex Agent: For ChatGPT-powered development tasks
  • Anthropic Claude Code Agent: For Claude-powered development tasks
  • Google Gemini Agent: For Gemini-powered development tasks

These agents run only when you explicitly request AI operations, and:

  • Your tokens are decrypted only during active sessions in our secure sandbox environment
  • We communicate directly with AI providers using your tokens on your behalf
  • We do not log the content of your tokens or use them for analytics
  • You are responsible for all costs incurred from your API usage with these providers
  • You can revoke or update your tokens at any time through our interface

What This Means

We act as a secure proxy service, storing your encrypted authentication tokens so that we can execute AI-powered development tasks on your behalf. While we do store these tokens, they are:

  • Always encrypted at rest using AES-256-GCM encryption
  • Only decrypted in secure, isolated execution environments
  • Used exclusively for running the specific AI coding agents listed above
  • Never shared with third parties
  • Removable by you at any time

Third-Party Services

We use the following third-party services:

  • Google OAuth: For authentication
  • GitHub OAuth: For authentication and repository integration
  • Stripe: For payment processing
  • Amplitude: For analytics
  • Sentry: For error tracking and monitoring
  • Resend: For email delivery
  • Google Cloud Storage (GCS): For file and image storage
  • Supabase: For database and authentication
  • Redis: For caching and session management

These services have their own privacy policies. We encourage you to review them.

AI Provider Data Sharing

When you use AI features in our service, your prompts and project data are sent to the AI provider you select (OpenAI, Anthropic Claude, or Google Gemini). Each provider has their own data handling policies. We do not control how these providers process your data. Please review their respective privacy policies before using AI features.

Third-Party Account Risks

You are responsible for ensuring your use of Clink complies with the terms of service of any connected AI providers (OpenAI, Anthropic, Google). We are not liable for any account suspensions, restrictions, or other actions taken by third-party providers as a result of your use of our service.

You use Clink to connect to third-party services at your own risk and are solely responsible for all associated costs and compliance with provider policies.

Your Rights (GDPR & Privacy)

If you are a resident of the European Economic Area (EEA) or UK, you have certain data protection rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Request transfer of your data
  • Object: Object to processing of your data
  • Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at hello@opactor.com

Cookies and Tracking

We use cookies and similar tracking technologies to track activity on our service and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes.

Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, please contact us: