Last updated: March 1, 2026
GoTo.io is a personal page platform that lets you share links, social profiles, and a bio from a single URL. If you have questions about this policy, contact us at privacy@goto.io.
When you create an account with email, we collect your email address, username, display name, and password (hashed using PBKDF2 — we never store or see your plain-text password). We also auto-detect your timezone from your browser and your country from a Cloudflare request header.
If you sign up with Google, we receive your Google account ID, profile name, and email address from Google.
We store the content you add to your page: links (including automatically fetched Open Graph metadata such as titles, descriptions, and images), bio text, profile photo, and page settings.
If you subscribe to a paid plan, we store your Stripe customer ID and subscription ID. Your card number and billing details are handled entirely by Stripe and never touch our servers.
We collect anonymous, server-side analytics on public profile pages, including page views and link clicks. For each event we record the referring URL, country (from Cloudflare headers), and device type. We do not use cookies or any client-side tracking scripts on public pages.
Visitors are counted using a one-way hash of their IP address and the current date. This hash cannot be reversed to recover the original IP address and resets daily.
Analytics data is retained based on your plan tier: 7 days on the free plan, 30 days on Pro, and 365 days on Business.
When someone submits an abuse report about a profile, we store the reporter's IP address for abuse prevention purposes. This IP is retained for the duration of the investigation and any resulting enforcement action.
If a page owner enables the email capture feature, visitors can voluntarily subscribe with their email address. These emails are stored and visible only to the page owner. Subscribers can unsubscribe at any time using the link in any email they receive. If a page owner deletes their account, all captured email addresses are permanently deleted along with it.
We share data with the following services only as needed to operate GoTo.io:
We do not sell your data to third parties. We do not use third-party tracking or advertising scripts.
We use a single session cookie (gotoio_session) to keep you logged in. It is HttpOnly, SameSite=Lax, Secure in production, and expires after 30 days. We do not use any third-party cookies.
Public profile pages set zero cookies. Analytics are entirely server-side.
Account data is retained as long as your account is active.
Analytics data is retained based on your plan tier (7 days free, 30 days Pro, 365 days Business) and automatically pruned after that period.
Account deletion is immediate and permanent. When you delete your account from Settings, all your data is cascade-deleted, including your page, links, analytics, email captures, and payment records.
You can access, update, or delete your personal data at any time through your dashboard. To request a full data export, email privacy@goto.io.
If you are in the EEA, you have the right to: access your data, rectify inaccuracies, request erasure, request data portability, restrict processing, and object to processing. Our legal bases for processing are: performance of our contract with you (providing the service) and legitimate interest (security, analytics, abuse prevention). Data may be transferred outside the EEA via Cloudflare's infrastructure. You may lodge a complaint with your local data protection authority.
If you are a California resident, you have the right to: know what personal information we collect, request deletion of your data, and opt out of the sale of your data. We do not sell personal information.
GoTo.io is not intended for children under 13. We do not knowingly collect personal information from children. If we discover that a child under 13 has created an account, we will delete it promptly.
We may update this policy from time to time. Significant changes will be communicated via email to registered users.
For privacy-related questions or requests, email privacy@goto.io.