Get Add-in

Privacy Policy

Effective Date: April 16, 2026

Introduction

Welcome to RefLink ("we," "our," or "us"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our Microsoft Word Add-in designed for managing reference links between Word documents, PDFs, and web pages.

We treat any data that relates to an identified or identifiable individual as "personal data." This includes data that directly identifies you (such as your email address) and data that does not directly identify you, but can reasonably be used to identify you.

Our core philosophy is simple: Your data belongs to you. We have designed our Add-in to operate primarily locally on your device to minimize data collection.

Information We Collect and How We Use It

We only process the absolute minimum data necessary to provide our services, authenticate your identity, and manage your subscription.

You are not required to provide the personal data that we have requested. However, if you choose not to do so, we may not be able to provide you with our Add-in services, manage your subscription, or respond to your support requests.

Legal Basis & Essential Communications: We process your minimal personal data to fulfill our contract with you, to comply with legal obligations, and for our legitimate interests (such as security and fraud prevention). We may use your email address to send important notices, such as communications about purchases, subscriptions, and changes to our terms and policies. Because this information is essential to your interaction with RefLink, you may not opt out of receiving these critical notices.

  • User-Generated Content (Local Storage Only): All reference links, document annotations, and data generated by your use of the Add-in are stored strictly locally on your computer. We do not access, collect, transmit, or store your documents or the reference links you create. Furthermore, your documents and reference links are never used to train any artificial intelligence (AI) models.
  • Authentication Data (Microsoft SSO): We use Microsoft Single Sign-On (SSO) to authenticate your access. Our Add-in processes authentication tokens to verify your identity. We may temporarily process basic profile information (such as your email address and Microsoft account ID) solely to validate your active session and subscription status. Please note that your use of Microsoft SSO is also governed by Microsoft's Privacy Statement.
  • Subscription and Payment Information: Subscriptions are handled by secure, third-party payment processors (Microsoft AppSource SaaS or Lemon Squeezy). We do not collect or store your credit card or financial information. We only receive your email address and subscription status (e.g., active, expired) from these processors to grant you access to the Add-in's premium features.
  • Customer Support and Bug Reports: If you encounter an issue, you may choose to generate a debugging log within the Add-in. This log is saved locally to your device. If you voluntarily email us this log for support purposes, we will collect your email address and the contents of the log. Please ensure you review the log and remove any sensitive personal information before sending it to us. We use this data strictly for troubleshooting and improving our software, and we assume no liability for any unsolicited sensitive data included in such communications.

Data Sharing and Third-Party Services

We do not sell, rent, or trade your personal information (including as "sale" or "share" is defined under California and Nevada privacy laws). We only share necessary data with the following essential third-party service providers:

  • Microsoft: For authentication (SSO) and, if applicable, subscription management via AppSource.
  • Lemon Squeezy: For payment processing and subscription management (if you choose this payment route).
  • Supabase: For secure database hosting to manage your minimal account information (such as your email address and active session/subscription status).

These providers have their own privacy policies governing how they handle your data.

International Data Transfers: Because our trusted third-party providers (like Microsoft and Lemon Squeezy) operate globally, the minimal personal data we process (such as your email address and subscription status) may be transferred to, and processed in, countries other than the country in which you are resident (such as the United States). These countries may have data protection laws that are different from the laws of your country.

Legal and Safety Disclosures: We may also disclose information about you if we determine that disclosure is reasonably necessary to comply with a lawful governmental request, to enforce our terms and conditions, to protect our operations or users, or to prevent fraud.

Children's Privacy

Our Add-in is not directed to, nor intended for, children under the age of 13 (or the equivalent minimum age in your jurisdiction). We rely on the age restriction features provided by Microsoft AppSource to prevent use by minors. We do not knowingly collect personal data from children.

Data Retention and Security

We employ industry-standard security measures to protect your minimal data. This includes utilizing encrypted, backend-only databases with restricted access to store subscription statuses, and relying on trusted, compliant third-party infrastructure for authentication and payment processing.

  • Since your document data remains on your local machine, you are solely responsible for its security and backup.
  • Any support emails or debugging logs you send to us are retained only as long as necessary to resolve your issue, after which they are securely deleted.
  • Subscription status records are retained for as long as your account is active and for a legally required period thereafter for tax and accounting purposes.

Your Rights

Depending on your location (e.g., GDPR for European users, CCPA for California users), you have rights regarding your personal data, including the right to access, correct, or request the deletion of the minimal data we hold (such as your support emails or subscription record). You can exercise these rights by contacting us.

If you choose to exercise these privacy rights, you have the right not to be treated in a discriminatory way nor to receive a lesser degree of service from us. Please note that there may be situations where we cannot grant your request — for example, if we are legally obligated to keep a record of a transaction to comply with the law, or if doing so would undermine our legitimate use of data for anti-fraud and security purposes.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by updating the "Effective Date" at the top of this policy and, where appropriate, through an in-app notification.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us. We take your privacy questions seriously and will endeavor to respond to your substantive inquiries within a reasonable timeframe.

If you are not satisfied with our response, you may also have the right to refer your complaint to the applicable data protection regulator or supervisory authority in your jurisdiction.