Companion App
Link ActivateMotion CommunityShopDocsMasonXCompanion App

Privacy Policy

Last updated: 2026-05-21

LinkActivate ("we," "us," or "our") is operated by MasonX / TimeToRaid. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how long we retain it, and what rights you have. Please read it carefully before using our services.

This policy applies to: the LinkActivate Windows desktop application, the LinkActivate website (linkactivate.com), and any future iOS or Android companion apps.

1. Data We Collect

We collect the following categories of personal data:

Account & Authentication Data

  • Phone number: collected when you register or log in via SMS one-time password (OTP). Your phone number is the primary account identifier and is stored as plaintext in our PostgreSQL database, with database-level access controls and encryption at rest. It is used to associate your license and devices, and is never displayed publicly in the community (only display names and avatars are public).
  • Steam ID: collected when you verify ownership of a Steam purchase via the Steam Web API. We store the Steam account ID (a public 64-bit identifier) to confirm your entitlement to the software.

Device & Technical Data

  • Device identifier (device_id): a hardware-derived identifier generated by the LinkActivate desktop application when it first runs on your PC. Used to enforce the one-active-PC-per-license model. We store the first-bind time, last-seen timestamp, software version, and channel (Standard/Beta/Legacy).
  • IP address: collected in server logs when you access our API or website. Retained for up to 30 days for security and abuse prevention.

Community & User-Generated Content

  • Community uploads: motion-sensing models (configuration files) you voluntarily upload to the community hub, including associated metadata (title, description, tags, thumbnail image). These are publicly visible to other users.
  • Comments: text comments you post on community content. Publicly visible.
  • Likes and bookmarks: records of which community models you have liked or bookmarked. Stored to render your personalized view of community content.
  • Creator profile: display name, avatar image, and social links you voluntarily provide on your creator profile page. Publicly visible.

Session & Cookie Data

  • SESSION_COOKIE: an HttpOnly cookie containing a signed JSON Web Token (JWT) issued upon successful phone OTP verification. Expires after 2 hours. Used to authenticate your requests to protected API endpoints. We do not use advertising cookies or third-party tracking pixels.

Camera & Motion Data

  • The LinkActivate desktop application processes your webcam video feed entirely on your local device. No video frames, motion data, or biometric data are transmitted to our servers. All AI inference runs locally.

2. How We Use Your Data

We use the data we collect to:

  • Authenticate you and verify your entitlement to use LinkActivate (phone OTP login, Steam purchase verification).
  • Enforce license terms: specifically, the one-active-PC-per-license limit. Your device_id lets us determine whether a new device activation is permitted.
  • Provide community features: store and display the models, comments, likes, and bookmarks you create. Without storing this data, community features cannot function.
  • Operate and improve the service: aggregate, non-personal usage statistics help us identify performance issues, prioritize feature development, and fix bugs. We do not build individual behavioral profiles for marketing purposes.
  • Ensure security and prevent abuse: IP addresses and request logs help us detect brute-force attacks, license abuse, and community spam.
  • Respond to legal requests: in the event of a valid legal demand (court order, subpoena, law enforcement request), we may disclose data as required by law.

We do not use your data to serve targeted advertising, sell it to third parties, or share it with data brokers.

3. Third-Party Sharing

We share limited data with the following third parties:

Steam (Valve Corporation) When you choose to verify a Steam purchase, we send your provided Steam authentication token to the Steam Web API (api.steampowered.com) to confirm ownership of App ID 1285430 (The Link). We receive back your Steam ID and ownership status. We do not share your phone number with Steam, nor does Steam receive any other personal data from us.

Apple and Microsoft (future) If and when iOS App Store or Microsoft Store purchase verification is implemented in a future phase, we will update this policy to describe the data exchange with those platforms. At the time this policy was last updated, these integrations are not yet active.

Infrastructure Providers Our backend runs on a dedicated server. We do not use third-party cloud analytics, CDN user tracking, or A/B testing platforms that collect personal data. Server logs are retained on our own infrastructure.

Legal Authorities As described in Section 2, we may disclose data in response to valid legal demands. We will notify you of such disclosures unless prohibited by law.

4. Data Retention and Deletion

We retain your data for as long as your account is active. Specifically:

  • Phone number and account record: retained indefinitely while your account exists, or until you request deletion.
  • Device records (device_id): retained for up to 24 months after the device's last-seen timestamp. Records of revoked (unbound) devices are retained for 12 months for audit purposes, then deleted.
  • Community content: models, comments, and profiles you upload remain publicly visible until you delete them or an admin removes them for policy violations.
  • Likes and bookmarks: retained as long as your account exists.
  • JWT session cookie: expires automatically after 2 hours; server-side session state is stateless (no session table).
  • Server logs (IP addresses): retained for up to 30 days.
  • Steam ID: retained as long as your license record exists.

How to request deletion: Email masonx@timetoraid.com with the subject line "Data Deletion Request" and include your registered phone number. We will process your request within 30 days and confirm by email when deletion is complete. Note that deleting your account removes your license entitlement, your community content, and all associated personal data from our systems.

5. Your Rights

Depending on your country of residence, you may have the following rights regarding your personal data:

All users:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate data.
  • Deletion: request that we delete your personal data (see Section 4 for process).
  • Portability: request a machine-readable export of your community content (models, comments, profile).

EU/EEA residents (GDPR): in addition to the above, you have the right to object to processing, restrict processing, and lodge a complaint with your national data protection authority.

China residents (PIPL): in accordance with China's Personal Information Protection Law, you have the right to access, copy, correct, delete, and transfer your personal information. You may withdraw consent at any time. To exercise these rights, contact us at the address in Section 6.

California residents (CCPA): you have the right to know what personal information we collect, to request deletion, and to opt out of sale. We do not sell personal information.

We will respond to all rights requests within 30 days of receipt. In some cases we may need to verify your identity before processing your request.

6. Contact

For privacy inquiries, rights requests, or data deletion requests:

Email: masonx@timetoraid.com Subject line: "Privacy Request — [Your Topic]"

We aim to respond within 5 business days. For formal rights requests (GDPR/PIPL), we will respond within 30 days as required by law.

Effective date: 2026-05-21. MasonX / TimeToRaid reserves the right to update this policy. Continued use of LinkActivate after a policy update constitutes acceptance of the revised terms.

Privacy Policy