Privacy Policy

Last updated: January 1, 2025

1. Information We Collect

When you use Universal ShortLink, we may collect the following types of information:

  • Account information: name, email address, and password (hashed) when you register.
  • Link data: URLs you shorten, custom aliases, passwords, and expiry dates you set.
  • Analytics data: click counts, approximate geographic location (country/city level), device type, browser, OS, and referrer URL for each click on your links.
  • Usage data: pages visited, actions taken, and general usage patterns to improve our service.
  • Technical data: IP address (stored as a one-way hash for rate limiting and fraud prevention only), browser type, and timestamps.

2. How We Use Your Information

  • To operate and provide the URL shortening service.
  • To provide you with click analytics on your own links.
  • To enforce our rate limits and prevent abuse.
  • To send transactional emails (e.g., email verification, password reset).
  • To improve our service and fix bugs.
  • To comply with legal obligations and enforce our Terms of Service.

We do not sell your personal data. We do not share your information with third parties for marketing purposes.

3. Cookies & Local Storage

We use session cookies to keep you logged in and a CSRF cookie for security. We also use your browser's localStorage to save your recent links and theme preference — no tracking cookies are used.

4. Data Retention

We retain your account data for as long as your account is active. You may delete your account and all associated data at any time from your dashboard settings. Click analytics data is retained for up to 2 years.

5. Analytics Data from Your Links

When someone clicks your short link, we record:

  • Country and city (approximate, from IP geolocation — IP is not stored)
  • Device type, browser, and operating system (from User-Agent string)
  • Referrer URL (the page they came from)
  • Timestamp of the click

Raw IP addresses are hashed with a one-way function immediately and are never stored in identifiable form.

6. Third-Party Services

We use the following third parties:

  • QR Server API — for QR code generation (no personal data shared).
  • Google AdSense — may serve advertisements; subject to Google's Privacy Policy.
  • IP Geolocation — a local database or IP-API for approximate location lookup.

7. Your Rights

You have the right to: access your data, correct inaccurate data, delete your account and data, export your link data (CSV from dashboard), and opt out of non-essential communications. Contact us at privacy@shortu.site for any privacy requests.

8. Security

We use industry-standard security measures including HTTPS, bcrypt password hashing, CSRF protection, SQL injection prevention, rate limiting, and secure session management. However, no method of transmission over the Internet is 100% secure.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes by email. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions, contact us at: privacy@shortu.site or use our contact form.