Privacy Policy

1. Information We Collect

1.1. Account Information

When you create an account, we collect:

Email address
Password (hashed and salted; we never store plain-text passwords)
Login metadata (timestamps, IP address)
Information from Sign in with Google, including email address and basic profile info permitted by Google OAuth (e.g., name, profile image)

1.2. Shortlink & Analytics Data

For each click on a shortlink, we automatically collect:

IP address
User-agent (browser, OS, device type)
Referrer URL
Timestamp
Geolocation (country, region, city; derived from IP)
UTM parameters
Language preference
Screen resolution (if applicable)
Click session data (e.g., heatmap interactions)
Device or browser fingerprinting identifiers, if enabled

1.3. Cookies & Tracking Technologies

We use:

Essential cookies: authentication, session management
Analytics cookies: Google Analytics
Fingerprinting scripts (for abuse detection or analytics)

1.4. System Logs

For security and debugging, we collect:

Server logs (IP, user-agent, error traces)
Performance metrics
Error logs via OpenObserve

2. How We Use Your Information

We use collected data to:

Generate shortlinks and route users to destination URLs
Provide analytics dashboards
Prevent fraud, spam, and abuse
Improve performance and service stability
Identify technical issues and diagnose errors
Analyze usage patterns to enhance product features
Allow account creation, login, and authentication
Communicate important updates (security, product notices)

3. Legal Basis for Processing (If GDPR applies)

We process data based on:

Legitimate Interest: click analytics, security logs, service optimization
Contractual Necessity: account creation and authentication
Consent: analytics via Google Analytics, cookies, tracking scripts
Compliance: responding to legal requests

4. Data Storage & Security

4.1. Storage

We store data on servers that we self-host. Data sources include:

• Primary database (account data, link metadata)

• Analytics storage (OpenObserve)

• Google Analytics cloud storage (external)

4.2. Security Measures

We implement:

Encryption in transit (HTTPS)
Encrypted passwords (bcrypt/argon2)
IAM access control
Network firewalls
Rate limiting and abuse detection
Regular server updates and monitoring

5. Data Retention

We retain data according to the following rules:

Users may request deletion of all their data.

Data Type	Retention
Account information	Until account deletion
Shortlink analytics	Based on owner account plan: Free (7 days), Premium (180 days)
Server logs	180 days
Error logs	90 days
Cookies	Based on browser settings
OAuth tokens	Rotated regularly

6. Third-Party Services

We use the following external providers:

6.1. Google Analytics

For user behavior analytics and aggregated reporting. Google may collect device identifiers, browser metadata, and usage patterns.

6.2. Google OAuth

For 'Sign in with Google' authentication.

6.3. OpenObserve

For analytics ingestion and error monitoring. Self-hosted but still a separate storage engine.

6.4. Future Payment Providers

(Not currently active) May include:

• International providers (Stripe, PayPal, etc.)

• Local Vietnam gateways (VNPAY, MoMo, ZaloPay, etc.)

These services may process payment information (billing name, email, transaction ID). We do not store full credit card details.

8. User Rights

Depending on your location, you may request:

Access to your stored data
Correction or update of personal data
Export of your data (JSON/CSV)
Deletion of your account and related data
Opt-out of analytics tracking

9. Children's Privacy

Our Service is not intended for children under 13 (or a higher age required by your region). We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy. We will notify users via email or an in-app banner when changes are significant.

11. Contact Us

For questions or data requests, please contact us using the information below.