Privacy Policy

What we store

When you shorten a URL, we store exactly one thing: the destination URL you provided. We assign it a random short code. That's it.

• ✓ Destination URL
• ✓ Creation timestamp
• ✓ Anonymous click counter (a number, no details)
• ✓ Your IP address, held in server memory for up to 60 seconds for rate limiting only (max 10 requests per minute), never written to disk or database
• ✓ IP address and browser info captured in Vercel's infrastructure logs, retained per Vercel's policy
• ✗ Any cookies
• ✗ Any session data
• ✗ Analytics or tracking data

Redirects

When someone visits a short link, they are immediately redirected via a server-side HTTP redirect. We do not set cookies, load third-party scripts, or display an intermediate consent page because we collect no personal data during the redirect.

GDPR basis

Our legal basis for processing destination URLs is legitimate interest (Art. 6(1)(f) GDPR). We do not process any personal data as defined under GDPR.

Data location

The database is stored in MongoDB Atlas on AWS eu-west-1 (Ireland), within the EU. Application infrastructure runs on Vercel's global edge network, meaning requests may be processed on nodes outside the EU before reaching our database.

Sub-processors

We rely on two infrastructure providers that act as data processors under GDPR:

• Vercel (hosting and edge network) Privacy Policy
• MongoDB Atlas (database) Privacy Policy

No third-party sharing

Beyond the sub-processors listed above, we do not share any data with third parties, run analytics, or use advertising services of any kind.