Short.ovh Privacy and Cookie Policy

This Privacy and Cookie Policy explains how Short.ovh ("we", "us", or "our") collects, uses, discloses, and protects information about you when you use our URL shortening Service. We are committed to protecting your privacy and complying with applicable data protection laws worldwide, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), among others. This Policy applies to all users of our Service, regardless of location, and is designed to provide transparency and inform you of your rights.

By using Short.ovh, you acknowledge that you have read and understood this Privacy Policy and our Terms of Service. If you do not agree with our practices, please refrain from using the Service.

Data Controller: For the purposes of data protection law, the data controller of your personal information is the operator of Short.ovh. If you have any questions about this Policy or our data practices, please contact us using the information provided in the "Contact Us" section at the end of this Policy.

We collect several types of information from and about users of our Service, including personal data (information that can be used to identify you) and non-personal data. This includes:

Information You Provide Directly

When you use Short.ovh, you or your Authentication Provider (such as Google or GitHub, via OAuth) may provide certain information to us. For example, if you create an account, we collect your email address and basic profile details provided by your Authentication Provider. If you contact us for support or feedback, we will collect any information you choose to provide in that correspondence. If you use paid features, payment processing is securely managed by Stripe, and we may store limited transaction information (but we do not store your full payment details).

Information Collected Automatically

Like most online services, we (or our service providers) automatically collect certain information about your device and usage of our Service. This may include your IP address, browser type, device type, operating system, referring/exiting URLs, date and time of access, and other technical or geolocation information. We also log information about your activity on our site, such as the links you create or click, pages viewed, and other interactions with our website.

Cookies and Similar Technologies

We use cookies and similar tracking technologies to operate and improve our Service, as described in the Cookies and Tracking Technologies section of this Policy. Cookies allow us to remember your preferences, keep you logged in, and gather usage analytics. Some cookies may collect personal data (like an IP address or unique identifier) and usage information. We handle all such data in accordance with this Policy and applicable law.

Error and Crash Data

We use an error monitoring service to automatically collect information about technical errors or crashes that occur when you use our Service. This helps us debug and improve our Service's stability. The data collected may include device, browser details, user details and the state of the application at the time of the error.

Categories of Personal Information Collected (Last 12 Months)

To comply with laws like the CCPA, below is an overview of the categories of personal information we have collected from users in the past 12 months:

• Identifiers (email address, IP address, OAuth provider ID)
• Authentication details (connected providers, two-factor details, session details)
• Internet or Network Activity (logs, URLs, usage details)
• Approximate Geolocation Data (region/country from IP)
• Browser and device information (user agent, device type, operating system)
• Purchase details (transaction details for paid features)
• Communication Data (support inquiries)

We use the information we collect for a variety of purposes in operating our Service and running our business. The specific purposes include:

To Provide and Maintain the Service

We use information to allow you to create and share shortened URLs and to ensure those links work correctly and their analytics are available. For example, we store the original URL so that we can redirect users who click your shortened link to the correct destination. If you have an account, we use your email to authenticate you and allow you to access your dashboard.

To Analyze and Improve the Service

We collect usage data and analytics to understand how our Service is used and to make improvements. This includes monitoring site performance, identifying trends, debugging issues, and determining what new features may be beneficial.

To Monitor and Fix Errors

We use data to maintain the security of our Service, to prevent abuse, and to troubleshoot and debug issues. For example, IP addresses may be used to detect and mitigate suspicious activities.

Legal Bases for Processing

We only process your personal data when we have a valid legal basis to do so:

• Performance of a Contract - to provide the Service you requested
• Legitimate Interests - for analytics, security, and improvements
• Your Consent - for certain optional activities
• Legal Obligation - to comply with laws

What Are Cookies

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to the site owners or others.

Types of Cookies We Use

• Essential Cookies: For core functionality
• Performance Cookies: For analytics and monitoring
• Targeting Cookies: For personalized ads

Your Cookie Choices

You can manage cookies through your browser settings. While some cookies are required for core functionality and cannot be disabled, you can choose to limit non-essential cookies.

We share information in limited situations, with appropriate safeguards:

• Service Providers: Trusted companies that help operate our service
• Legal Compliance: When required by law or legal process
• Business Transfers: In case of merger, acquisition, or sale
• Protection of Rights: To protect our rights or others' safety
• Advertising Partners: To deliver personalized ads

We do not sell your personal information to third parties for monetary consideration.

We retain personal data only as long as necessary to fulfill the purposes for which it was collected:

• Account Information: Retained until account is deleted
• Shortened URLs: Maintained until explicitly removed or expired
• Link analytics: Maintained until corresponding link is removed or until 365 days pass since the click occurs
• Logs: Typically retained for 30 days
• Support Communications: Retained for up to 1 year

GDPR Rights

• Right to Access your data
• Right to Rectification of incorrect data
• Right to Erasure ("right to be forgotten")
• Right to Restrict Processing
• Right to Data Portability
• Right to Object to processing
• Right to Withdraw Consent

California Rights (CCPA/CPRA)

• Right to Know what personal information is collected
• Right to Delete your personal information
• Right to Correct inaccurate personal information
• Right to Opt-out of Sale/Sharing
• Right to Non-Discrimination

Short.ovh is not intended for use by children under the age of 13, and we do not knowingly collect personal information from children under 13. For users in the European Union, the age threshold is 16 years unless a member state sets a lower age (but no lower than 13).

If we learn that we have collected personal information from a child under these ages, we will take steps to delete such information promptly.

We implement appropriate security measures including:

• Encryption (HTTPS/TLS)
• Access Controls
• Security Testing
• Backup and Recovery
• Incident Response procedures

Short.ovh is operated from within the European Union. When we transfer data outside the EU, we implement appropriate safeguards:

• Standard Contractual Clauses
• Adequacy Decisions
• Other appropriate measures

We may update this Policy from time to time. We recommend checking this page periodically to stay informed about any changes (last update time is shown at the top of this page). Continued use of Short.ovh after changes constitutes acceptance of the updated policy. The use of Short.ovh is also governed by our Terms of Service, including limitations on our liability regarding your use of our platform.

If you have any questions about this Privacy and Cookie Policy or our data practices, please contact us at: [email protected]