Privacy Policy

Last updated: June 29, 2026

Draft notice: this page is a starting-point template, not reviewed by a lawyer. Have counsel review and finalize before relying on it for a live, paying customer base — particularly for GDPR/CCPA applicability to your actual data flows and subprocessors.

1. What We Collect

Account data: name, email address, password (hashed), and billing information you provide directly. Usage data: the links, QR codes, campaigns, and landing pages you create. Click/visitor data: for every redirect, QR scan, or landing page view, we record the timestamp, IP address, approximate geographic location derived from it, device type, browser, operating system, and referrer — this happens for every link regardless of your plan, so your history is complete if you upgrade.

2. How We Use It

  • To operate and provide the Service, including redirecting visitors and generating analytics;
  • To process payments and manage your subscription;
  • To send you account, billing, and security-related communications;
  • To detect and prevent abuse, fraud, and violations of our Terms of Service;
  • To improve the Service.

3. Who We Share It With

We share data with service providers who help us operate the Service — for example, payment processors (Stripe, Paddle), email delivery providers, and infrastructure/hosting providers — strictly to the extent necessary for them to perform their function. We do not sell your personal data.

4. Data Retention

Analytics and audit log retention periods are tied to your plan (shown on our pricing page). Account data is retained while your account is active and deleted or anonymized within a reasonable period after you request account deletion, except where we're required to retain it (e.g., billing records, for tax/legal compliance).

5. Your Rights

Depending on your location, you may have the right to access, correct, export, or delete your personal data. You can update your account details and request account deletion from your account settings, or contact us for assistance with any of these requests.

6. Cookies

We use cookies and similar technologies necessary for authentication and session management. We do not use third-party advertising trackers on our own dashboard or marketing pages.

7. Security

We use industry-standard measures (including encryption in transit, hashed passwords, and access controls) to protect your data, but no system is completely secure. Report suspected vulnerabilities or security concerns via our contact page.

8. Children

The Service is not directed to children under 18, and we do not knowingly collect personal data from them.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We'll update the date at the top of this page when we do.

10. Contact

Questions about this policy or your data? Contact us.