Privacy Policy

This Privacy Policy explains how RoutLnk ("we", "us", or "our") collects, uses, discloses, and protects your information when you use our link shortening, QR code, and analytics services (the "Service"). It applies to all users globally and is designed to comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, and the California Consumer Privacy Act (CCPA), where applicable.

By using the Service, you agree to the collection and use of information in accordance with this policy. Our Terms of Service govern your use of the Service and incorporate this Privacy Policy by reference.

1. Data Controller

RoutLnk is the data controller for the personal data we collect in connection with your account and your use of the Service. For questions about this policy or our data practices, contact us at [email protected] or [email protected].

2. Information We Collect

We collect the following categories of information:

• Account Information: Email address, password (stored in hashed form), and optional profile details such as your name. If you sign in via a third-party provider (e.g. Google), we receive the identifier and profile information that provider shares with us.
• Content and Usage Data: URLs you shorten, custom slugs, QR codes you generate, and how you interact with the Service (e.g. links created, dashboard usage).
• Click and Analytics Data: When someone clicks a shortened link, we may collect IP address, approximate location (country/region), device type, browser, referrer URL, and timestamp. This data is used to provide analytics to the link owner and to improve the Service.
• Technical and Log Data: Log files, error reports, and similar technical information (e.g. IP, user agent) used to operate, secure, and improve the Service.
• Communications: If you contact us, we keep records of your communications and any information you provide (e.g. email, support tickets).

We do not knowingly collect sensitive personal data (e.g. health, race, religion) unless you voluntarily provide it (e.g. in support messages). We ask that you do not submit such data through the Service.

2.7 Destination Preview Pages. When end users click your shortened links, they may see a destination preview page before being redirected. We may display advertising on these pages. Click data from preview pages is collected as described above. Users on certain paid plans may be able to disable preview pages and advertising for their links.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, maintain, and improve the Service.
• Create and manage your account and authenticate you.
• Generate analytics and reports about your links and QR codes.
• Prevent abuse, fraud, and security incidents and to enforce our Terms of Service.
• Communicate with you about your account, security alerts, and important service updates.
• Comply with legal obligations and respond to lawful requests from authorities.
• Develop new features and analyze usage patterns in aggregate form.

3.8 Aggregated and De-identified Data. We may create aggregated, de-identified, or anonymized data from the information we collect (e.g. industry benchmarks, click trends). This data cannot reasonably identify you. We may use, share, or sell such data for any lawful purpose, including research, marketing, and analytics, without restriction.

4. Legal Bases for Processing (EEA/UK)

If you are in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases:

• Contract: Processing necessary to perform our contract with you (e.g. account management, providing the Service and analytics).
• Legitimate Interests: Where necessary for our legitimate interests (e.g. security, fraud prevention, improving the Service), provided your interests do not override ours.
• Consent: Where we rely on consent (e.g. optional cookies, marketing), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Legal Obligation: Where processing is required to comply with applicable law.

5. Cookies and Similar Technologies

We use cookies and similar technologies (e.g. local storage) to operate the Service, keep you signed in, remember your preferences, and understand how the Service is used.

Strictly necessary: Required for the website to function (e.g. authentication). These cannot be disabled.

Functional and analytics: Used for analytics and improved experience. You can manage these via the cookie settings on our website.

You can change your cookie preferences at any time through the cookie settings available on our site. For more detail, see our cookie banner and settings panel.

5.2 Advertising and Third-Party Tracking. We may display advertisements on certain parts of the Service or on destination preview pages. These ads may be served by third-party advertising partners who use cookies and similar technologies to: deliver relevant ads based on your interests, measure ad performance, and build profiles across websites. Third-party advertising partners may include Google Ads, Meta (Facebook), and other programmatic advertising networks.

You can opt out of interest-based advertising via:

• NAI Opt-Out: https://optout.networkadvertising.org/
• DAA Opt-Out: https://optout.aboutads.info/
• Google Ads Settings: https://adssettings.google.com/

Note: Opting out does not mean you will see no ads; ads may simply be less relevant to you.

5.3 Do Not Track. Some browsers transmit a "Do Not Track" (DNT) signal. We do not currently respond to DNT signals, as there is no industry-wide standard for how to interpret them. We will update this policy if we adopt a DNT recognition standard in the future.

5.4 Social Media and Third-Party Plugins. Our Service may include social media features (e.g. share buttons, embedded content from YouTube, Twitter/X, etc.). These features may collect your IP address, the page you are visiting, and set cookies. Your interactions with these features are governed by the privacy policies of the companies providing them: Facebook, Twitter/X, LinkedIn.

6. How We Share Information

We may share your information in the following circumstances:

• Service Providers: We use third-party vendors to host our systems, send emails, process payments, and provide analytics. They process data on our behalf under contracts that require them to protect your data and use it only as we instruct. We will give notice of material changes where required by law.
• Legal Requirements: When required by law, court order, or governmental authority, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In connection with a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction, subject to the same privacy commitments.

We do not sell your personal information in the traditional sense. We do not share your personal information with third parties for their own marketing purposes without your consent.

7. International Transfers

Your information may be processed and stored in countries outside your country of residence, including the United States and other jurisdictions where our service providers operate. Laws in those countries may differ from the laws of your residence.

When we transfer personal data from the EEA or UK to countries that have not been deemed to provide adequate protection, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission or UK authorities, or other mechanisms permitted by applicable law.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you the Service, and thereafter as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

Click and analytics data may be retained in aggregated or anonymized form for longer periods. When you delete your account, we will delete or anonymize your personal data in accordance with our internal retention schedule and applicable law, except where we must retain it for legal or legitimate business purposes.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data, subject to legal and contractual exceptions.
• Restriction: Request that we limit processing in certain circumstances.
• Data portability: Request a copy of your data in a structured, machine-readable format where applicable.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: Where processing is based on consent, withdraw it at any time.
• Complaint: Lodge a complaint with a supervisory authority in your country (e.g. in the EU, your local data protection authority).

How to exercise your rights: Email us at [email protected] or [email protected] with your full name, account email, a description of your request, and proof of identity if we require it.

We will respond within: 30 days under GDPR/UK law; 45 days under CCPA (extendable to 90 days with notice). You may authorize an agent to make requests on your behalf under CCPA; the agent must provide proof of authorization.

If you are not satisfied with our response, you have the right to lodge a complaint with: EU/EEA — your local Data Protection Authority; UK — Information Commissioner's Office (ICO); California — California Attorney General.

10. California (CCPA/CPRA) Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA.

10.1 Categories of Personal Information Collected (Last 12 Months)

10.2 Sale or Sharing of Personal Information. We do not sell your personal information for monetary consideration. We may share certain data (e.g. clicks, device information) with analytics and advertising partners in ways that could qualify as "sharing" under the CCPA. You can opt out of such sharing by using the opt-out links in Section 5.2, contacting us at [email protected], or via our cookie settings.

• Right to know: Request disclosure of categories and specific pieces of personal information we have collected, including sources and business purposes.
• Right to delete: Request deletion of your personal information, subject to certain exceptions.
• Right to correct: Request correction of inaccurate personal information.
• Right to opt out of sale or sharing: See 10.2 above; use opt-out links or contact us.
• Right to limit use of sensitive personal information: We do not use or disclose sensitive personal information beyond what is permitted under the CCPA.
• Non-discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a CCPA request, contact us at the email addresses in Section 14. We may need to verify your identity. You may designate an authorized agent to make a request on your behalf in accordance with applicable law; the agent must provide proof of authorization.

11. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit, access controls, and secure development practices. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law (e.g. GDPR).

12. Children's Privacy

The Service is not directed to individuals under the age of 13 (or 16 in the EEA/UK where applicable). We do not knowingly collect personal data from children under these ages. If you believe we have collected personal data from a child, please contact us and we will take steps to delete such information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where required by law, notify you by email or through the Service. We encourage you to review this page periodically. Your continued use of the Service after changes become effective constitutes your acceptance of the updated policy, except where further consent or other steps are required by law.

14. Contact Us

For questions about this Privacy Policy, your personal data, or to exercise your rights, contact us at:

Email: [email protected]
Legal / privacy: [email protected]

For business customers who need a Data Processing Agreement (DPA), please contact [email protected].

15. Business Customers and Data Processing

If you are a business using the Service to process personal data of your end users (e.g. tracking your customers' or visitors' clicks), you act as a data controller and are responsible for: providing privacy notices to your end users, obtaining necessary consents, and complying with GDPR, CCPA, and other applicable laws.

We act as a data processor for such end user data. Enterprise customers may request a Data Processing Agreement (DPA) with Standard Contractual Clauses by contacting [email protected]. Our DPA includes Standard Contractual Clauses (EU Commission approved), the UK International Data Transfer Addendum where applicable, subprocessor notification rights, and data breach notification procedures.

16. Automated Decision-Making

We do not use your personal data for automated decision-making (including profiling) that produces legal or similarly significant effects, except as necessary to prevent fraud or abuse of the Service.