ShortX
Login

Privacy Policy

Last updated: January 1, 2024

Privacy PolicyTerms of Service

Introduction

At ShortX, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our URL intelligence platform at shortx.app and shx.it (collectively, the "Service").

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

Information We Collect

Personal Information

We collect information that you voluntarily provide to us when you register for an account, use the Service, or contact us for support:

  • Account Information: Email address, full name, and password (encrypted)
  • Profile Information: Optional information you choose to add to your profile
  • Payment Information: Billing details processed securely through third-party payment processors (we do not store complete credit card numbers)
  • Communications: Messages you send to our support team

Automatically Collected Information

When you access the Service or visit links created through ShortX, we automatically collect certain information:

  • Click Analytics: Device type, browser type, operating system, referrer URL, country/region (derived from hashed IP), timestamp
  • IP Addresses: We hash IP addresses with a daily rotating salt and do not store raw IP addresses in our database
  • Cookies and Tracking: Session cookies, authentication tokens, and analytics cookies
  • Usage Data: Pages visited, features used, time spent on the platform

Link Data

  • URLs: Original destination URLs and short link slugs you create
  • Redirect Rules: Smart redirect configurations (device, country, time-based rules)
  • QR Codes: Generated QR code images and customization settings
  • Metadata: Link titles, tags, expiration dates, and status

How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: Create and manage short links, process redirects, generate QR codes
  • Analytics and Insights: Provide you with click analytics, traffic reports, and performance metrics
  • Account Management: Authenticate users, manage subscriptions, and process payments
  • Communication: Send important updates, security alerts, and support responses
  • Service Improvement: Analyze usage patterns to improve features and user experience
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Compliance: Meet legal obligations and enforce our Terms of Service

Data Retention

We retain your information for different periods depending on your subscription tier:

  • Free Tier: Click events are retained for 7 days, aggregated statistics for 30 days
  • Pro Tier: Click events retained for 30 days, aggregated statistics for 90 days
  • Business Tier: Click events retained for 90 days, aggregated statistics indefinitely

Account information, links, and workspace data are retained as long as your account is active. After account deletion, we permanently remove all personal data within 30 days, except where required by law.

Third-Party Services

We use the following trusted third-party services to operate our platform:

  • Supabase: Database hosting, authentication, and file storage (PostgreSQL, Auth, Storage)
  • Upstash: Redis caching and rate limiting
  • Vercel: Application hosting and edge computing
  • Cloudflare: DNS management and DDoS protection
  • Sentry: Error tracking and performance monitoring
  • PostHog: Product analytics and user behavior (anonymized)
  • Resend: Transactional email delivery

These services have access only to the information necessary to perform their functions and are obligated to maintain the confidentiality and security of your information.

Data Security

We implement industry-standard security measures to protect your information:

  • TLS/SSL encryption for all data in transit
  • Encryption at rest for sensitive database fields
  • Row-level security (RLS) policies on database tables
  • Password hashing using bcrypt
  • IP address hashing with daily rotating salts
  • Regular security audits and penetration testing
  • Automated vulnerability scanning
  • Strict access controls and authentication

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Cookie Policy

We use cookies and similar tracking technologies for:

  • Essential Cookies: Required for authentication and core functionality (cannot be disabled)
  • Analytics Cookies: Measure usage and improve the Service (can be opted out)
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using certain features of the Service.

Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal data (right to be forgotten)
  • Data Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to certain processing of your personal information
  • Restriction: Request restriction of processing under certain circumstances
  • Withdraw Consent: Withdraw consent for processing where we rely on consent

To exercise any of these rights, please contact us at support@shortx.app. We will respond to your request within 30 days.

GDPR Compliance

If you are in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on contract performance, legitimate interests, and consent
  • Data Protection Officer: Contact our DPO at support@shortx.app
  • International Transfers: We use standard contractual clauses for data transfers outside the EEA
  • Data Breach Notification: We will notify you and relevant authorities within 72 hours of discovering a breach

CCPA Compliance (California Privacy Rights)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
  • Non-Discrimination: We will not discriminate against you for exercising your rights

Children's Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@shortx.app, and we will delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We ensure appropriate safeguards are in place to protect your personal information in accordance with this Privacy Policy.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

We are committed to resolving complaints about our collection or use of your personal information. If you have concerns that we have not addressed satisfactorily, you have the right to lodge a complaint with your local data protection authority.

ShortX - Smart URL Shortener