Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Name (optional)
• Password (encrypted)

Usage Information

We automatically collect:

• Short URL clicks: IP address, user agent, referrer, timestamp
• API usage: Request counts for rate limiting
• Error logs: Technical errors and debugging information

Cookies

We use strictly necessary cookies for authentication:

• auth_token: httpOnly JWT for authentication
• loggedin: Flag for UI enhancement (no data)

No cookie consent banner is required as these cookies are essential for the service. They are exempt under ePrivacy Directive Article 5(3).

2. How We Use Your Information

We use collected information to:

• Provide and maintain the service
• Process URL shortening and email forwarding requests
• Authenticate users and maintain account security
• Enforce rate limits and prevent abuse
• Analyze usage patterns to improve the service
• Send service-related emails (verification, notifications)

3. Data Sharing and Disclosure

We do NOT sell or rent your personal information to third parties.

We may share data with:

• Service Providers: Cloudflare (hosting), Scaleway (email delivery)
• Legal Requirements: If required by law or to prevent fraud/abuse

4. Email Forwarding Privacy

When you create an email forward:

• Your real email address is stored encrypted in our database
• Email content passes through our servers but is NOT logged or stored
• Email headers may contain your IP address (standard email behavior)
• We verify destination email addresses before activation

5. Data Retention

We retain data as follows:

• Account data: Until account deletion
• Short URLs: Until expiration or deletion
• Email forwards: Until expiration or deletion
• Click analytics: 90 days
• Logs: 30 days

6. Your Rights (GDPR/CCPA)

You have the right to:

• Access: Request a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Delete your account and data
• Portability: Export your data
• Objection: Object to data processing

To exercise these rights, contact us at privacy@redirme.com or use the dashboard settings.

7. Security Measures

We implement security measures including:

• Encryption in transit (HTTPS/TLS)
• Encrypted password storage (bcrypt)
• httpOnly cookies to prevent XSS attacks
• Rate limiting to prevent abuse
• Regular security audits

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Third-Party Services

We use the following third-party services:

• Cloudflare: Hosting, CDN, DNS ( Privacy Policy )
• Scaleway: Transactional email delivery ( Privacy Policy )

9. Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

10. International Data Transfers

Your data may be processed in data centers worldwide. We ensure appropriate safeguards are in place for international transfers.

11. Changes to Privacy Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

12. Contact Us

For privacy-related questions or concerns, contact us at:

Email: privacy@redirme.com