Privacy Policy

Last updated: May 4, 2026

This Privacy Policy describes how Appsinai ("we", "us", or "our") collects, uses, and shares information about you when you use our website, products, and services (collectively, the "Service"). We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data We Collect

We collect information you provide directly to us and information generated automatically when you use the Service:

Account Information

  • Name and email address when you register an account
  • Password (stored as a secure bcrypt hash — never in plain text)
  • Billing name and address provided at checkout
  • Profile information you optionally add (avatar, bio)

Usage & Analytics Data

  • IP address (anonymised after 24 hours for click analytics)
  • Browser type, operating system, and device category (derived from User-Agent)
  • Referrer URL and UTM parameters on link clicks
  • Country and city inferred from IP via GeoIP lookup
  • Timestamps of link clicks and page views

Payment Information

We use Stripe to process payments. We never store full card numbers or CVV codes on our servers. Stripe provides us with a payment method token and last-four-digits reference only. Stripe's privacy policy is available at stripe.com/privacy.

2. How We Use Your Data

We use the data we collect to:

  • Provide, operate, and improve the Service
  • Process transactions and send related information (receipts, invoices)
  • Send transactional emails (account activation, password reset, billing alerts)
  • Send product updates and marketing communications where you have given consent (you may opt out at any time)
  • Monitor for abuse, fraud, and violations of our Terms of Service
  • Comply with legal obligations and enforce our agreements
  • Aggregate and anonymise data for product analytics and business insights

Legal basis (GDPR): We process your data on the basis of contract performance (providing the Service), legitimate interests (security, fraud prevention, product improvement), consent (marketing emails), and legal obligation.

3. Data Retention

We retain personal data for as long as necessary to provide the Service and comply with our legal obligations:

  • Account data — retained for the lifetime of your account, then deleted within 30 days of account closure
  • Click analytics — retained for 2 years, then aggregated and anonymised
  • Raw IP addresses — anonymised after 24 hours
  • Billing records — retained for 7 years to comply with tax and accounting regulations
  • Server logs — retained for 90 days for security and debugging purposes

4. Your Rights

Under the GDPR and similar laws, you have the following rights regarding your personal data:

Right of Access

You can request a copy of all personal data we hold about you at any time from your account settings under Settings → Privacy → Export My Data.

Right to Deletion ("Right to be Forgotten")

You can delete your account and associated data from Settings → Account → Delete Account. We will process the deletion within 30 days, subject to our retention obligations for billing records.

Right to Data Portability

You can export your links, analytics, and bio page data in JSON or CSV format from your account dashboard at any time.

Right to Rectification

You can update your name, email, and other account information at any time from Settings → Profile.

Right to Object / Restrict Processing

You may object to processing based on legitimate interests or restrict processing while a dispute is resolved. Contact us at the address below.

Right to Lodge a Complaint

If you believe we have not handled your data lawfully, you have the right to lodge a complaint with your national data protection authority (e.g., the ICO in the UK, the CNIL in France, or the relevant EU supervisory authority).

5. Cookies

We use cookies and similar tracking technologies to operate and improve the Service. For full details of every cookie we set — including purpose, duration, and type — please see our Cookie Policy. You can manage your cookie preferences via the consent banner displayed on your first visit.

6. Data Sharing & Third Parties

We do not sell your personal data. We share data only with:

  • Stripe — payment processing
  • Amazon Web Services (AWS) — cloud infrastructure (EU region)
  • Postmark — transactional email delivery
  • Cloudflare — CDN, DDoS protection, and DNS
  • Legal authorities — when required by law or to protect rights and safety

All third-party processors are bound by Data Processing Agreements (DPAs) and are required to process data only on our instructions.

7. International Transfers

Our servers are located in the European Union. If we transfer data outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms.

8. Security

We implement appropriate technical and organisational measures to protect your data, including TLS encryption in transit, AES-256 encryption at rest for sensitive fields, regular security audits, and strict access controls with multi-factor authentication for our engineering team.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice in the app at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

10. Contact

For any questions, requests, or complaints relating to this Privacy Policy or our data practices, please contact our Data Protection Officer:

Appsinai — Data Protection

Email: privacy@shortlink.app

We aim to respond to all requests within 30 days.