1. Introduction
RLinks ("we," "us," or "our") is committed to protecting
your privacy. This Privacy Policy explains how we
collect, use, disclose, and safeguard your information
when you use our link shortening service.
We handle data for two distinct groups: link creators
(registered users) and end users (people who click
links).
2. Information We Collect
2.1 Link Creator Account Information
When you create an account, we collect:
-
Email address: For account access
and notifications
-
Payment information: PayPal email,
crypto wallet addresses (for payouts)
-
OAuth data: If you sign in with
Google (email, name, profile picture)
-
Link data: URLs you shorten, custom
codes, titles
-
Analytics preferences: Dashboard
settings, notification preferences
2.2 End User Click Data
When someone clicks a short link, we collect: We never
store raw IP addresses
Important: We never store raw IP
addresses
-
IP addresses: Hashed with SHA-256
for rate limiting (never stored plain)
-
User agent: Browser type, version,
operating system
-
Referrer: Where the click came from
(if available)
-
Timestamps: When the link was
clicked
-
Geographic data: Country/region
(derived from IP, not stored)
-
Device type: Mobile, desktop,
tablet (from user agent)
2.3 Automatically Collected Information
-
Dashboard usage: Pages viewed,
features used, time spent
-
Performance data: Page load times,
error rates
-
Cookies: Session cookies for login
(see Section 5)
3. How We Use Your Information
3.1 For Link Creators
- Provide URL shortening and redirection service
- Generate click analytics and earnings reports
- Process payouts (PayPal, crypto)
- Send account notifications and security alerts
- Detect and prevent fraud or abuse
- Provide customer support
3.2 For End Users (Clickers)
- Redirect to destination URLs
- Show interstitial ads (revenue generation)
- Credit reward points to Rewarders accounts
- Rate limit clicks to prevent abuse
- Detect bot traffic and click fraud
4. Data Sharing and Disclosure
We do not sell your personal information. We may share
data with:
-
Service providers: Cloudflare
(CDN), Supabase (database), MagicAuth
(authentication)
-
Ad networks: A-Ads, Coinzilla (for
interstitial ads)
-
Payment processors: PayPal, crypto
exchanges (for payouts)
-
Analytics providers: Aggregated,
anonymized usage statistics
-
Law enforcement: When required by
law or court order
-
Business transfers: In the event of
a merger, acquisition, or sale
5. Cookies and Tracking
5.1 Dashboard Cookies (Link Creators)
We use the following cookies:
-
Session cookies: Keep you logged in
(expires after 7 days)
-
Preferences cookies: Remember your
dashboard settings
-
Analytics cookies: Understand how
you use the dashboard
5.2 Interstitial Page Cookies (End Users)
When clicking a short link:
-
Click tracking cookie: Prevents
double-counting (24 hours)
-
Fraud detection cookie: Detects bot
traffic (session only)
5.3 Ad Network Cookies
Interstitial ads may include cookies from:
-
A-Ads: Anonymous Bitcoin ads (no
tracking cookies)
-
Coinzilla: Cryptocurrency ads (may
use cookies for targeting)
6. Data Security
We implement industry-standard security measures to
protect your information:
-
Encryption in transit: All data
transmitted via HTTPS/TLS 1.3
-
Encryption at rest: Database
encryption with AES-256
-
IP hashing: End user IPs hashed
with SHA-256 (irreversible)
-
Access controls: Role-based access
to production systems
-
Rate limiting: Prevents brute force
attacks
-
JWT authentication: All API
requests cryptographically signed
-
Regular audits: Quarterly security
audits and penetration testing
7. Data Retention
-
Link creator accounts: Retained
until you delete your account
-
Click analytics: 90 days
(aggregated data retained indefinitely)
-
Deleted accounts: Purged within 30
days (GDPR compliance)
-
Financial records: 7 years (tax
compliance)
-
Fraud logs: 1 year (for dispute
resolution)
-
Inactive accounts: Links
deactivated after 24 months of inactivity
8. Your Rights (GDPR & CCPA)
You have the following rights regarding your personal
data:
-
Right to access: Request a copy of
your personal data
-
Right to rectification: Correct
inaccurate data
-
Right to erasure ("right to be
forgotten"):
Delete your data
-
Right to data portability: Export
your data in JSON format
-
Right to object: Object to
processing of your data
-
Right to restrict processing: Limit
how we use your data
-
Right to withdraw consent: Opt out
of marketing emails
To exercise these rights, email
privacy@rlinks.app. We will respond within 30 days.
Note for end users: If you clicked a
short link and want your click data removed, contact us
with the approximate date/time and link URL. We can
purge the associated hashed IP.
9. International Data Transfers
Your data may be transferred to and processed in
countries outside your residence:
-
Primary servers: United States (AWS
us-east-1)
-
CDN: Cloudflare global network
(200+ data centers)
-
Database: Supabase (United States)
-
GDPR compliance: EU users' data
stored in EU regions when possible
10. Children's Privacy
RLinks is not intended for children under 13. We do not
knowingly collect personal information from children. If
you believe we have collected data from a child, contact
us immediately at
privacy@rlinks.app.
11. Do Not Track Signals
We currently do not respond to "Do Not Track" (DNT)
browser signals. However, end user IP addresses are
hashed before storage, providing a baseline level of
privacy regardless of DNT settings.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
Material changes will be announced via:
- Email notification to link creators
- Dashboard banner notification
-
Updated "Last updated" date at the top of this page
Continued use of the Service after changes take effect
constitutes acceptance of the new Privacy Policy.
14. Third-Party Services
RLinks integrates with the following third-party
services. Please review their privacy policies: