Resources

Privacy Policy

Effective date: 3/31/2023

Version: 3

This Privacy Policy of Short.cm Inc, a Delaware Corporation, US, reg# 4976272, with registered address at 1000 N West st Suite 1281-M#146 Wilmington, Delaware 19801 (“Short.IO”, “we”, “us”, “our”) describes how we collect, use and store personal identifiable information (“Personal Data”) when you are visiting our website (https://short.io - “Site”), using our services or related subdomains (https://app.short.io, - “Services”), or accessing our Services via our mobile applications or third party services integrations (“Applications”). 

Please read this Privacy Policy carefully. We may update this Privacy Policy from time to time, and will notify you about changes to this Privacy Policy when you are a user of our Services. This Privacy Policy constitutes part of our Terms of Service.

We do not knowingly process Personal Data of children. Under our Terms of Service you must be at least 18 years old to use our Services. Should we determine that person under the age of 18 using our Services, we will delete all Personal Data that we store about such a person, including any created accounts.

1. PERSONAL DATA WE COLLECT

Personal Data” means information related to an identifiable person including (1) any information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information

IMPORTANT: we do not collect any sensitive Personal Data (person's race or ethnic origin, health related data, political opinions, religious or philosophical beliefs, trade union membership and personal data concerning a person's health and sex life).

We collect following types of Personal Data:

  • Identity information: name, surname, avatar image;
  • Contact information: email address, phone number, type of business; 
  • Usage information: account settings, account level of access, connected domain names, purchased domain names, transferred domain names, subscription plan, pages visited, mouse events, third party accounts identifiers (Facebook, Google, Apple), hyperlinks you click, domain names that you purchase, SSO generated login identifier, messages you send us, tracking codes, connected advertising ID (Google Analytics, Segment, Adroll, Webhook, Facebook), connected, hyperlinks generated;
  • Technical information: log files, IP address, browser version, mobile device, device operating system, screen resolution, language preferences;
  • Payment data: billing address, purchases and payments, date/time/amount of transaction, VAT ID, invoices generated, PayPal account, commision generated, payouts, bank account details, payment card details, payment card type; 

2. PURPOSES OF PROCESSING

We collect Personal Data for the following purposes:

  • To provide you with our Website. For this purpose we may collect your Usage information and Technical information, which is being collected by means of different types of cookies, as described in our Cookies Policy;
  • To provide you with our Service and Applications. For this purpose we may collect all types of Personal Data described in section “Personal Data That We Collect”. We collect this Personal Data when you create an account with our Service, use our Service, install and/or use our Applications.
  • To purchase a domain name or transfer your domain name according to your instructions. For this purpose we may collect your Identity information, Payment data, Contact information, Usage information.
  • To provide you with support or answer your questions. For this purpose we may collect your Identity information, Contact information or Usage information.
  • To develop our Website, Service and Application. For this purpose we may collect your Usage information and Technical information, which is being collected by means of different types of cookies, as described in our Cookies Policy.
  • To connect our Application to your third party software account. For this purpose we may collect Usage information.

3. METHODS OF PROCESSING

We may collect Personal Data from direct interactions with you (when you are inputting some data into webforms in Application, Website or Service) or by using different automated technical measures (when you connect your third party accounts to our Application or Service, or by means of cookies). We may also collect Personal Data when you directly contact us via chat bot functionality or email.

We may collect Personal Data from third parties only when you are specifically connecting your third party account. We also do not and will not sell Personal Data you provide us with.

We endeavor to implement reasonable data protection measures, like anonymisation and pseudonymisation in order to protect Personal Data that we collect. We implement different types of encryption like encryption at transit (Secure Socket Layer) and encryption at rest. We store IP addresses in hashed form when the addressed location is in the European Economic Area or United Kingdom.

Our employees and contractors are subject to confidentiality obligations on the basis of executed confidentiality agreements. We also ensure that only authorized employees and contractors have access to Personal Data stored on our servers.

4. PLACE

Personal Data is generally processed at our operating offices and in any other places where the parties involved in the processing are located.

Generally we store Personal Data with Amazon Web Services on the servers located in the United States. For the users, based in the European Economic Area and United Kingdom (“EEA & UK”), we store Personal Data on Amazon Web Services on the servers located in Frankfurt in Main, Germany.

When Personal Data of EEA & UK based users is being processed by our subprocessors we ensure execution of data processing agreement containing standard contractual clauses. 

5. RETENTION TIME

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for. Therefore:

  • Personal Data collected for purposes related to the performance of a contract (Terms of Service, or other executed form of agreement) between you and us shall be retained until such contract has been fully performed. Therefore, when it comes to your use of our Service and Application, we are going to store Personal Data as long as you are going to use our Services, provided that you may amend Personal Data that you’ve provided.
  • Personal Data collected for the purposes of our  legitimate interests shall be retained as long as needed to fulfill such purposes.
  • Personal Data collected on the basis of your consent shall not be stored longer than 5 years, unless the purpose of processing is fulfilled earlier.
  • Personal Data collected to comply with our legal obligations will be stored as long as it is required according to the applicable law or applicable legal act. 

Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period, or any other rights that you may have according to the law applicable to processing of your Personal Data. 

We perform data backups from time to time to ensure proper retention of your Personal Data.

6. SUBPROCESSORS

We are using the following sub-processors to process Personal Data that we collect:

  • Google Ads conversion tracking (Google Inc.) Google Ads conversion tracking is an analytics service provided by Google LLC or by Google Ireland Limited, depending on the location short.io is accessed from, that connects data from the Google Ads advertising network with actions performed on short.io. Personal Data processed: Technical information, Usage Data. Place of processing: US – Privacy Policy - Data processing agreement
  • Amplitude Analytics (Amplitude Inc.) Amplitude Analytics is an analytics service provided by Amplitude Inc. Personal Data processed: Technical information; Usage Data. Place of processing: United States – Privacy Policy - Data processing agreement
  • Stripe (Stripe Inc). Stripe is a payment service provided by Stripe Inc.  Personal Data processed: various types of Data as specified in the privacy policy of the service. Personal Data processed: Payment Data. Place of processing: US – Privacy Policy - Data processing agreement
  • Hotjar Heat Maps & Recordings (Hotjar Ltd.) Hotjar is a session recording and heat mapping service provided by Hotjar Ltd. Hotjar honors generic „Do Not Track” headers. This means the browser can tell its script not to collect any of the User's data. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here. Personal Data processed: Technical information ; Usage Data. Place of processing: Malta – Privacy Policy Opt Out - Data processing agreement
  • Amazon Web Services (AWS) (Amazon). Amazon Web Services (AWS) is a hosting and backend service provided by Amazon Web Services, Inc. Personal Data processed: all types of Personal Data. Place of processing: United States/European union (for EEA and UK based users) - – Privacy Policy - Data processing agreement.
  • Sentry (GetSentry, LLC). Sentry is a monitoring service provided by Functional Software, Inc. Personal Data processed: Technical information, Usage Data. . Place of processing: US – Privacy Policy - Data processing agreement
  • Intercom (Intercom Inc.)  Intercom is a database management service provided by Intercom Inc. Intercom can also be used as a medium for communications, either through email, or through messages within short.io. Personal Data processed: Contact data, Usage Data; Technical information. Place of processing: United States – Privacy Policy - Data processing agreement

7. REMARKETING AND BEHAVIORAL TARGETING

This type of services allows us to inform, optimize and serve advertising based on past use of short.io by the User. This activity is facilitated by tracking Usage Data and by using Trackers to collect information which is then transferred to the partners that manage the remarketing and behavioral targeting activity. Some services offer a remarketing option based on email address lists. In addition to any opt-out feature provided by any of the services below, Users may opt out by visiting the Network Advertising Initiative opt-out page. Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general. Google Ads Remarketing (Google Inc.) Google Ads Remarketing is a remarketing and behavioral targeting service provided by Google LLC or by Google Ireland Limited, depending on the location short.io is accessed from, that connects the activity of short.io with the Google Ads advertising network and the DoubleClick Cookie. Users can opt out of Google's use of cookies for ads personalization by visiting Google's Ads Settings. Personal Data processed: Cookies; Usage Data. Place of processing: US – Privacy Policy Opt Out. LinkedIn Website Retargeting (LinkedIn Corporation) LinkedIn Website Retargeting is a remarketing and behavioral targeting service provided by LinkedIn Corporation that connects the activity of short.io with the LinkedIn advertising network. Personal Data processed: Trackers; Usage Data. Place of processing: United States – Privacy Policy Opt Out.

8. LOGIN WITH THIRD PARTY ACCOUNT

Our login functionality support sign up with the following third party services:

  • Google OAuth (Google Inc.)Google OAuth is a registration and authentication service provided by Google Inc. and is connected to the Google network. 
  • Facebook Authentication (Meta Platforms, Inc.) Facebook Authentication is a registration and authentication service provided by Meta Platforms, Inc. and is connected to the Facebook social network. 

When you are using a third party account to sign up with our Service or Application, we will automatically collect portions of Personal Data made available with your third party account as part of our standard account creation procedure.

9. SPECIAL SECTION FOR USERS BASED IN EUROPEAN ECONOMIC AREA AND UNITED KINGDOM

a. DATA CONTROLLER

Short.cm Inc, a Delaware Corporation, US, reg# 4976272 shall be considered the controller of your Personal Data. If you have any questions regarding processing of your Personal Data or want to execute any of your rights you may contact us at  support@short.io

b. LEGAL BASIS FOR PROCESSING

We will process your personal data on the following basis:

  • On the basis of your consent. We will process your Personal Data on this basis when you give your explicit consent to such processing via different web forms on our Site, Service or Application;
  • To perform a contract executed between us. We rely on this basis when you are accepting our Terms of Service, which constitutes the entire agreement regarding use of our Service and Applications, or when we execute other types of contract with you, for example contractor agreement.
  • On the basis of our legitimate interest. We rely on this basis when it comes to development of our Site, Service and Applications, or protection of our rights. For example, we may retain a certain Personal Data when you breach our Terms of Service until the breach is cured in full.
  • On the basis of legal requirements. We will rely on this basis when processing is required according to the law applicable to us, legal act, court decision, subpoena or other legal document.

c. EXECUTION OF YOUR RIGHTS

We honor your rights granted to you by UK GDPR, EU GDPR and your national legislation implementing GDPR: :

  • Withdraw your consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data. If consent is the only basis for processing your Personal Data we would have to delete it from our databases.
  • Object to processing of your Personal Data. Users have the right to object to the processing of their Personal Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section above.
  • Access your Personal Data. Users have the right to learn if Personal Data is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Personal Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Personal Data and ask for it to be updated or corrected.
  • Restrict the processing of their Personal Data. Users have the right, under certain circumstances, to restrict the processing of their Personal Data. In this case, we will not process their Personal Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Personal Data from us.
  • Receive their Personal Data and have it transferred to another controller. Users have the right to receive their Personal Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Personal Data is processed by automated means and that the processing is based on your consent, on a contract which you are part of or on pre-contractual obligations thereof.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

.

d. How to exercise these rights

You may execute your rights by sending your request to support@short.io. We will provide you a response within 30 calendar days. This term may be extended for additional 30 calendar days in case your request is complicated or excessive. We reserve our right to verify your request, and demand power of attorney if request is filed by your proxy.

10. SPECIAL SECTIONS FOR CONSUMERS BASED IN THE STATE OF CALIFORNIA

A. INTRODUCTION

According to California Consumers Privacy Act (“CCPA”) we are obligated to notify consumers based in the State of California about our use, correction and disclosure of their personal information, collected through Site, Service or Application.

For the purpose of this section of this Privacy Policy “personal information” has a meaning as determined in the CCPA.

B. CATEGORIES OF PERSONAL INFORMATION

Please see the categories of personal information that we collect, disclose and sell: 

Categories of personal information Last Updated: 

Categories of Sources and Purposes for Collection and Use

Categories of Recipients and Business Purposes for Disclosure

NAME, CONTACT INFORMATION AND IDENTIFIERS: Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, phone number, account name.

Sources:

  • Directly from you;
  • Automatically when you are visiting our website;
Purposes of collection:
  • To provide you with our Website. 
  • To provide you with our Service and Applications. 
  • To purchase a domain name or transfer your domain name according to your instructions. 
  • To provide you with support or answer your questions. 
  • To develop our Website, Service and Application. 
  • To comply with our legal obligations

Recipients:

  • Service providers;
  • Governmental agencies and authorities;
  • Affiliated and related companies
Business purposes:
  • Ensuring security and integrity of Personal Information
  • Debug and fix existing errors;
  • Deliver you our Services;
  • Perform services on our behalf;
  • Ensuring security and integrity of Personal Information
  • For internal use by our service provider

CUSTOMER RECORDS: Paper and electronic customer records containing personal information, such as name, signature, address, telephone number, bank account number, credit card number, debit card number, or any other financial information.

Sources:

  • Directly from you;
Purposes of collection:
  • To provide you with our Service and Applications. 
  • To purchase a domain name or transfer your domain name according to your instructions. For this purpose we may collect your Identity information, Payment data, Contact information, Usage information.
  • To provide you with support or answer your questions. 

Recipients:

  • Service providers;
  • Governmental agencies and authorities;
  • Affiliated and related companies
Business purposes:
  • Ensuring security and integrity of Personal Information
  • Debug and fix existing errors;
  • Deliver you our Services;
  • Perform services on our behalf;
  • Ensuring security and integrity of Personal Information
  • For internal use by our service provider

PROTECTED CLASSIFICATIONS: Characteristics of protected classifications under California or federal law such as race, color, sex, age, religion, national origin, disability, citizenship status, and genetic information.

No

No

PURCHASE HISTORY AND TENDENCIES: Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Sources:

  • Directly from you;
Purposes of collection:
  • To provide you with our Service and Applications. 
  • To purchase a domain name or transfer your domain name according to your instructions. 
  • To provide you with support or answer your questions..
  • To connect our Application to your third party software account. 

Recipients:

  • Service providers;
  • Governmental agencies and authorities;
  • Affiliated and related companies
Business purposes:
  • Ensuring security and integrity of Personal Information
  • Debug and fix existing errors;
  • Deliver you our Services;
  • Perform services on our behalf;
  • Ensuring security and integrity of Personal Information
  • For internal use by our service provider

BIOMETRIC INFORMATION: physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including DNA, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

No

No

USAGE DATA: Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement.

Sources:

  • Directly from you;
  • Automatically when you are visiting our website;
Purposes of collection:
  • To provide you with our Website. For this purpose we may collect your Usage information and Technical information, which is being collected by means of different types of cookies, as described in our Cookies Policy;
  • To provide you with our Service and Applications. 
  • To purchase a domain name or transfer your domain name according to your instructions.
  • To provide you with support or answer your questions. 
  • To develop our Website, Service and Application. 

Recipients:

  • Service providers;
  • Governmental agencies and authorities;
  • Affiliated and related companies
Business purposes:
  • Ensuring security and integrity of Personal Information
  • Debug and fix existing errors;
  • Deliver you our Services;
  • Perform services on our behalf;
  • Ensuring security and integrity of Personal Information
  • For internal use by our service provider

GEOLOCATION DATA: Precise geographic location information about a particular individual or device

Sources:

  • Directly from you;
  • Automatically when you are visiting our website;
Purposes of collection:
  • To provide you with our Website. 
  • To provide you with our Service and Applications. 
  • To purchase a domain name or transfer your domain name according to your instructions. 
  • To provide you with support or answer your questions. 
  • To develop our Website, Service and Application. 
  • To comply with our legal obligations

Recipients:

  • Service providers;
  • Governmental agencies and authorities;
  • Affiliated and related companies
Business purposes:
  • Ensuring security and integrity of Personal Information
  • Debug and fix existing errors;
  • Deliver you our Services;
  • Perform services on our behalf;
  • Ensuring security and integrity of Personal Information
  • For internal use by our service provider

AUDIO/VISUAL: Audio, electronic, visual, thermal, olfactory, or similar information.

No

No

EMPLOYMENT HISTORY: Professional or employment-related information.

No

No

EDUCATION INFORMATION: Information that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).

No

No

PROFILES AND INFERENCES: Inferences drawn from any of the information identified above to create a profile about a resident reflecting the resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

No

No

C. SELLING AND SHARING PERSONAL INFORMATION

The act of selling and sharing personal information has been redefined under recent California legislation. The term "sell" no longer solely refers to exchanging personal information for monetary compensation, but also encompasses the use of personal information by third parties for their own purposes. Furthermore, "sharing" personal information entails disclosing it to third parties for cross-context behavioral advertising. Within the past 12 months, we have engaged in the selling and/or sharing of the following information:

  • Identity information: name, surname, avatar image;
  • Contact information: email address, phone number, type of business; 
  • Usage information: account settings, account level of access, connected domain names, purchased domain names, transferred domain names, subscription plan, pages visited, mouse events, third party accounts identifiers (Facebook, Google, Apple), hyperlinks you click, domain names that you purchase, SSO generated login identifier, messages you send us, tracking codes, connected advertising ID (Google Analytics, Segment, Adroll, Webhook, Facebook), connected, hyperlinks generated;
  • Technical information: log files, IP address, browser version, mobile device, device operating system, screen resolution, language preferences;
  • Payment data: billing address, purchases and payments, date/time/amount of transaction, VAT ID, invoices generated, PayPal account, commision generated, payouts, bank account details, payment card details, payment card type; 

Our list of recipients comprises our service providers and other third parties, who receive personal information for cross-context behavioral advertising. We only "sell" personal information to third parties, as defined by CCPA, for cookie or other tracking technology purposes.

D. RIGHTS OF CALIFORNIA CONSUMERS

California law grants certain rights to residents and puts restrictions on specific business practices. As a California consumer, you have the right to request disclosure of personal information that we collect, use, disclose, and sell about you.

Do-Not-Sell. As a California resident, you possess the right to opt-out of the sale of your personal information. Nonetheless, we do not sell the personal information of California residents or any other users of our website. We may only share your personal information as detailed in this Section of our Privacy Policy. Please use our cookies banner to opt-out from specific cookies. If you intend to exercise your rights, please use the link given below - "Do Not Sell Or Share My Personal Information."

Verifiable Requests for Copy, Deletion and Right to Know. Subject to certain exceptions, California consumers have the right to make the following requests, at no charge, up to twice every 12 months.

Please see ‘Submitting Requests’ below for instructions about how to exercise your rights:

a. Deletion: You may request deletion of your personal information, subject to the following exemptions:

  • Carry out the intended purpose for which the personal information was collected, fulfill a requested service or product, or fulfill a contract between the business and the consumer;
  • Identify and prevent security incidents, protect against malicious, deceptive, fraudulent or illegal activity, or take legal actions against those responsible for such activity;
  • Debug and rectify errors;
  • Exercise the right to free speech, facilitate another consumer's right to free speech, or exercise other rights provided by law;
  • Comply with the California Electronic Communications Privacy Act as specified in Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;
  • Use the personal information for internal purposes that confirm with the consumer’s expectations based on their relationships with our business;
  • Comply with legal obligations;

b. Copy. You may request a copy of certain personal information about you that we have collected during the 12 months period.

c. Right to Know (Collection): You have the right to know what personal information we have collected about you during the last 12 months. This includes disclosure of the categories of personal data collected, shared and sold, and the categories of third parties, with whom we have shared or disclosed your personal information.

d. Right to Know (Disclosure and Sale): You are entitled to know what personal information we have disclosed and sold about you, and how this personal information has been handled during the last 12 months. This includes the categories of personal information collected, the categories of third parties to whom the person's personal information has been sold and the specific categories of personal information sold to each category of third party, the categories of third parties to whom the personal information has been disclosed, and the categories of personal information that we have disclosed or shared with a third party for a business purpose.

e. Correct inaccurate personal information: You are entitled to request correction of inaccurate personal information that we collected about you. 

E. SUBMITTING YOUR REQUEST

You may submit your request:

  • By sending it to our address 1000 N West st Suite 1281-M#146, Wilmington, Delaware 19801
  • By sending email to support@short.io

We will inform you about receipt of your request and will endeavor to respond within 45 days. We may extend response time to an additional 45 days if it is required and will let you know about any such extension. 

Upon receiving your request, we will take measures to verify your identity. We will attempt to match the details in your request with the personal information we have on file for you. As part of our verification procedure, we may request additional information from you, utilize identity verification services to help us, or ask you to log in to your account on our website, if you have one, to validate your identity. Please note that, depending on the nature of your request, to safeguard the confidentiality and security of your personal information, we will only fulfill your request when we are confident that we have validated your identity to a reasonable level of certainty.

11. NOTICE TO VIRGINIA USERS

As per the Virginia Consumers Data Protection Act, you possess the following entitlements:

  • You can opt-out from having your personal data used for targeted advertising. You can accomplish this by adjusting your preferences in our cookies banner.
  • You possess the right to be informed, access and confirm your personal data.
  • You have the right to request the removal of personal data we possess about you.
  • You have the right to correct any inaccuracies in your personal data.
  • You have the right to portability of data (i.e., easily accessible, portable access to all of your personal data held by a company).
  • You have the right to opt-out of the sale of personal data.
  • You have the right to opt-out of profiling that is based on personal data.
  • You have the right to not be subjected to discrimination for exercising any of the aforementioned rights. We do not "sell" personal data in exchange for financial consideration by a controller to a third party. To execute your rights, please email us at support@short.io.

12. COOKIES NOTICE

A. GENERAL

This section to inform you about tracking technologies that we use on Site. For simplicity, all such technologies are defined as "Trackers" within this document – unless there is a reason to differentiate. While cookies can be used on both web and mobile browsers, it would be inaccurate to talk about cookies in the context of mobile apps as they are a browser-based Tracker. For this reason, within this document, the term “Cookies” is only used where it is specifically meant to indicate that particular type of Tracker.

Some of the purposes for which Trackers are used may also require your consent, depending on the applicable law. Whenever consent is given, it can be freely withdrawn at any time following the instructions provided herein.

Short.io uses Trackers managed directly by us (so-called “first-party” Trackers) and Trackers that enable services provided by a third-party (so-called “third-party” Trackers). Unless otherwise specified herein, third-party providers may access the Trackers managed by them. The validity and expiration periods of Cookies and other similar Trackers may vary depending on the lifetime set by us or the relevant provider. Some of them expire upon termination of your browsing session.

B. STRICTLY NECESSARY COOKIES

Short.io uses so-called “technical” Cookies and other similar Trackers to carry out activities that are strictly necessary for the operation or delivery of the Service.

Third-party Trackers

  • SPAM protection This type of service analyzes the traffic of short.io, potentially containing your Personal Data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM. Google reCAPTCHA (Google LLC) Google reCAPTCHA is a SPAM protection service provided by Google LLC. The use of reCAPTCHA is subject to the Google privacy policy and terms of use. Personal Data processed: Cookies and Usage Data. Place of processing: United States – Privacy Policy. Storage duration:
    • _GRECAPTCHA: duration of the session
    • rc::a: indefinite
    • rc::b: duration of the session
    • rc::c: duration of the session

C. FUNCTIONALITY TRACKERS

Short.io uses Trackers to enable basic interactions and functionalities, allowing you to access selected features of the Service and facilitating communication.

  • Interaction with support and feedback platforms This type of service allows you to interact with third-party support and feedback platforms directly from the pages of short.io. If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if  you do not actively use the service. Canny We display changelog from this service
  • Registration and authentication By registering or authenticating, you allow short.io to identify them and give them access to dedicated services. Depending on what is described below, third parties may provide registration and authentication services. In this case, short.io will be able to access some Data, stored by these third-party services, for registration or identification purposes. Some of the services listed below may also collect Personal Data for targeting and profiling purposes; to find out more, please refer to the description of each service. Facebook Authentication (Meta Platforms, Inc.) Facebook Authentication is a registration and authentication service provided by Meta Platforms, Inc. and is connected to the Facebook social network. Personal Data processed: Trackers and various types of Data as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Storage duration:
    • _fbp: 3 months
    • fbssls_*: duration of the session

D. STATISTICS & ANALYTICS COOKIES

Short.io uses Trackers to measure traffic and analyze users behavior with the goal of improving the Service.

  • Analytics The services contained in this section enable us to monitor and analyze web traffic and can be used to keep track of users behavior.
  • Google Ads conversion tracking (Google Inc.) Google Ads conversion tracking is an analytics service provided by Google LLC or by Google Ireland Limited, depending on how We manage the data processing, that connects data from the Google Ads advertising network with actions performed on short.io. Personal Data processed: Cookies and Usage Data. Place of processing: US – Privacy Policy. Storage duration:
    • IDE: 2 years
    • test_cookie: 15 minutes
  • Amplitude Analytics (Amplitude Inc.) Amplitude Analytics is an analytics service provided by Amplitude Inc. Personal Data processed: Cookies and Usage Data. Place of processing: United States – Privacy Policy. Storage duration:
    • amp_*: indefinite
  • Heat mapping and session recording Heat Mapping services are used to display the areas of a page where you most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of users behavior. Some of these services may record sessions and make them available for later visual playback. Hotjar Heat Maps & Recordings (Hotjar Ltd.) Hotjar is a session recording and heat mapping service provided by Hotjar Ltd. Hotjar honors generic „Do Not Track” headers. This means the browser can tell its script not to collect any of the user's data. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here. Personal Data processed: Cookies, Usage Data and various types of Data as specified in the privacy policy of the service. Place of processing: Malta – Privacy Policy Opt Out. Storage duration:
    • _hjAbsoluteSessionInProgress: 30 minutes
    • _hjCachedUserAttributes: duration of the session
    • _hjClosedSurveyInvites: 1 year
    • _hjDonePolls: 1 year
    • _hjFirstSeen: duration of the session
    • _hjIncludedInPageviewSample: 30 minutes
    • _hjIncludedInSessionSample: 30 minutes
    • _hjLocalStorageTest: duration of the session
    • _hjLocalStorageTest: duration of the session
    • _hjMinimizedPolls: 1 year
    • _hjRecordingEnabled: duration of the session
    • _hjRecordingLastActivity: duration of the session
    • _hjSession*: 30 minutes
    • _hjSessionRejected: duration of the session
    • _hjSessionResumed: duration of the session
    • _hjSessionTooLarge: duration of the session
    • _hjSessionUser*: 1 year
    • _hjShownFeedbackMessage: 1 year
    • _hjTLDTest: duration of the session
    • _hjUserAttributesHash: duration of the session
    • _hjViewportId: duration of the session
    • _hjid: 1 year

E. TARGETING AND ADVERTISING

Short.io uses Trackers to deliver personalized marketing content based on user’s behavior and to operate, serve and track ads.

  • Remarketing and behavioral targetingThis type of service allows short.io and its partners to inform, optimize and serve advertising based on past use of short.io by User.This activity is facilitated by tracking Usage Data and by using Trackers to collect information which is then transferred to the partners that manage the remarketing and behavioral targeting activity.Some services offer a remarketing option based on email address lists.In addition to any opt-out feature provided by any of the services below, you may opt out by visiting the Network Advertising Initiative opt-out page.You may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general. Google Ads Remarketing (Google Inc.)Google Ads Remarketing is a remarketing and behavioral targeting service provided by Google LLC or by Google Ireland Limited, depending on how we manage the data processing, that connects the activity of short.io with the Google Ads advertising network and the DoubleClick Cookie.You can opt out of Google's use of cookies for ads personalization by visiting Google's Ads Settings. Personal Data processed: Cookies and Usage Data. Place of processing: US – Privacy Policy Opt Out. Storage duration:
    • AID: 2 years
    • ANID: 2 years
    • Conversion: 3 months
    • DSID: 14 days
    • FCNEC: 1 year
    • FLC: 10 seconds
    • FPAU: 3 months
    • FPGCLAW: 3 months
    • FPGCLDC: 3 months
    • FPGCLGB: 3 months
    • IDE: 2 years
    • NID: 6 months
    • RUL: 1 year
    • TAID: 14 days
    • __gads: 2 years
    • __gsas: 2 years
    • _gac_: 3 months
    • _gac_gb_: 3 months
    • _gcl_au: 3 months
    • _gcl_aw: 3 months
    • _gcl_dc: 3 months
    • _gcl_gb: 3 months
    • _gcl_gf: 3 months
    • _gcl_ha: 3 months
    • id: 2 years
    • test_cookie: 15 minutes
  • User database managementThis type of service allows us to build user profiles by starting from an email address, a personal name, or other information that you provides to short.io, as well as to track you activities through analytics features. This Personal Data may also be matched with publicly available information about you (such as social networks' profiles) and used to build private profiles that we can display and use for improving short.io.Some of these services may also enable the sending of timed messages to you, such as emails based on specific actions performed on short.io. Intercom (Intercom Inc.) Intercom is a you database management service provided by Intercom Inc. Intercom can also be used as a medium for communications, either through email, or through messages within short.io. Personal Data processed: Cookies, email address, Usage Data and various types of Data as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Storage duration:
    • intercom-id-*: 10 months
    • intercom-session-*: 7 days
    • intercom-test: indefinite

COOKIES CONSENT MANAGEMENT

There are various ways to manage Tracker related preferences and to provide and withdraw consent, where relevant:

Users can manage preferences related to Trackers from directly within their own device settings, for example, by preventing the use or storage of Trackers.

Additionally, whenever the use of Trackers is based on consent, you can provide or withdraw such consent by setting their preferences within the cookie notice or by updating such preferences accordingly via the relevant consent-preferences widget, if available.

It is also possible, via relevant browser or device features, to delete previously stored Trackers, including those used to remember the user’s initial consent.

Other Trackers in the browser’s local memory may be cleared by deleting the browsing history.

With regard to any third-party Trackers, users can manage their preferences and withdraw their consent via the related opt-out link (where provided), by using the means indicated in the third party's privacy policy, or by contacting the third party.

Locating Tracker Settings

Users can, for example, find information about how to manage Cookies in the most commonly used browsers at the following addresses:

Users may also manage certain categories of Trackers used on mobile apps by opting out through relevant device settings such as the device advertising settings for mobile devices, or tracking settings in general (users may open the device settings and look for the relevant setting).

How to opt out of interest-based advertising

Notwithstanding the above, users may follow the instructions provided by YourOnlineChoices (EU), the Network Advertising Initiative (US) and the Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan) or other similar services. Such initiatives allow users to select their tracking preferences for most of the advertising tools. We thus recommend that users make use of these resources in addition to the information provided in this document.

The Digital Advertising Alliance offers an application called AppChoices that helps users to control interest-based advertising on mobile apps.

Consequences of denying consent

Users are free to decide whether or not to grant consent. However, please note that Trackers help short.io to provide a better experience and advanced functionalities to users (in line with the purposes outlined in this document). Therefore, in the absence of the user's consent, we may be unable to provide related features.