LinkShort

Privacy Policy

Last updated: April 30, 2026

Your privacy is important to us. This policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

We collect information you provide directly and information generated automatically when you use the Service.

Account Information

  • Name and email address provided during registration
  • Password — stored as a one-way bcrypt hash; we never store your plain-text password
  • Billing information — processed by Paddle; we do not store credit card details

Link Data

  • Original URLs you choose to shorten
  • Custom slugs and link titles you provide
  • Expiry settings and other link configuration

Analytics Data (collected when links are clicked)

  • IP address — hashed before storage for privacy
  • Approximate country and city — derived from IP geolocation
  • Device type (Mobile / Desktop / Tablet)
  • Browser type and version
  • Referrer URL — the page that linked to your short link
  • Timestamp of each click event

Technical Data

  • Server log files (access logs, error logs)
  • API usage data and request metadata
  • Error reports and diagnostic information

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process payments and manage your subscription
  • Send transactional emails such as account verification, password resets, and payment receipts
  • Send service notifications about important changes or updates
  • Detect, investigate, and prevent fraudulent or abusive activity
  • Monitor performance and conduct analytics to improve the Service

3. Data Sharing

We do not sell your personal data. We share data only in the following limited circumstances:

  • Paddle — our payment processor; receives billing information necessary to process your subscription
  • Resend — our email delivery provider; receives your email address and message content for transactional emails
  • MaxMind — used for IP geolocation to derive country/city data; IP addresses are processed locally and not transmitted to MaxMind servers
We may disclose your information if required to do so by law, court order, or governmental authority, or when we believe disclosure is necessary to protect the rights, property, or safety of Tooldit, our users, or the public.

4. Data Retention

We retain your data for as long as necessary to provide the Service:

  • Account data — retained until you delete your account
  • Click analytics — retained for 2 years from the date of collection
  • Invoices and billing records — retained for 7 years as required by applicable tax and accounting laws
  • Deleted account data — permanently deleted within 30 days of account deletion

5. Cookies

We use a minimal set of cookies that are strictly necessary to operate the Service:

  • Authentication session cookie — keeps you logged in during your session
  • Preference cookies — stores UI preferences such as theme and language

We do not use advertising cookies, third-party tracking cookies, or social media pixels. See our full Cookie Policy for details.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — delete your account and associated data from your dashboard
  • Export — export your links and analytics data in a portable format
  • Opt-out — unsubscribe from marketing emails at any time
To exercise any of these rights, contact us at settings@tooldit.com. We will respond within 30 days.

7. Data Security

We implement industry-standard security measures to protect your personal data:

  • All data is encrypted in transit using HTTPS / TLS
  • Passwords are hashed using bcrypt with a secure salt
  • API keys are stored as one-way hashes — raw values are never retained
  • IP addresses in analytics are hashed before storage
  • We conduct regular security audits and dependency reviews
  • Data is stored on secure, access-controlled servers

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us at privacy@tooldit.com and we will take steps to delete that information.

9. International Transfers

Your data may be processed in countries other than your own. When we transfer personal data internationally, we ensure that adequate protections are in place consistent with applicable data protection laws. By using the Service, you consent to the transfer of your information to countries that may have different data protection rules than your country.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

  • Update the "Last updated" date at the top of this page
  • Send an email notification to registered users for material changes

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

12. Contact

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us:

Tooldit Privacy Team
Email: privacy@tooldit.com