Privacy Policy

Last updated - June 25, 2025

This Privacy Policy ("Policy") explains how ti-ny.link ("ti-ny.link," "we," "our," or "us") collects, uses, shares, and safeguards your information when you use our website, browser extensions, APIs, mobile/desktop applications, widgets, and any other online products and services that link to this Policy (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Policy and our Terms of Service. If you do not agree with this Policy, you should not use the Service.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: When you create a ti-ny.link account, we collect your email address, password (hashed and salted), and optional profile information such as display name and avatar.
  • User Content: Destination URLs, custom aliases, tags, and any text you enter (e.g., link titles, descriptions) when generating Short Links.
  • Feedback & Support: Content of messages, emails, surveys, or support requests that you send to us.

1.2 Information We Collect Automatically

  • Usage Data: IP address, browser type, referring/exit pages, device identifiers, operating system, date/time stamps, clickstream data, and the pages or features you access.
  • Log Data: Server logs recording interactions with the Service, Short Link creation, and redirects.
  • Cookies & Similar Technologies: We use first‑party cookies and local storage to maintain sessions, remember preferences, prevent abuse, and perform analytics. See Section 7 for more details.

1.3 Information from Third Parties

  • Analytics & Marketing Partners: Aggregated usage statistics or campaign performance data (e.g., from Google Analytics or similar providers) that help us understand traffic patterns and service performance.
  • Single Sign‑On (SSO) Providers: If you sign in via Google, GitHub, or other SSO, we receive basic profile info as authorized by you.

We do NOT purchase or rent marketing lists, nor do we collect sensitive personal data (e.g., race, religion, biometric data) unless you voluntarily provide it.

2. How We Use Your Information

We process your information for the following purposes:

  1. Provide & Improve the Service: Operate, maintain, deliver, debug, and enhance our core link‑shortening functionality.
  2. Account Management: Create and manage user accounts, authenticate logins, and personalize features.
  3. Analytics: Monitor Service usage, diagnose technical issues, and understand user behavior to improve performance and UX.
  4. Security & Fraud Prevention: Detect and mitigate abuse, spam, malware, and violations of our Terms of Service.
  5. Communications: Send transactional emails (e.g., account verification, password resets), service announcements, and updates. Marketing emails are sent only with your consent or where permitted by law.
  6. Legal Compliance: Comply with applicable laws, enforce our Terms, respond to lawful requests, and protect rights, property, or safety of ti-ny.link, our users, or the public.

If you are located in the European Economic Area (EEA) or United Kingdom, we rely on the following legal bases:

  • Contractual Necessity: Processing necessary to provide the Service (Sections 2.1–2.2).
  • Legitimate Interests: Analytics, security, fraud prevention, and product improvement (Sections 2.3–2.4), provided these interests are not overridden by your rights.
  • Consent: Marketing communications and non‑essential cookies (Sections 2.5 & 7) where you have given explicit consent.
  • Legal Obligation: Compliance with legal or regulatory obligations (Section 2.6).

4. How We Share Information

We do not sell or rent personal data. We share information only as described below:

Recipient CategoryPurpose
Service Providers (e.g., hosting, cloud storage, customer support, analytics)Perform services on our behalf and under confidentiality agreements.
Business TransfersIf we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred subject to the same commitments.
Law Enforcement & Legal RequestsRespond to subpoenas, court orders, or lawful requests, or to protect rights and safety.
Other UsersWhen you create a public Short Link or publicly share analytics dashboards, certain data (alias, destination URL, clicks) may be visible to anyone with the link.
ConsentAny other sharing with third parties only with your explicit consent.

5. Data Retention

We retain information only as long as needed for the purposes described in this Policy or as required by law, after which it is securely deleted or irreversibly anonymised.

Type of DataPurposeRetention PeriodExceptions / Extensions
Short-link redirection logs
(IP address, referrer, user-agent, timestamp)		Operate redirects, troubleshoot errors, detect fraud/abuse, and provide historical analytics dashboards365 daysEnterprise customers may contractually extend retention (e.g., 2–5 years) via MSA/SOW. Logs may also be kept longer to comply with legal requests or active security/abuse investigations.
Aggregated usage & analytics data
(non-identifiable click counts, country-level geolocation)		Provide long-term trend insights and service metrics2 yearsMay be retained in de-identified form for longer to improve the Service and compile statistics.
Account information
(profile, billing, settings)		Maintain your account and comply with legal obligationsWhile the account is active and up to 7 years after closure where law or legitimate interests require
Support tickets & correspondenceCustomer support and QA2 yearsUp to 6 years where necessary to defend against legal claims.
  • User-initiated deletion: If you delete a short link or your account, associated logs and analytics are erased or anonymised within 30 days, unless retention is still necessary for an investigation or legal compliance.
  • Back-ups: Encrypted backups may persist for up to 30 days beyond the periods above and are automatically purged, never used for any other purpose.
  • Legal basis: Retention periods are set under our legitimate interests in running a secure service, fulfilling contracts, and meeting statutory obligations (e.g., tax, accounting, fraud-prevention).

6. Security Measures

We employ administrative, technical, and physical safeguards designed to protect your information, including:

  • Encryption in Transit & at Rest: HTTPS/TLS for all communications; AES‑256 for stored credentials.
  • Access Controls: Role‑based access, multi‑factor authentication for staff.
  • Regular Audits & Pen Tests: Third‑party security assessments and continuous monitoring.

No method of transmission or storage is completely secure; we cannot guarantee absolute security.

7. Cookies & Tracking Technologies

We use:

  • Essential Cookies: Required for core functionality (session management, authentication).
  • Performance Cookies: Collect aggregated data to improve site performance (e.g., page load times).
  • Analytics Cookies: Help us understand user interactions (e.g., Google Analytics). These are set only after you opt in where required.
  • Preference Cookies: Remember settings like language or theme.

You can control cookies via browser settings or our cookie banner. Disabling cookies may limit certain features.

8. Your Privacy Rights

Depending on your jurisdiction, you may have rights to:

  • Access or obtain a copy of the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion (erasure) of your data.
  • Object to or restrict processing of your data.
  • Withdraw consent at any time (without affecting prior lawful processing).
  • Opt out of marketing communications.
  • Data portability (receive data in a structured, machine‑readable format).

To exercise your rights, please contact us at privacy@ti-ny.link. We may verify your identity before processing requests. If you are in the EEA/UK, you may also lodge a complaint with your local supervisory authority.

8.1 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to know, access, delete, correct, and opt out of sharing personal information. We do not sell personal information as defined under California law. See our CCPA/CPRA Addendum for details.

9. Children’s Privacy

Our Service is not directed to children under 13 (or equivalent age of digital consent). We do not knowingly collect personal data from children. If we learn that a child has provided us personal data, we will delete it and terminate the associated account. Parents or guardians who believe their child has provided data can contact us at privacy@ti-ny.link.

10. International Data Transfers

We are headquartered in the United States and use service providers in multiple countries. If you access the Service from outside the U.S., your data may be transferred, stored, and processed in the U.S. or other jurisdictions. We rely on Standard Contractual Clauses or other approved mechanisms for cross‑border transfers where applicable.

11. Third‑Party Services & Links

Our Service may contain links to third‑party websites or services. We are not responsible for their privacy practices. We encourage you to review their policies before providing information.

12. Changes to This Privacy Policy

We may update this Policy periodically. We will post the revised Policy with a new “Last updated” date and, if the changes are material, provide prominent notice (e.g., via email or banner) at least 30 days prior to the effective date. Continued use after the effective date constitutes acceptance.

13. Contact Us

For questions or concerns about this Privacy Policy or our data practices, please contact:

Email: privacy@ti-ny.link

By using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to our data practices described herein.