Privacy Policy
Last Updated: 19.02.2025
Shodl (shodl.io) is committed to protecting your privacy. This Privacy Policy explains how we collect, process, store, and protect personal data in compliance with the General Data Protection Regulation (GDPR) (EU 2016/679). By using Shodl, you agree to this Privacy Policy. If you do not agree, please discontinue use of the service.
1. Data Controller
Shodl is the data controller for processing personal data. For any inquiries regarding your data, please contact us at contact@shodl.io.2. Data We Collect
We collect the following types of data:2.1. Account Information
- Email Address
- Username
- Password (stored securely as a cryptographic hash)
2.2. Conversions & Redirects
- Shortened URLs and their corresponding original URLs
- Redirect data, which may include:
- IP address
- Browser type and version
- Device type
- Operating system
- Timestamp of access
- Other metadata relevant to redirects and user interactions
2.3. Statistics & Analytics
- Number of redirects and conversions
- Types of conversions
- Other aggregated insights related to link performance and user activity
2.4. Communications Data
- User inquiries and support requests
2.5. Cookies & Tracking (Google Analytics)
We use Google Analytics and similar tools to collect:- Page visits, navigation behavior, and time spent on site
- Device, browser, and approximate location (anonymized where required)
- Traffic sources (how users arrive at Shodl)
3. How We Use Your Data
We process data for the following purposes, in compliance with GDPR:| Purpose | Lawful Basis (GDPR) |
|---|---|
| Creating and managing accounts | Contractual necessity (Art. 6(1)(b)) |
| Providing URL shortening, redirection, and analytics services | Contractual necessity (Art. 6(1)(b)) |
| Enhancing service performance & security | Legitimate interest (Art. 6(1)(f)) |
| Monitoring and preventing abuse (spam, fraud, illegal content) | Legitimate interest (Art. 6(1)(f)) |
| Responding to user support requests | Legitimate interest (Art. 6(1)(f)) |
| Using Google Analytics for performance insights | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance (e.g., responding to lawful requests) | Legal obligation (Art. 6(1)(c)) |
4. Data Security
- Encryption of sensitive data at rest and in transit
- Access restrictions to prevent unauthorized data access
- Hashed passwords for secure authentication
- Secure communication via HTTPS
- Controlled API access to ensure only authorized sources interact with the system
5. Data Retention Policy
We retain data as long as necessary for business, security, and legal purposes:| Data Type | Retention Period |
|---|---|
| User Accounts (active) | Until user requests deletion |
| Deactivated Accounts | Retained indefinitely, unless deletion is requested |
| Shortened URLs & Redirect Data | Indefinitely |
| Analytics & Statistics | Indefinitely |
| Google Analytics Data | Per Google’s retention policies |
| Customer Support Requests | 2 years |
Users can request account deletion, but shortened URLs and analytics remain stored unless legally required to be deleted.
6. User Rights (GDPR Compliance)
- Right to Access – Request a copy of your data.
- Right to Rectification – Update email, username, or password.
- Right to Erasure ("Right to be Forgotten") – Delete your account.
- Right to Restrict Processing – Limit how your data is used.
- Right to Data Portability – Receive your data in a structured format.
- Right to Object – Stop data processing in certain cases.
- Right to Lodge a Complaint – File a complaint with your Data Protection Authority (DPA).
7. Data Sharing & Third-Party Services
We do not sell personal data. However, we may share limited data with:- Hosting & Database Providers (for secure storage)
- Google Analytics (for traffic insights)
- Legal Authorities (if required by law)
8. Cookies & Tracking
We use cookies to improve user experience and analyze traffic. These may include:- Essential Cookies (necessary for service functionality)
- Performance Cookies (used by Google Analytics to measure site usage)