Privacy Policy
Last updated: February 2026 — Effective immediately
What Data We Store
| Data Type | Stored? | Retention | Notes |
|---|---|---|---|
| Original URL | Yes | 30 days (default), up to 90 days | Required to perform the redirect |
| Short code / alias | Yes | Same as URL | The identifier for your link |
| Creation timestamp | Yes | Same as URL | Stored in metadata, expires with the link |
| Anonymous click count | Yes | Same as URL | Integer only. No user-identifying data associated with any click |
| Last accessed timestamp | Yes | Same as URL | When the link was last clicked. No identity attached |
| Deletion token | Yes (hashed) | Same as URL | Stored as a SHA-256 hash. The plaintext token is never retained |
| Visitor IP address | Never | — | Not logged or stored at any layer |
| Browser / User-Agent | Never | — | Not logged or stored |
| Geolocation | Never | — | No geo-lookup or country detection |
| Referrer | Never | — | Not stored or used for analytics |
| Device type | Never | — | No device fingerprinting |
| Cookies | None set | — | No cookies are set by the redirect or API |
| Third-party analytics | None | — | No Google Analytics, Mixpanel, or any tracking pixel |
How Long Data Is Retained
All data is stored in Redis with automatic expiry (TTL). When a link expires, every associated key is deleted automatically:
- Default TTL: 30 days from creation
- Custom TTL: You can specify
ttl_seconds(minimum 60 seconds, maximum 90 days) when creating a link - On deletion: When you call
DELETE /api/v1/:code?delete_token=<token>, all keys are deleted immediately - No archiving: Expired data is not backed up, archived, or retained in any form
Cookies & Tracking
LinkShrink sets zero cookies. The redirect endpoint does not set any cookies on visitor browsers. The marketing website uses a single localStorage key (sv-theme) to remember your light/dark theme preference — this stays on your device and is never transmitted to our servers.
Server Logs
Our hosting provider (Microsoft Azure) may maintain standard web server access logs that include IP addresses and request timestamps as part of their infrastructure operations. These logs are outside our control and subject to Microsoft's privacy statement. We do not process, query, or retain these logs ourselves. Azure's standard log retention is 30–90 days depending on the service tier.
GDPR Compliance
LinkShrink is designed to be GDPR-friendly by architecture, not just by policy:
- No personal data is collected when a link is visited — therefore, there is no personal data subject to GDPR access or deletion rights
- The URL you shorten may contain personal data (e.g., if it links to a profile page) — you are responsible for ensuring you have lawful basis to share that URL
- Links auto-expire and are fully deleted. No backup, no archival
- No third-party processors receive data from link visits (no analytics SDKs, no ad networks)
If you are sharing LinkShrink links on behalf of users in the EU, no consent banner is required on your side for the redirect itself, because no personal data about the clicking user is processed by us.
Data Controller
LinkShrink is operated by SoftVoyagers (github.com/softvoyagers). This is a free, open-source project. We are not a company incorporated in any jurisdiction and do not process personal data for commercial purposes.
Contact
For privacy questions, open an issue on our GitHub repository. We do not have a dedicated privacy email address.
Changes to This Policy
If we change what data is stored or how it is used, we will update this page and change the "Last updated" date at the top. We will not retroactively apply changes to links that already exist.