Privacy Policy

At PrettyURL (prettyurl.app), we take user privacy and data protection with absolute seriousness. This Privacy Policy details the types of information we collect, how we secure and anonymize analytic data, our cookie usage policies, and our compliance integrations with advertising systems.

1. Data Controller and Compliance Standards

PrettyURL operates globally as a link-shortening and tracking SaaS web application. We are committed to processing all data in full compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and ePrivacy Directives. By design, our software implements strict data minimization, meaning we collect only the minimum required information to resolve short links and compile secure marketing analytics.

2. Non-Identifiable IP Hashing (SHA-256 Pipeline)

When web visitors click a shortened link created through PrettyURL, our redirect routing engine resolves the target destination. To track traffic volumes, unique visitors, and prevent denial-of-service attempts without identifying individual persons, we run an automated, one-way cryptographic anonymization process:

• We capture the incoming network IP address of the redirect visitor.
• We combine this IP address with a secure, highly confidential server-side salt.
• We process this combined string through a SHA-256 cryptographic hash function, producing a non-reversible 64-character token.
• The original raw IP address is discarded immediately from memory and is **never** written to our permanent database logs.
• This deterministic hashing system allows us to separate unique visitor volumes from total click volumes for campaigns without storing any personally identifiable information (PII). This process is completely irreversible; even in the event of an unauthorized data breach, the raw IP addresses cannot be decrypted or reconstructed.

3. Cookie Usage and Cookie-less Tracking

PrettyURL maintains two distinct cookie policies depending on how you interact with our platform:

• Registered User Dashboard: If you create a PrettyURL account and log in, we utilize essential operational cookies to securely maintain your session, authenticate your dashboard panel, and prevent CSRF cross-site forgery. These cookies are strictly functional and do not track your browsing habits on external websites.
• Redirection Traffic: For general internet users clicking shortened redirects, our platform is **100% cookie-less**. We do not set any tracking cookies or browser storage objects on a visitor's device during redirection. This allows campaign managers to direct users smoothly without showing intrusive cookie pop-ups on redirect paths.

4. Third-Party Advertising and Google AdSense Disclosures

To support our free tier redirect infrastructure, we implement programmatic advertising on our public-facing screens (such as the landing home page and blog pages).

Important Google AdSense Disclosures:

• Third-party vendors, including Google, use cookies to serve ads based on a user's prior visits to your website or other websites.
• Google's use of advertising cookies enables it and its partners to serve ads to your users based on their visit to your sites and/or other sites on the Internet.
• Users may opt out of personalized advertising by visiting Google Ad Settings, or by visiting www.aboutads.info to opt out of a third-party vendor's use of cookies for personalized advertising.

5. Collected Information for Registered Accounts

If you sign up for a PrettyURL workspace console, we securely collect:

• Your name and email address to manage credentials.
• Payment processor logs via our payment gateway (Stripe) for billing subscriptions. We do not store credit card credentials directly on our servers.
• Campaign settings, custom workspaces, custom redirect URLs, and aggregated count stats.

6. Data Retention and Deletion Rights

Registered creators retain absolute control over their campaign links. If you delete a custom link or workspace from your cockpit dashboard, all corresponding redirection rules, dynamic QR configurations, and historical aggregated click traffic statistics are immediately and permanently erased from our production databases.

If you wish to request a complete deletion of your account and all associated profile details, you may contact our compliance desk at privacy@prettyurl.app or via our secure contact page.

7. Updates to This Policy

We may revise this privacy policy from time to time to align with technical modifications, framework upgrades, or evolving privacy legislation. Any changes will be published here with an updated "Last Updated" timestamp.