Privacy Policy
Last updated: June 2026
Shrtn is committed to protecting your privacy. This policy explains what data we collect, why, and how we protect it, in compliance with the UK GDPR and the Data Protection Act 2018.
1. Data We Collect
When you shorten a URL (no account)
- IP address (hashed): We never store your raw IP address. We apply a SHA-256 hash with a server-side salt before storing. This is used solely for rate limiting.
- The URL you submit
- Timestamp
When someone clicks a short link
- IP address (hashed, as above) — for analytics deduplication
- HTTP Referrer (the page that sent the visitor)
- User-Agent (browser/device type, not stored verbatim beyond 255 chars)
- Click timestamp
When you create an account
- Email address
- Password (stored as an Argon2id hash; we never store your plain-text password)
- Account creation timestamp
2. How We Use Your Data
- To operate the URL shortening service
- To provide click analytics to link owners
- To enforce rate limits and prevent abuse
- To maintain your account
We do not sell your data to third parties. We do not use advertising networks. We do not build behavioural profiles.
3. Cookies
We use a single session cookie (PHP session) when you are logged in. This cookie is essential for authentication and expires when you close your browser or log out. We do not use tracking cookies or analytics cookies.
4. Data Retention
- Click records: retained for 12 months then deleted
- Rate limit records: deleted after 2 hours
- Account data: retained until you delete your account
5. Your Rights (UK GDPR)
You have the right to access, rectify, or erase your personal data. You may delete your account at any time from Account Settings, which removes all your links and associated click data. To request a copy of your data, contact us.
6. Security
Passwords are hashed with Argon2id. IP addresses are hashed with SHA-256 before storage. All traffic is served over HTTPS (TLS 1.2+).
7. Third-Party Services
If Google Safe Browsing is enabled, URLs you submit are checked against Google's threat database. See Google's Privacy Policy.
8. Contact
For privacy-related enquiries, please use the contact form.