Privacy Policy

What we collect

Account data: Your email address and a hashed password. That's it.

Click analytics: When someone clicks a shortened link, we transiently use the IP address and browser user agent to derive approximate location (country, city), device type, and a non-reversible daily pseudonym for unique visitor estimation. The raw IP address and user agent are discarded after processing and are not stored long-term. Only the derived analytics data, referring URL, and a timestamp are retained. This data is tied to the link, not to an individual person.

Cookies: We use a session cookie to keep you signed in. We do not set any cookies on people who click your shortened links, and we don't use third-party trackers anywhere on the site.

What we don't do

• We do not sell, rent, or share your data with third parties.
• We do not run third-party ads or trackers.
• We do not profile you across websites.

How we use your data

Account data is used to authenticate you. Click analytics are used to show link owners how their links are performing. We may use aggregated, non-identifiable data to monitor service health.

Data retention

Analytics data is retained according to your plan's retention period. You can delete your links and their associated analytics at any time. If you delete your account, all your data is removed.

Data security

All traffic is encrypted over TLS. Sensitive fields are encrypted at rest. Passwords are stored using bcrypt and are never logged or exposed.

Your rights

You can request access to, correction of, or deletion of your personal data at any time by contacting us at [email protected]. We will respond within 30 days.

Self-hosted instances

If you self-host ugo, you are the data controller. This policy applies only to the service operated at ugo.cr.

Changes

We may update this policy. Changes will be posted on this page with an updated date. Continued use of the service constitutes acceptance of the revised policy.