Privacy Policy

Last updated: April 22, 2026

At Sniplink, we take your privacy seriously. This policy explains what data we collect, how we use it, and your rights regarding that data.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and a hashed version of your password. We never store passwords in plain text.

Click Analytics Data

When someone clicks a shortened link, we collect anonymous analytics data including:

  • IP address (hashed with SHA-256 — we never store raw IPs)
  • Country and city (derived from request headers)
  • Device type, browser, and operating system
  • Referrer URL (the page the click came from)
  • Timestamp of the click

Link Data

We store the URLs you shorten, custom aliases, titles, and associated metadata needed to provide the service.

2. How We Use Your Data

We use your data exclusively to:

  • Provide the URL shortening and redirect service
  • Display click analytics on your dashboard
  • Authenticate your account and maintain your session
  • Send password reset emails when requested
  • Improve the service and fix bugs

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

We use the following third-party services to operate Sniplink:

  • MongoDB Atlas — database hosting (data stored securely in the cloud)
  • Vercel — application hosting and edge network
  • Gmail SMTP — sending password reset emails

4. Cookies

We use a single session cookie for authentication purposes. This cookie is essential for keeping you logged in and does not track you across other websites. We do not use advertising or tracking cookies.

5. Data Retention & Deletion

Your data is retained for as long as your account is active. You can delete your account at any time from the Settings page, which will permanently remove your account, all your links, and all associated click analytics data. Password reset tokens automatically expire and are deleted after 1 hour.

6. Data Security

We implement industry-standard security measures including:

  • Password hashing with bcrypt (12 salt rounds)
  • IP address hashing with SHA-256 and a secret salt
  • JWT-based session tokens
  • HTTPS encryption in transit
  • Rate limiting on all API endpoints
  • Input validation on all user inputs

7. Your Rights

You have the right to:

  • Access your personal data through your dashboard
  • Update your name and password in Settings
  • Delete your account and all associated data
  • Export your link data (available via API)

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes by updating the date at the top of this page.

9. Contact

If you have questions about this privacy policy or your data, please open an issue on our GitHub repository.