Privacy Policy

Introduction

Welcome to Minime ("we," "our," or "us"). We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our URL shortening and analytics service (the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please discontinue use of the Service immediately.

Information We Collect

1. Information You Provide

When you register for an account, we collect:

• Email Address: Required for account creation, login, and communication
• Username: Optional display name
• Password: Securely hashed and never stored in plain text
• Profile Picture: Optional avatar image
• URLs: The long URLs you shorten through our Service
• Custom Aliases: Custom short codes you create
• Campaign Information: Names and descriptions of your campaigns

2. Information Collected Automatically

When you or visitors access your shortened links, we automatically collect:

• IP Addresses: For security, fraud prevention, and geographic analytics
• Browser Information: Type and version of web browser
• Device Information: Type of device (desktop, mobile, tablet)
• Operating System: OS type and version
• Referrer URLs: The website that referred the visitor to your link
• Geographic Location: Country-level location derived from IP address
• Timestamp: Date and time of each link access
• Click/Scan Data: Whether the link was accessed via click or QR code scan

3. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication and security (session cookies, CSRF tokens)
• Preference Cookies: Remember your settings (dark mode, language preferences)
• Analytics Cookies: Help us understand how you use the Service

How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve our URL shortening and analytics services
• Account Management: To create and manage your account, authenticate users, and process subscriptions
• Analytics: To provide you with insights about link performance, visitor demographics, and engagement metrics
• Security: To detect, prevent, and address fraud, abuse, security risks, and technical issues
• Communication: To send you service-related emails, updates, and notifications
• Compliance: To comply with legal obligations and enforce our Terms of Service
• Improvement: To analyze usage patterns and improve Service functionality

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interest: Fraud prevention, security, and Service improvement
• Consent: Where you have explicitly consented to specific processing activities
• Legal Obligation: Compliance with applicable laws and regulations

Why We Store IP Addresses

We collect and store IP addresses for the following essential reasons:

• Fraud Prevention: Detect and prevent spam, abuse, and automated attacks
• Security: Identify suspicious activity, rate limit requests, and protect user accounts
• Geographic Analytics: Provide country-level insights about link visitors (IPs are converted to countries)
• Legitimate Interest: Under GDPR Article 6(1)(f), we have a legitimate interest in maintaining security

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: Third-party vendors who assist in Service delivery (hosting, payment processing, email services) under strict confidentiality agreements
• Legal Requirements: When required by law, court order, or government investigation
• Business Transfers: In the event of a merger, acquisition, or sale of assets (users will be notified)
• Protection of Rights: To protect our rights, property, safety, or that of our users
• With Consent: When you explicitly authorize us to share your information

Data Security

We implement industry-standard security measures to protect your data:

• Encryption: HTTPS/TLS encryption for all data in transit
• Password Security: Passwords are hashed using PBKDF2 with SHA256
• Access Controls: Role-based access control and authentication
• Security Monitoring: Automated monitoring for suspicious activity
• Regular Audits: Periodic security assessments and updates
• OWASP Compliance: Following OWASP Top 10 security best practices

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

• Account Data: Retained until you request account closure or deletion
• Analytics Data: Stored for 2 years for performance analysis and historical trends
• Security Logs: Retained for 1 year for security incident investigation
• Payment Records: Retained for 7 years for accounting and tax compliance

Your Privacy Rights

Depending on your location, you have the following rights:

Rights for All Users:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Data Portability: Export your data in CSV format

Additional Rights for EEA/UK Users (GDPR):

• Right to Erasure: Request deletion of your data (subject to exceptions below)
• Right to Restriction: Restrict processing of your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for specific processing activities
• Right to Lodge a Complaint: File a complaint with your data protection authority

How to Exercise Your Rights:

To exercise any of these rights, please contact us at privacy@yourdomain.com. We will respond to verified requests within 30 days.

Children's Privacy

Our Service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately, and we will delete such information.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with third-party service providers
• Compliance with applicable data protection laws

Third-Party Services

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

Third-party services we may use:

• Payment processors (for subscription payments)
• Email service providers (for transactional emails)
• Cloud hosting providers (for Service infrastructure)
• CDN providers (for static content delivery)

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email or prominent notice on the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: