Privacy Policy

Tinlr — Privacy Policy

This Privacy Policy explains how Tinlr (“we”, “us”, “our”) collects, uses, and shares personal data when you use tinlr.com and related services, including link shortener, analytics, QR codes, and bio pages (the “Services”). We comply with the UK GDPR, the Data Protection Act 2018, and, where applicable, the EU GDPR.

Controller: Tinlr, United Kingdom
Contact: hello@tinlr.com.

1) Data we collect

a) Account & billing data

  • Name, email, password (hashed), username.
  • Subscription and billing details (if paid plans are enabled), including country, VAT number, invoices and partial payment identifiers (via our payment processors).

b) Usage & device data

  • IP address, user agent, language, referrer, approximate location (country/city), timestamps, pages visited, and actions within the dashboard.
  • For short links: target URL, slug/alias, click events (date/time, IP, user agent, referrer, approximate location), and campaign parameters (UTM) if present.
  • For QR codes and bio pages: settings you configure and scan/visit events captured similarly to short-link clicks.

c) Content you submit

  • Custom domains, link metadata (titles, descriptions, thumbnails), workspaces/teams, notes/tags, and any information placed in bio pages.

d) Cookies & similar technologies

  • Functional cookies for session and security.
  • Optional analytics/marketing cookies where consent applies. See our Cookie Policy for details.

e) Support communications

  • Emails, chat messages, attachments, abuse reports, and feature requests.

We do not intentionally collect special category data. Please avoid submitting it in links, titles, or bio pages.

2) Lawful bases for processing

We rely on:

  • Contract – to provide and support the Services you request.
  • Legitimate interests – to secure, improve, and prevent abuse; to understand aggregated usage; to protect our rights.
  • Consent – for optional analytics/marketing cookies (where required) and for sending non-essential marketing.
  • Legal obligation – to comply with tax, accounting, and law-enforcement requirements.

3) How we use data

  • Provide core features (short links, QR codes, bio pages, analytics).
  • Authenticate users, secure accounts, and prevent spam/abuse (e.g., malware, phishing, prohibited content).
  • Measure performance and improve functionality.
  • Process payments and issue invoices/receipts (if applicable).
  • Communicate about service changes, security alerts, and transactional emails.
  • Enforce our Terms and comply with the law.

4) Sharing & disclosures

We share personal data only with:

  • Service providers / sub‑processors who host, store, or process data for us (e.g., cloud hosting, email, analytics, payments).
  • Payment processors (e.g., Stripe/PayPal) that handle your card/bank details—we never store full payment data on our servers.
  • Law enforcement/authorities where required by law or to protect rights, safety, and security.
  • Business transfers in case of merger, acquisition, or asset sale (with appropriate safeguards).

A current list of sub‑processors is available on request at hello@tinlr.com.

5) International transfers

Your data may be processed outside the UK/EEA. Where this occurs, we rely on adequacy decisions or standard contractual clauses (SCCs) and implement supplementary safeguards as needed.

6) Retention

  • Account data: kept while your account is active; core records retained up to 6 years after closure for tax/accounting/defense of claims.
  • Link/click/QR/bio analytics: retained for as long as the associated asset exists or until you delete it; aggregated and anonymised statistics may be kept longer.
  • Logs/security data: typically retained 90–365 days unless needed for investigations.

7) Your rights (UK/EU)

You have the right to request: access, rectification, erasure, restriction, portability, and to object to processing based on legitimate interests or direct marketing. Where we rely on consent, you can withdraw it at any time. To exercise rights, email hello@tinlr.com. You also have the right to lodge a complaint with the ICO (ico.org.uk) or your local EU authority.

8) Security

We apply technical and organisational measures such as HTTPS/TLS, encryption at rest (where available by infrastructure), access control, audit logging, and regular updates. No method is 100% secure; please use strong, unique passwords and enable any available security features.

9) Children

The Services are not directed to children under 13. If you are in the UK/EU, do not use the Services if you are under the age thresholds applicable in your country without parental consent.

10) Third‑party links & content

Short links may lead to third‑party sites. We are not responsible for their privacy practices. Review those policies before providing personal data.

11) Communications & marketing

We may send you service and transactional emails. Marketing emails are sent only with your consent where required; you can unsubscribe at any time via the link provided.

12) Do Not Track

Our Services currently do not respond to browser “Do Not Track” signals.

13) Changes to this policy

We will update this policy as needed and indicate the revision date above. Material changes may be announced by email or in‑app notice.

14) Contact

Questions about this policy or your data rights: hello@tinlr.com.