Privacy Policy

1. Introduction

uuu.gl ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our URL shortening, file sharing, and note-taking services ("Service").

2. Information We Collect

2.1 Information You Provide

Account Information: When you sign up using Google OAuth, we collect your email address, name, and profile picture from your Google account
Content: URLs you shorten, files you upload, notes you create, and custom short codes you choose
Payment Information: If you subscribe to premium features, payment data is processed by our payment processor (Paddle/Stripe) and we do not store your full credit card details

2.2 Information Collected Automatically

Usage Analytics: Click counts, geographic location (country, city), referrer URLs, device type, browser type, and operating system
IP Addresses: Hashed (SHA-256) IP addresses for rate limiting and abuse prevention (we do NOT store plain-text IPs)
Browser Fingerprints: Anonymous device fingerprints using Fingerprint.js for bot detection and rate limiting
Cookies: Authentication tokens, session data, and analytics cookies (see Section 6)

2.3 Information from Third Parties

Google OAuth: Basic profile information (name, email, profile photo)
Google Safe Browsing API: URL safety checks (no personal data shared)

3. How We Use Your Information

We use your information to:

Provide and maintain the Service
Create and manage your account
Generate short URLs and store your content
Process payments and manage subscriptions
Provide analytics on link clicks and usage patterns
Prevent spam, abuse, and fraudulent activity
Enforce our Terms of Service
Communicate with you about service updates and security alerts
Comply with legal obligations

We do NOT: Sell your personal data to third parties or use your content for advertising purposes.

4. GDPR Compliance

If you are located in the European Economic Area (EEA), you have the following rights:

4.1 Your Rights

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure ("Right to be Forgotten"): Request deletion of your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Restrict Processing: Limit how we use your data
Right to Object: Object to certain types of processing
Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, email us at privacy@uuu.gl. We will respond within 30 days.

4.2 Legal Basis for Processing

We process your data based on:

Contract Performance: To provide the Service you signed up for
Legitimate Interests: Fraud prevention, security, and service improvement
Legal Obligation: Compliance with laws and regulations
Consent: Where you have explicitly consented (e.g., marketing emails)

5. Data Retention

Account Data: Retained until you delete your account
Content (URLs, Files, Notes): Retained while your account is active; may be deleted after prolonged inactivity (90+ days)
Click Analytics: Retained for 30 days, then automatically deleted
Hashed IP Addresses: Deleted after 30 days
Payment Records: Retained for 7 years for tax and accounting purposes

Note: We may retain anonymized, aggregated data indefinitely for statistical purposes.

6. Cookies and Tracking

We use the following types of cookies:

6.1 Essential Cookies

Required for authentication and service functionality. You cannot opt out of these cookies.

6.2 Analytics Cookies

We use Google Analytics to understand how users interact with the Service. You can opt out using browser extensions or Google's opt-out tool.

6.3 Third-Party Cookies

Google OAuth and payment processors may set their own cookies. Refer to their privacy policies for details.

7. Data Security

We implement industry-standard security measures:

Encryption in transit (HTTPS/TLS)
Encryption at rest for stored files
Bcrypt password hashing for password-protected links
Firebase Authentication security rules
Regular security audits and vulnerability scanning

However: No method of transmission or storage is 100% secure. We cannot guarantee absolute security. See our Terms of Service for data loss disclaimers.

8. Data Sharing and Disclosure

We may share your information with:

8.1 Service Providers

Firebase/GCP: Cloud hosting and database services
Vercel: Frontend hosting and CDN
Paddle/Stripe: Payment processing
Google Analytics: Usage analytics

8.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of uuu.gl or others.

8.3 Business Transfers

If uuu.gl is acquired or merged, your information may be transferred to the new owner.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) for GDPR compliance.

10. Children's Privacy

The Service is not intended for users under 13 years old (or 16 in the EEA). We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately.

11. Do Not Track Signals

Our Service does not currently respond to "Do Not Track" browser signals. However, you can opt out of Google Analytics tracking.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the new policy.

13. Contact Us

For privacy-related questions or to exercise your data rights, contact us at:

Email: privacy@uuu.gl
Data Protection Officer: dpo@uuu.gl

Summary (Not Legally Binding): We collect minimal data necessary to provide the service. Your data is protected with industry-standard security. We do not sell your data. You have the right to access, correct, or delete your data. We comply with GDPR and international privacy laws.