This Privacy Policy explains how Qlick ("we", "us") collects, uses, and protects your information when you use our link shortening and analytics service. We aim to be straightforward — no dark patterns, no surprises.
1. Information We Collect
Account information. When you register, we store your name, email address, hashed password, language preference, and timezone.
Links and content. We store the long URLs you shorten, the alias, optional title and password hash, expiration settings, and any targeting rules you configure.
Click analytics. When someone follows a link you created, we record: timestamp, approximate country (derived from IP via MaxMind GeoLite2), device type, operating system, browser, language, and referrer host. We do not store the visitor's full IP address or any personally identifiable information about visitors.
Billing information. Paid plans are processed by Stripe. We store a Stripe customer ID and subscription metadata; full card numbers never touch our servers.
Technical data. Our servers log basic request data (timestamp, request path, response status, user agent) for security and debugging. These logs are rotated and retained for a limited period.
2. How We Use Your Information
- Operate, secure, and improve the Service;
- Provide you with link analytics and account features;
- Process payments and manage subscriptions;
- Communicate with you about your account, important updates, and support;
- Detect and prevent fraud, abuse, and security incidents;
- Comply with legal obligations.
We do not sell your personal data and we do not use your link content or analytics to train third-party advertising profiles.
3. Cookies
We use a small number of essential cookies:
laravel_session/XSRF-TOKEN— keep you signed in and protect form submissions;dark_mode— remembers your theme preference;cookie_law— remembers that you dismissed the cookie notice.
We do not use third-party advertising or tracking cookies.
4. Third-Party Services
To operate the Service, we share limited data with carefully chosen processors:
- Stripe — payment processing (card data, billing address, subscription state). Stripe Privacy
- Cloudflare Turnstile — bot protection on sign-up, login, and shorten forms. Cloudflare receives your IP and basic browser metadata to compute a risk score. Cloudflare Privacy
- MaxMind GeoLite2 — a local database file used to look up an approximate country from a visitor's IP. No data is sent to MaxMind in real time.
- Email provider — our SMTP provider delivers transactional emails (verification, password reset, billing notices).
5. Data Retention
We keep your account data for as long as your account is active. Click analytics records may be aggregated or anonymized over time. When you delete your account, we delete your account data, your links, and the associated analytics within 30 days, except where retention is required by law (for example, tax records).
6. Your Rights
If you are in the European Economic Area, United Kingdom, or another region with comparable laws, you have the right to:
- Access the personal data we hold about you;
- Request correction of inaccurate data;
- Request deletion ("right to be forgotten");
- Restrict or object to certain processing;
- Receive a portable copy of your data;
- Withdraw consent at any time (where consent is the basis for processing);
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us through our live chat.
7. Security
We use industry-standard measures to protect your data: HTTPS for all traffic, password hashing with bcrypt, secure session cookies, and protection against common web vulnerabilities (CSRF, XSS, SQL injection, brute-force). No system is perfect, but we work hard to keep yours secure.
8. International Transfers
Our servers and some of our processors may be located outside your country. Where personal data is transferred internationally, we rely on appropriate safeguards (such as Standard Contractual Clauses) to protect it.
9. Children's Privacy
The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the new version here and update the "Last updated" date. For material changes, we will also notify you by email or via a prominent notice in the Service.
11. Contact
Questions about this Privacy Policy or how we handle your data? Reach us through our live chat.