Privacy Policy

Last updated: January 26, 2026

1. Introduction

vsl.im ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our URL shortening and link management service (the "Service").

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when you:

  • Create an account: Email address, username, and password
  • Create links: URLs you shorten, custom aliases, and link settings
  • Set up custom domains: Domain names you register with our Service
  • Contact support: Any information you provide in support requests
  • Subscribe to paid plans: Billing information processed by our payment providers

2.2 Information Collected Automatically

When you or visitors access links through our Service, we automatically collect:

  • Device information: Browser type, operating system, device type
  • Network information: IP address (anonymized for GDPR compliance), approximate geographic location
  • Referrer data: The website that referred traffic to your links
  • Timestamp: Date and time of access
  • User agent: Browser and operating system identification string

2.3 Cookies and Tracking Technologies

We use cookies and similar technologies to maintain sessions, remember preferences, and analyze usage patterns. See our Cookie Policy for details.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our Service
  • Process your transactions and manage your account
  • Provide analytics and statistics about your links
  • Send administrative information (service updates, security alerts)
  • Respond to your inquiries and provide customer support
  • Detect, prevent, and address fraud, abuse, and security issues
  • Comply with legal obligations
  • Improve our Service through aggregated, anonymized analysis

4. Information Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 When We May Share Information

We may share your information in the following circumstances:

  • Service providers: With trusted third parties who assist us in operating our Service (hosting, payment processing, email delivery), bound by confidentiality agreements
  • Legal requirements: When required by law, court order, or government request, or to protect our rights, privacy, safety, or property
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
  • With your consent: For any purpose you authorize

4.3 Analytics Visibility

Link analytics are visible only to the link owner. We do not share individual link analytics with third parties except as aggregated, anonymized statistics.

5. Data Retention

We retain your data as follows:

  • Account data: Until you delete your account
  • Links: Until you delete them or your account
  • Analytics data: According to your plan's retention period (30 days to unlimited)
  • Access logs: 90 days for security purposes
  • Backup data: 30 days after deletion from production

After account deletion, we may retain certain data as required by law or for legitimate business purposes (e.g., fraud prevention).

6. Data Security

We implement industry-standard security measures to protect your information:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Bcrypt hashing for passwords
  • Regular security audits and penetration testing
  • Access controls and authentication for internal systems
  • Employee training on data protection

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Your Rights

7.1 All Users

You have the right to:

  • Access your personal information through your account dashboard
  • Update or correct your information
  • Delete your account and associated data
  • Export your data in a machine-readable format
  • Opt out of non-essential communications

7.2 European Economic Area (EEA) Residents

Under GDPR, you additionally have the right to:

  • Request restriction of processing
  • Object to processing based on legitimate interests
  • Data portability
  • Lodge a complaint with a supervisory authority

7.3 California Residents

Under CCPA, you have the right to:

  • Know what personal information we collect
  • Request deletion of personal information
  • Non-discrimination for exercising your rights

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data processing agreements with all sub-processors
  • Compliance with applicable data protection laws

9. Children's Privacy

Our Service is not directed to children under 16. We do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it promptly. Parents who believe their child has provided us information should contact us.

10. Third-Party Links

Our Service may contain links shortened by users that lead to third-party websites. We are not responsible for the privacy practices of these external sites. We recommend reviewing the privacy policies of any sites you visit.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the new policy on this page with an updated date
  • Sending an email notification to registered users
  • Displaying a prominent notice in the Service

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your data, contact us at:

For GDPR-related inquiries, you may also contact our Data Protection Officer at [email protected].

13. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Contract: Processing necessary to provide our Service
  • Legitimate interests: Security, fraud prevention, service improvement
  • Consent: Marketing communications (where applicable)
  • Legal obligation: Compliance with applicable laws
Terms of Service Cookie Policy