Privacy Policy
Last updated: May 2, 2026
Qurly (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our URL shortening platform, analytics services, and related websites (collectively, the “Service”). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.
1. Information We Collect
1.1 Information You Provide Directly
- Account information: name, email address, and password when you register
- Organization information: organization name and settings you configure
- Payment information: billing details processed securely by Stripe; we do not store raw card numbers
- Profile information: any additional details you add to your account
1.2 Information Collected Automatically
When you use the Service, we automatically collect:
- Usage data: links you create, QR codes you generate, and actions you take in the dashboard
- Log data: IP address, browser type, operating system, referring URL, pages visited, and timestamps
- Device information: device type, screen resolution, and language settings
1.3 Click Analytics Data
When someone clicks one of your short links, our infrastructure collects:
- IP address hash: a one-way SHA-256 hash of the visitor’s IP address — the original IP is never stored
- Geographic data: country, city, and region derived from the IP at the point of the click (via Cloudflare’s edge network)
- Referrer: the URL of the page the visitor came from, if provided by their browser
- User agent: browser and operating system information
- Timestamp: when the click occurred
This click data is attributed to your organization and stored in our analytics infrastructure (Databricks). The depth of historical data available to you depends on your subscription plan.
1.4 Cookies and Similar Technologies
We use cookies and local storage to keep you logged in, remember your preferences, and analyse how the Service is used. See our Cookie Policy for full details.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Service
- Process payments and manage your subscription
- Send transactional emails (account confirmation, password reset, invoices)
- Provide you with click analytics for your short links
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
- Respond to support requests
We do not sell your personal information to third parties. We do not use your information to serve third-party advertising.
3. How We Share Your Information
3.1 Service Providers (Sub-processors)
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication | USA / EU |
| Databricks | Click analytics processing | USA |
| Cloudflare | CDN, edge network, redirect infrastructure, Browser Rendering for destination snapshots | Global |
| Cloudflare R2 | Object storage for uploaded assets and generated images | Global |
| Stripe | Payment processing, customer billing portal | USA |
| Google (Web Risk + Gemini) | Phishing/malware detection on destinations; AI image generation when you opt in | USA |
| Resend | Transactional and notification email delivery | USA |
| Printful | Print-on-demand fulfillment for the Print Shop, when you place an order | USA / EU |
Each sub-processor is bound by data processing agreements and is prohibited from using your data for their own purposes.
3.2 Legal Requirements
We may disclose your information if required to do so by law or valid legal process, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Qurly, our users, or the public.
3.3 Business Transfers
If Qurly is acquired or merges, your information may be transferred to the acquiring entity. We will notify you before your information becomes subject to a different privacy policy.
4. Data Retention
- Account data: retained while your account is active; deleted within 30 days of account deletion, except where retention is required by law
- Click analytics: retained according to your plan (Pro: 30 days, Business: 90 days, Enterprise: up to 5 years). Free plan click counts are retained indefinitely per link.
- Payment records: retained for 7 years to comply with financial regulations
5. Your Rights
5.1 All Users
- Access: request a copy of the personal data we hold about you
- Correction: request that inaccurate data be corrected
- Deletion: request deletion of your personal data, subject to legal retention requirements
- Portability: receive your data in a structured, machine-readable format
5.2 European Economic Area (GDPR)
If you are in the EEA, you have additional rights under the General Data Protection Regulation, including the right to lodge a complaint with your local supervisory authority. Our legal bases for processing are contract performance, legitimate interests, legal obligation, and consent.
5.3 California (CCPA)
California residents have the right to know what personal information is collected and to opt out of the sale of personal information. We do not sell personal information.
To exercise any of these rights, email privacy@app.qurly.dev.
6. Data Security
We implement industry-standard measures including TLS encryption in transit, encryption at rest for sensitive fields, and role-based access controls. No method of transmission or storage is 100% secure, and we will promptly notify you of any breach that affects your personal information as required by applicable law.
7. International Data Transfers
Your information may be transferred to and processed in countries outside your country of residence, including the United States. Where required, we rely on Standard Contractual Clauses approved by the European Commission.
8. Children’s Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. Contact us and we will delete any such information promptly.
9. Changes to This Policy
We will notify you of material changes by email and/or a notice in the Service at least 30 days before changes take effect. Continued use after the effective date constitutes acceptance.
10. Contact Us
Qurly
Email: privacy@app.qurly.dev
Support: support@app.qurly.dev