Privacy Policy

Effective date: October 23, 2025

Summary at a Glance
  • We collect account details you provide and technical data generated when links are shortened or clicked (e.g., IP, user agent, timestamp, referrer, UTM parameters).
  • We use this data to operate the service, show aggregated analytics, prevent abuse, improve performance, and meet legal obligations.
  • We do not sell your personal information. We also do not “share” data for cross-context behavioral advertising under the CPRA.
  • You have rights to access, correct, delete, port, or object depending on where you live (GDPR/UK GDPR/CPRA/LGPD, etc.).
  • Questions? Contact us.

Who We Are

MEGA WORLD LLC (“we,” “us,” “our”) operates URL-Shortening.com and related services that shorten, redirect, and analyze links (the “Service”). Our business location: Texas, United States. If you are in the EEA/UK, the data controller is MEGA WORLD LLC; if applicable, our EU/UK representatives and DPO can be contacted via the email below.

How to Contact Us

Email: Contact us
Postal: MEGA WORLD LLC, Texas, United States

Scope

This policy covers data we process when you visit our website, create an account, use our APIs, generate or manage short links, or when someone clicks a short link we host.

Personal Data We Collect

1) Data you provide

  • Account & profile: name, email, password (hashed), organization, role.
  • Content: the original URLs you shorten and any tags, titles, notes, or metadata you attach.
  • Billing: billing contact details, plan selections. Card details are processed by our payment processor; we do not store full card numbers.
  • Support: messages, attachments, and feedback you submit.

2) Data collected automatically

  • Log & device data: IP address, user agent, device/OS/browser info, language, approximate location inferred from IP, timestamps, referrer, and UTM parameters.
  • Product usage: pages or endpoints requested, redirects, API calls, error diagnostics, and performance metrics.
  • Cookies & similar: essential cookies for sessions and security; optional analytics cookies (see “Cookies & Analytics”).

3) Data collected when someone clicks a short link

When a short link is requested, we process technical data to route the request and generate analytics:

  • IP address and user agent (to derive device type, bot detection, fraud prevention).
  • Timestamp, referrer, UTM and other query parameters, requested path/domain.
  • Approximate location inferred from IP (city/region/country level).

We generally present analytics in aggregated form. We do not build marketing profiles of individual visitors from link clicks.

Why We Use Your Data (Legal Bases)

  • Provide the Service & fulfill contract: account creation, authentication, redirects, reporting, billing, customer support.
  • Legitimate interests: security, fraud and abuse prevention, service improvement, debugging, analytics in aggregate.
  • Consent: non-essential cookies/analytics where required.
  • Legal obligations: record-keeping, responding to lawful requests.

How We Use Data

  • Operate, maintain, and secure our infrastructure (CDN, WAF, load balancing).
  • Show link analytics (e.g., clicks over time, top referrers, top countries/regions, devices/OS).
  • Detect and block malicious links, spam, phishing, and automated abuse.
  • Improve features, performance, and usability.
  • Communicate service updates and administrative messages.

Cookies & Analytics

We use essential cookies for sessions, security, and preferences. With your consent (where required), we may use analytics to understand usage in aggregate. You can manage cookies in your browser settings. If you block essential cookies, parts of the Service may not work.

Payment Processing

Payments are handled by our third-party processor (e.g., Stripe). We do not store full card numbers on our servers. The processor may handle your payment data under its own privacy policy.

Sharing & Disclosures

We do not sell personal information. We may share data with:

  • Service providers (processors) who host, store, analyze, or support our Service (e.g., cloud hosting, CDN/WAF/security, email delivery, analytics, payment processing, customer support tools). They are bound by contracts and only process data on our instructions.
  • Business transfers: as part of a merger, acquisition, or asset sale, subject to appropriate safeguards.
  • Legal: to comply with law, protect rights, safety, and prevent fraud or abuse.

International Data Transfers

We operate globally and may transfer data to countries that may have different data-protection laws. Where required, we use appropriate safeguards (e.g., EU Standard Contractual Clauses) to protect your data during transfer.

Retention

We keep personal data only as long as necessary for the purposes described, including providing the Service, complying with legal obligations, resolving disputes, and enforcing agreements. Aggregated analytics may be retained longer where they no longer identify individuals.

Security

We employ technical and organizational measures appropriate to the risk (encryption in transit, access controls, logging, network protections). No method of transmission or storage is 100% secure; if we detect a breach affecting your data, we will notify you and regulators as required by law.

Your Privacy Rights

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal data.
  • Receive a portable copy of your data.
  • Object to or request restriction of certain processing.
  • Withdraw consent (where processing relies on consent).
  • Lodge a complaint with a supervisory authority.

To exercise rights, contact us. We may verify your request to protect your account and data.

California (CPRA)

We do not “sell” personal information nor “share” it for cross-context behavioral advertising. California residents can request access, deletion, and correction as above.

EEA/UK (GDPR/UK GDPR)

You may contact us to exercise rights or to obtain details of our EU/UK representative (if appointed) and transfer safeguards (e.g., SCCs).

Processing on Behalf of Business Customers (Controller vs. Processor)

For some enterprise features, we may process personal data on behalf of a customer (e.g., bulk link creation, custom domains, webhooks). In those cases, the customer is the data controller and we are a processor under a Data Processing Addendum (DPA). For consumer/self-serve accounts, we typically act as controller for account and service data.

Children’s Privacy

Our Service is not directed to children under 13 (or the age required by local law). We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us to request deletion.

Sensitive Data

Please do not shorten URLs that intentionally contain sensitive personal data (e.g., health, financial account numbers, government IDs). If you include such data inside a URL, it may be logged during normal operations or visible to anyone who can access the destination.

Third-Party Links & Destinations

Short links redirect to destinations we do not control. This policy does not cover those third-party sites or services. Review their privacy policies before submitting information.

Automated Decision-Making

We may use automated rules to detect bots, spam, and abusive activity (e.g., rate limiting, IP reputation). These measures protect the Service and our users.

Do Not Track

Your browser may send a “Do Not Track” (DNT) signal. Because no standard governs DNT, we do not respond to DNT signals. We do honor legally required opt-out mechanisms.

Changes to This Policy

We may update this policy from time to time. The “Effective date” above reflects the latest version. If changes materially affect your rights, we’ll provide additional notice (e.g., via email or in-product message).