Privacy Policy

1. Information We Collect

We collect several types of information to provide and improve our Service:

1.1 Information You Provide

• Account Information: Name, email address, password, company name (for business accounts)
• Payment Information: Billing address, payment method details (processed by our payment provider)
• Profile Information: Profile photo, bio, preferences, custom domain settings
• Content: Destination URLs, custom slugs, metadata, QR code designs, vCard information
• Communications: Messages you send to our support team, feedback, survey responses

1.2 Information We Collect Automatically

• Usage Data: Links created, clicks, scan data, feature usage, page views
• Device Information: Browser type, operating system, device type, screen resolution
• Location Data: IP address, country, city, timezone (derived from IP)
• Cookies and Similar Technologies: Session identifiers, preference settings, analytics data
• Log Data: Access times, error logs, referrer URLs, request data

1.3 Click Analytics Data

When someone clicks a short link you create, we collect:

• Click timestamp
• Referrer source (where the click came from)
• Device type and operating system
• Browser type
• Geographic location (country, city)
• IP address (hashed after 24 hours)

Note: We do NOT collect personally identifiable information about people who click your links (unless they are also rus.sh users).

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Provide the Service

• Create and manage short links
• Generate QR codes and vCards
• Track and display analytics
• Process payments and manage subscriptions
• Provide customer support

2.2 Improve the Service

• Analyze usage patterns to identify bugs and optimize performance
• Develop new features based on user behavior
• Conduct research and testing
• Create aggregate, anonymous statistics

2.3 Communicate with You

• Send service updates and announcements
• Respond to support requests
• Send marketing communications (with your consent)
• Notify you of account activity or security issues

2.4 Security and Fraud Prevention

• Detect and prevent spam, abuse, and fraud
• Protect against security threats
• Enforce our Terms of Service
• Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We share information only as follows:

3.1 With Your Consent

We may share information when you explicitly authorize us to do so (e.g., when you integrate with third-party services).

3.2 Service Providers

We share information with trusted third-party service providers who help us operate the Service:

• Payment Processing: Stripe (for payment processing)
• Analytics: Google Analytics (anonymized data only)
• Email: SendGrid (for transactional emails)
• Hosting: Amazon Web Services, Cloudflare
• Support: Intercom (for customer support)

These providers are contractually bound to protect your data and use it only for the purposes we specify.

3.3 Legal Requirements

We may disclose information if required to do so by law or if we believe that:

• It is necessary to comply with a legal obligation
• It is necessary to protect our rights or property
• It is necessary to prevent fraud or abuse
• It is necessary to protect the safety of users or the public

3.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

3.5 Aggregate Data

We may share aggregate, anonymized data (e.g., industry statistics, usage trends) that cannot be used to identify you.

4. Data Security

We take security seriously and implement industry-standard measures to protect your data:

Technical Safeguards

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256
• Access Controls: Role-based access, two-factor authentication, least privilege principle
• Regular Audits: Quarterly security audits and penetration testing
• Monitoring: 24/7 security monitoring and intrusion detection
• Backups: Daily encrypted backups with 30-day retention

Organizational Safeguards

• Employee security training
• Background checks for employees with data access
• Incident response procedures
• Vendor security assessments

However, no method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at security@rus.sh.

5. Data Retention

We retain your information for as long as necessary to provide the Service:

Active Accounts

• Account Data: Retained while your account is active
• Link Data: Retained indefinitely (unless you delete links)
• Analytics Data: Retained for 2 years (detailed), aggregate data indefinitely
• IP Addresses: Hashed after 24 hours, deleted after 90 days

Deleted Accounts

• When you delete your account, we delete or anonymize your personal data within 30 days
• Some data may be retained longer if required by law (e.g., billing records for 7 years)
• Backups are deleted according to our 30-day retention schedule

6. Your Privacy Rights

You have the following rights regarding your personal information:

Access and Portability

• Request a copy of your personal data
• Export your data in a machine-readable format (CSV, JSON)
• Access your data through your account dashboard

Correction

• Update inaccurate or incomplete information
• Edit your profile and account settings

Deletion

• Delete individual links, QR codes, or vCards
• Request deletion of your account and all associated data
• Withdraw consent for data processing

Opt-Out

• Unsubscribe from marketing emails (link in every email)
• Disable cookies (through browser settings)
• Opt out of analytics tracking

Restriction

• Limit how we process your data
• Object to processing for specific purposes

To exercise these rights, visit your account settings or contact us at privacy@rus.sh. We will respond within 30 days.

7. Cookies and Tracking Technologies

Types of Cookies We Use

• Essential Cookies: Required for the Service to function (session management, authentication)
• Analytics Cookies: Help us understand how you use the Service (Google Analytics)
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Track conversions and ad performance (with your consent)

Managing Cookies

You can control cookies through:

• Your browser settings (most browsers allow you to block or delete cookies)
• Our cookie consent banner (appears on first visit)
• Your account privacy settings

Note: Blocking essential cookies may prevent you from using certain features of the Service.

8. Third-Party Services

Our Service integrates with third-party services (e.g., Google Analytics, Stripe). These services have their own privacy policies:

• Stripe Privacy Policy
• Google Privacy Policy
• Intercom Privacy Policy

We are not responsible for the privacy practices of third-party services.

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@rus.sh and we will delete the information.

Users between 13 and 18 must have parental or guardian consent to use the Service.

10. International Data Transfers

We are based in the United States. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate.

We use Standard Contractual Clauses (SCCs) and other safeguards approved by the European Commission to protect your data when it is transferred internationally.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know

• What personal information we collect
• How we use your personal information
• Who we share your personal information with

Right to Delete

• Request deletion of your personal information

Right to Opt-Out

• We do not "sell" your personal information as defined by CCPA, so there is nothing to opt out of

Non-Discrimination

• We will not discriminate against you for exercising your CCPA rights

To exercise your CCPA rights, contact us at privacy@rus.sh or call 1-800-XXX-XXXX.

12. GDPR Compliance (European Users)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

We process your personal data based on:

• Contract: To provide the Service you've signed up for
• Consent: For marketing communications and optional features
• Legitimate Interests: To improve the Service, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws

Your GDPR Rights

• Right to access your personal data
• Right to rectification (correction)
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

To exercise your GDPR rights, contact our Data Protection Officer at dpo@rus.sh.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email (for significant changes)
• Display a notice in your dashboard
• Require your consent if legally required

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

We will respond to your privacy inquiry within 30 days. For urgent security matters, contact security@rus.sh.