Legal

Privacy Policy

Effective April 14, 2026

1. Overview

Qorlivo ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share information when you use our URL shortening platform at qorlivo.com and its subdomains ("Service").

By using the Service, you agree to the collection and use of information as described in this policy.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign in via Google or GitHub (OAuth), we receive only the profile information you authorize.

Payment Information

Paid subscriptions are processed through Stripe. We do not store your full card details — only the last 4 digits, card brand, and expiry date that Stripe returns for display purposes.

Links & Custom Domains

We store the long URLs you shorten, any custom slugs you choose, and the custom domains you configure. This data is necessary to operate the redirect service.

Click Analytics

When someone clicks one of your short links, we log the following to provide analytics:

  • Timestamp of the click
  • Referrer URL (the page the visitor came from, if sent by the browser)
  • Device type (mobile, tablet, desktop)
  • Browser and operating system
  • Country and region (derived from IP address — the raw IP is not stored)

We do not store raw IP addresses beyond what is temporarily needed to resolve the geographic region. Click data is attributed to links, not to individuals.

Usage & Log Data

We automatically collect server logs including request timestamps, API endpoint accessed, HTTP status codes, and response times. This data is used for debugging, performance monitoring, and security.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Authenticate your account and validate API key requests
  • Show you click analytics for your links in the dashboard
  • Send transactional emails (account verification, password reset, billing receipts)
  • Detect and prevent abuse, spam, and security incidents
  • Comply with legal obligations and enforce our Terms of Service

We do not sell your personal information. We do not use your data to train AI models or share it with advertisers.

4. Cookies & Local Storage

We use session cookies to keep you logged in and localStorage for theme preferences (light/dark/system). We do not use third-party advertising cookies or tracking pixels.

Our payment processor, Stripe, may set cookies on checkout pages. Stripe's use of data is governed by Stripe's Privacy Policy.

5. Data Sharing & Third Parties

We share your information only with the following categories of service providers, strictly to operate the Service:

  • Convex — database and backend infrastructure
  • Upstash Redis — caching layer for redirect performance
  • Stripe — payment processing
  • Vercel — hosting and edge infrastructure

We may also disclose information if required by law, subpoena, or court order, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Qorlivo, our users, or the public.

6. Data Retention

Account data is retained for as long as your account is active. Click analytics data is retained for 24 months. When you delete your account, we delete your personal information within 30 days, except where retention is required by law (e.g., billing records retained for 7 years).

Shortened links created on a free account may be removed after 12 months of inactivity.

7. Data Security

We use industry-standard measures to protect your data, including HTTPS/TLS encryption in transit, encrypted storage at rest, and API key hashing. However, no system is completely secure. If you discover a vulnerability, please disclose it responsibly to security@qorlivo.com.

8. Your Rights

Depending on your location, you may have rights under GDPR, CCPA, or other applicable privacy laws, including:

  • Access: Request a copy of the data we hold about you
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your account and associated data
  • Portability: Export your links and analytics data in a standard format
  • Opt-out: California residents may opt out of the "sale" of personal information (we do not sell data, but we honor these requests)

To exercise these rights, email privacy@qorlivo.com. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have, we will delete it promptly. Contact us at privacy@qorlivo.com if you believe a child has submitted information to us.

10. International Transfers

Qorlivo operates from the United States. If you are located outside the U.S., your data will be transferred to and processed in the U.S. By using the Service, you consent to this transfer. We rely on Standard Contractual Clauses or other lawful mechanisms for transfers from the European Economic Area.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the revised policy with a new effective date and, for material changes, notify registered users by email.

12. Contact

Questions about this Privacy Policy? Contact us at privacy@qorlivo.com.