1) Scope & Overview

This Cookie Policy explains how Shortnd uses cookies, SDKs, pixels, local storage, and similar technologies (collectively, Cookies) on our websites, dashboard, docs, hosted pages (e.g., link‑in‑bio), and when a person views or interacts with a Shortnd link, including those under customer‑owned branded domains powered by Shortnd.

2) Consent & Preference Management

• In the EEA/UK, non‑essential Cookies (analytics/ads) require opt‑in consent before use. We provide a Consent Management Platform (CMP) supporting IAB TCF 2.2 and granular toggles.
• In applicable U.S. state laws (e.g., California CPRA, Colorado CPA), we honor Do Not Sell/Share and Global Privacy Control (GPC)/Universal Opt‑Out signals.
• You can modify choices at any time via Consent Preferences (link in footer or profile menu) or native browser controls.
• Strictly necessary Cookies do not require consent and are always on to deliver the Service securely.

3) Types of Cookies We Use

A. Strictly Necessary — authentication/session, CSRF, load balancing, fraud/abuse prevention, consent state; used to provide core functionality and security.

B. Preferences/Functional — language, UI layout, saved views, experiment assignment where not purely analytics.

C. Analytics/Measurement — product usage, feature adoption, performance metrics; set only after consent in jurisdictions requiring it.

D. Advertising/Marketing — retargeting pixels or ad measurement; disabled by default in regulated regions and used only with consent.

4) First‑Party vs Third‑Party

We set first‑party Cookies (by Shortnd) and allow third‑party Cookies/SDKs from vendors that help us operate the Service (e.g., CDN/WAF, analytics, payments, support). Vendors are listed on our Sub‑processors page with regions and transfer safeguards.

5) Lifetimes & Storage

• Strictly necessary: session or up to 12 months.
• Preferences: up to 12 months.
• Analytics/ads: typically 13–24 months (vendor‑specific).
• Local storage/IndexedDB: used for preferences and performance; cleared via your browser.

6) Mobile SDKs

For mobile or embedded experiences, analogous SDK events may be used for authentication, crash reporting, analytics (consent where required), and push notifications. You can control push permissions in device settings.

7) Link Interactions Without Account Login

When a person views or clicks a Shortnd‑powered link, we may record event metadata (timestamp, link key, referrer, user‑agent, IP address, coarse geo) to deliver redirects, prevent abuse, and produce analytics for our customers. IP addresses are treated as personal data and handled under our Privacy Policy. Where local law requires consent for analytics, we will only collect analytics after consent.

8) Do Not Track (DNT) & GPC

Some browsers offer DNT; there is no common standard to respond to DNT, but we do recognize GPC/Universal Opt‑Out signals where the law requires or where we voluntarily extend support.

9) Managing Cookies

• Use our Consent Preferences to configure categories.
• Use browser controls to block/delete Cookies (functionality may break if strictly necessary Cookies are blocked).
• Opt out of vendor‑specific analytics/ads via their mechanisms where available (accessible through our CMP and vendor links).

10) Cookie Walls

We avoid cookie walls except where permitted and with equivalent content alternatives and clear disclosures.

11) Changes

We may update this policy; the Effective date above indicates the latest version. Material changes will be notified via banner or in‑app notice.

12) Contact

Questions? privacy@shortnd.com.

1) Scope & Overview

This Cookie Policy explains how Shortnd uses cookies, SDKs, pixels, local storage, and similar technologies (collectively, Cookies) on our websites, dashboard, docs, hosted pages (e.g., link‑in‑bio), and when a person views or interacts with a Shortnd link, including those under customer‑owned branded domains powered by Shortnd.

2) Consent & Preference Management

• In the EEA/UK, non‑essential Cookies (analytics/ads) require opt‑in consent before use. We provide a Consent Management Platform (CMP) supporting IAB TCF 2.2 and granular toggles.
• In applicable U.S. state laws (e.g., California CPRA, Colorado CPA), we honor Do Not Sell/Share and Global Privacy Control (GPC)/Universal Opt‑Out signals.
• You can modify choices at any time via Consent Preferences (link in footer or profile menu) or native browser controls.
• Strictly necessary Cookies do not require consent and are always on to deliver the Service securely.

3) Types of Cookies We Use

A. Strictly Necessary — authentication/session, CSRF, load balancing, fraud/abuse prevention, consent state; used to provide core functionality and security.

B. Preferences/Functional — language, UI layout, saved views, experiment assignment where not purely analytics.

C. Analytics/Measurement — product usage, feature adoption, performance metrics; set only after consent in jurisdictions requiring it.

D. Advertising/Marketing — retargeting pixels or ad measurement; disabled by default in regulated regions and used only with consent.

4) First‑Party vs Third‑Party

We set first‑party Cookies (by Shortnd) and allow third‑party Cookies/SDKs from vendors that help us operate the Service (e.g., CDN/WAF, analytics, payments, support). Vendors are listed on our Sub‑processors page with regions and transfer safeguards.

5) Lifetimes & Storage

• Strictly necessary: session or up to 12 months.
• Preferences: up to 12 months.
• Analytics/ads: typically 13–24 months (vendor‑specific).
• Local storage/IndexedDB: used for preferences and performance; cleared via your browser.

6) Mobile SDKs

For mobile or embedded experiences, analogous SDK events may be used for authentication, crash reporting, analytics (consent where required), and push notifications. You can control push permissions in device settings.

7) Link Interactions Without Account Login

When a person views or clicks a Shortnd‑powered link, we may record event metadata (timestamp, link key, referrer, user‑agent, IP address, coarse geo) to deliver redirects, prevent abuse, and produce analytics for our customers. IP addresses are treated as personal data and handled under our Privacy Policy. Where local law requires consent for analytics, we will only collect analytics after consent.

8) Do Not Track (DNT) & GPC

Some browsers offer DNT; there is no common standard to respond to DNT, but we do recognize GPC/Universal Opt‑Out signals where the law requires or where we voluntarily extend support.

9) Managing Cookies

• Use our Consent Preferences to configure categories.
• Use browser controls to block/delete Cookies (functionality may break if strictly necessary Cookies are blocked).
• Opt out of vendor‑specific analytics/ads via their mechanisms where available (accessible through our CMP and vendor links).

10) Cookie Walls

We avoid cookie walls except where permitted and with equivalent content alternatives and clear disclosures.

11) Changes

We may update this policy; the Effective date above indicates the latest version. Material changes will be notified via banner or in‑app notice.

12) Contact

Questions? privacy@shortnd.com.