⏳ Processing...

Privacy Policy

Effective Date: May 7, 2026

1. Introduction

UNTRAP ("we", "our", "us") operates untrap.link and provides smart link redirection services. We take a minimal-data approach: we collect only what is necessary to route your clicks and bill your usage.

This policy explains what data we collect, why we collect it, and what we do with it. If you have any questions, email hello@untrap.link.

2. What Data We Collect

2.1 Account Data

We collect only your email address. We do not collect your name, phone number, physical address, profile picture, or any other personal identifiers.

2.2 Click Analytics Data

When a visitor clicks one of your Untrap links, we record the following purely for analytics and billing:

  • Slug and destination URL
  • Device type and operating system
  • Country (derived from Cloudflare's edge location - raw IP addresses are never stored)
  • Browser type (e.g., Chrome, Instagram in-app browser)
  • Visitor classification (human / AI agent / search engine)
  • Referrer URL and UTM parameters (if present)

This data is stored in Cloudflare Analytics Engine. It is not sold, shared, or used for advertising.

2.3 Payment Data

We never process or store credit card numbers or bank details. All payment processing is handled entirely by Stripe. We store only an anonymized Stripe customer identifier and transaction amounts in our ledger for billing purposes.

3. Cookies & Browser Storage

3.1 Session Cookie (Authentication)

When you log in, we set a single session cookie to keep you authenticated. This cookie is:

  • HTTP-only (not accessible to JavaScript)
  • Set with Secure and SameSite=Lax flags
  • Valid for 30 days
  • Deleted immediately on logout

3.2 Cloudflare Strictly Necessary Cookies

Cloudflare sets a strictly necessary cookie (__cfduid) for security and performance. This cookie is required for our service to function and does not collect personal data.

We do not use tracking cookies, advertising cookies, session replay, or any third-party analytics scripts.

4. How We Use Your Data

  • Email address - to send secure login links and account notifications
  • Click analytics - to display usage statistics in your dashboard and calculate metered billing charges
  • Destination URLs - to scan for malware/phishing via Google Web Risk API

5. Data Sharing & Third-Party Services

We do not sell your personal information. The following third parties receive strictly limited data to provide their services:

Cloudflare

Purpose: Edge hosting, database, caching, analytics

Data shared: IP address (edge-level only, not stored), request metadata, click analytics as described above

Stripe

Purpose: Payment processing

Data shared: Payment amount, anonymized customer and product identifiers. No card details are stored by us or transmitted through our servers.

Resend

Purpose: Transactional email delivery

Data shared: Only your email address (for sending login links)

Google Web Risk API

Purpose: URL malware / phishing scanning

Data shared: Only the destination URL domain name. No user data, IP addresses, or click data is sent to Google.

6. Data Security

We implement the following security measures:

  • No passwords. We use magic link authentication - no password hashes are ever stored.
  • End-to-end TLS 1.3. All traffic is encrypted in transit.
  • Edge deployment. All application logic runs on Cloudflare's global edge network with DDoS protection, WAF, and rate limiting.
  • Malware scanning. Destination URLs are scanned against Google Web Risk before redirects are created.

7. Data Retention

  • Account data (email): Retained until you request deletion or your account is inactive.
  • Click analytics: Retained for 90 days in Cloudflare Analytics Engine.
  • Transaction ledger: Retained for 7 years as required for accounting purposes.
  • Demo links: Automatically expire 1 hour after creation and are purged.

8. Your Rights

You have the right to:

  • Access the data we hold about you
  • Correct inaccurate data (e.g., update your email)
  • Delete your account and associated data
  • Data portability - request a copy of your analytics data

To exercise any of these rights, email hello@untrap.link. We will respond within 30 days.

9. Jurisdiction

This policy is governed by the laws of Ontario, Canada. If you are accessing our services from the European Economic Area (EEA), United Kingdom, or California, the rights above apply to you as specified under GDPR, UK GDPR, or CCPA respectively.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy inquiries:

Email: hello@untrap.link
Operator: UNTRAP
Jurisdiction: Ontario, Canada