1. Information We Collect
When you use test.gatewaydomains.ca, we may collect:
- Click Data: IP address (may be anonymized), browser type, device type, operating system, referrer, country, and language
- Link Data: URLs you shorten, custom aliases you create, and the IP address used to create the link
- Technical Data: User agent strings, timestamps, and request headers
2. Account Data
If you create an account (via invite link), we collect and store:
- Username, email address, and encrypted password (Argon2ID hashed)
- First and last name (if provided)
- Login history: IP addresses, timestamps, browser, device, and operating system
- Session data: active sessions, last activity timestamps
- API tokens you generate and their usage statistics
We do not store plain-text passwords. Password hashes cannot be reversed or decrypted.
3. How We Use Information
We use collected information to:
- Provide link shortening and redirect services
- Generate analytics and click statistics
- Detect and prevent abuse, spam, and malicious activity
- Perform security scanning on destination URLs
- Display advertisements
- Enforce our Terms of Service
- Improve the Service
4. Security Scanning & Data Sharing
Destination URLs submitted to the Service may be sent to third-party security scanning services for threat analysis. This includes:
- Hero Servers Security Gateway — URLs are submitted for risk scoring, SSL verification, and malware detection
- Only the destination URL is shared with scanning services — not your personal information, IP address, or account data
- Scan results (risk score, classification) are stored temporarily for caching purposes
We do not sell, trade, or share your personal information with any third party for marketing purposes.
5. Advertisements & Tracking
The Service displays advertisements during the redirect process. Regarding ad tracking:
- We track ad impressions (how many times an ad is shown) and clicks (how many times an ad is clicked)
- We do not use third-party ad tracking pixels, cookies, or behavioral targeting
- Ad click tracking is limited to counting clicks — we do not build advertising profiles
- Third-party advertisers linked from ads may have their own tracking and privacy policies which we do not control
test.gatewaydomains.ca does not endorse or assume responsibility for third-party advertiser privacy practices.
6. Data Retention
Data is retained as follows:
- Click analytics: Retained for the lifetime of the shortened link
- Account data: Retained until the account is deleted
- Login attempts: Retained for 90 days for security purposes
- Audit logs: Retained indefinitely for compliance and security
- Deleted links: Associated click data is permanently removed when a link is deleted
7. IP Addresses
IP addresses are collected for:
- Click analytics and geographic reporting
- Brute force protection and rate limiting
- Abuse prevention and link creator identification
- Security logging
IP addresses may be hashed for unique visitor counting. Raw IP addresses are stored in admin-only areas and are never displayed publicly. We do not share IP addresses with third parties except when required by law.
8. Cookies
The Service uses cookies for:
- Session cookies: Required for login and admin panel functionality
- Remember me cookies: Optional, persists login for 30 days
- Theme preference: Stored in browser localStorage (not a cookie)
We do not use advertising cookies, tracking cookies, or third-party analytics cookies.
9. Children's Privacy
The Service is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that a child under 13 has provided personal information, we will delete it promptly.
10. Data Location & Storage
Your data is stored on servers located in the United States and/or Canada. By using the Service, you consent to the transfer and storage of your data in these locations. Our hosting infrastructure is provided by third-party data center providers who maintain physical security and environmental controls.
11. Third-Party Services
We use the following third-party services:
- Security scanning: Hero Servers Security Gateway (URL threat detection)
- QR code generation: Google Charts API / QuickChart.io
- Screenshot services: Thum.io (for social media preview images)
Each third-party service has its own privacy policy. We only share the minimum data required for each service to function.
12. Your Rights & Data Deletion
You have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your account and associated data
- Export: Request an export of your link and analytics data
To exercise these rights, contact the administrator of test.gatewaydomains.ca. Deletion requests will be processed within 30 days. Note that some data (audit logs, abuse records) may be retained for legal compliance even after account deletion.
13. Data Breach Notification
In the event of a data breach that compromises personal information, we will:
- Notify affected users via email within 72 hours of discovery
- Describe the nature of the breach and what data was affected
- Outline steps taken to address the breach
- Provide recommendations for users to protect themselves
14. Changes to This Policy
We may update this policy at any time. Changes take effect immediately upon posting. Continued use of the Service after changes constitutes acceptance of the updated policy. For significant changes, we will make reasonable efforts to notify users via the Service or email.
15. Contact
For privacy concerns, data requests, or questions about this policy, contact the administrator of test.gatewaydomains.ca.