Privacy Statement

1.1 Account Information

When you create an account through our authentication provider (Clerk), we receive and store:

• Email address — used for account identification and communication
• Authentication identifier — a unique ID from Clerk to link your account
• Account creation date — for record keeping

We do not store passwords. Authentication is handled entirely by Clerk's secure infrastructure.

1.2 Link Data

When you create a shortened link, we store:

• The original (destination) URL
• The generated or custom short code
• An auto-fetched page title (for display purposes only)
• Creation and modification timestamps
• Active/inactive status
• Password hash (if password protection is enabled — the password itself is never stored)
• Expiration date (if set)

1.3 Click Analytics Data

When someone clicks a shortened link, we collect the following aggregate analytics data:

• IP address hash — your IP is irreversibly hashed using HMAC-SHA256 with a secret salt before storage. We cannot reverse this hash to recover your IP address.
• Country and city — derived from geo-IP headers provided by our hosting platform (Vercel). We do not use third-party geo-IP databases.
• Device type — mobile, tablet, or desktop (parsed from the User-Agent string)
• Browser and OS — e.g., Chrome, Firefox, Windows, macOS (parsed from the User-Agent string)
• Referrer — the website that referred the click (if available)
• Timestamp — when the click occurred

1.4 Information We Do NOT Collect

• Passwords (handled by Clerk)
• Payment information (the service is free)
• Raw IP addresses (always hashed before storage)
• Cookies for tracking across sites
• Browsing history beyond the single redirect event
• Personal demographic information (age, gender, etc.)

We use the information we collect for the following purposes:

We do not use your data for advertising, profiling, or selling to third parties.

We share data with the following third-party services, which are essential to operating the Service:

We do not share your data with advertisers, data brokers, or analytics platforms. We do not embed third-party tracking scripts in the Service.

We may disclose information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

• Account data — retained for the lifetime of your account. Deleted when you delete your account.
• Link data — retained for the lifetime of the link. Anonymous links may be removed after extended periods of inactivity.
• Click analytics — retained for as long as the associated link exists. When a link is deleted, its click data is cascade-deleted.
• Hashed IP addresses — retained with click data. Since they are irreversibly hashed, they cannot be used to identify individuals.

We implement the following security measures to protect your data:

• Encryption in transit — all data is transmitted over HTTPS/TLS
• Encryption at rest — our database provider encrypts all stored data
• IP hashing — IP addresses are irreversibly hashed using HMAC-SHA256 with a server-side secret before storage
• Password hashing — link passwords are hashed with bcrypt (cost factor 10) before storage
• No plain-text secrets — all sensitive configuration is stored in environment variables, never in code
• Authentication delegation — Clerk handles all authentication, session management, and credential storage

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and associated data
• Export — request your data in a portable format
• Objection — object to certain types of data processing
• Restriction — request restriction of processing in certain circumstances

To exercise any of these rights, please contact us at the email address below. We will respond within 30 days.

Snip uses minimal client-side storage:

• Authentication cookies — set by Clerk to maintain your logged-in session. These are strictly necessary and cannot be disabled while using authenticated features.
• No tracking cookies — we do not use cookies for analytics, advertising, or cross-site tracking.
• No local storage abuse — we do not store tracking identifiers in localStorage or sessionStorage.

The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected such information, we will take steps to delete it promptly. If you believe a child under 13 has provided us with personal data, please contact us immediately.

Your data may be stored and processed in regions where our infrastructure providers operate, including the United States and European Union. By using the Service, you consent to the transfer of your data to these regions. Our providers maintain appropriate safeguards for international data transfers.

We may update this Privacy Statement periodically. When we make material changes, we will:

• Update the “Last updated” date at the top of this page
• Notify registered users via email for significant changes
• Provide a prominent notice on the Service

We encourage you to review this page periodically to stay informed about our privacy practices.

If you have questions, concerns, or requests regarding this Privacy Statement or your personal data, please contact us: