Privacy Policy
How we protect your privacy and data
Related Document: Terms of Service
Legal terms governing use of our service
Privacy Policy
Last updated: January 2026
Overview
PVTLNK (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our link shortening service.
Zero-Knowledge Architecture
PVTLNK is built with a zero-knowledge architecture, meaning:
- We never see your password - Passwords are hashed using PBKDF2 before transmission
- We cannot access your data - All encryption happens client-side
- You maintain control - Only you can access your account and links
Information We Collect
Information You Provide
| Information | Purpose | Storage |
|---|---|---|
| Username (commitment hash) | Account identification | Hashed, irreversible |
| Recovery codes | Account recovery | Encrypted |
| Email (optional) | Account notifications | Encrypted at rest |
Information Collected Automatically
| Information | Purpose | Retention |
|---|---|---|
| Aggregated click counts | Analytics display | Indefinite |
| Country (from IP) | Geographic stats | Aggregated only |
| Device type | Analytics | Aggregated only |
| Browser type | Analytics | Aggregated only |
Information We Do NOT Store
- Original URLs (in plain text)
- IP addresses (hashed immediately)
- Full user agent strings
- Passwords (only commitments)
Data Protection
Encryption
- Database: AES-256 encrypted at rest
- Transport: TLS 1.3 for all connections
- Passwords: PBKDF2 (100,000 iterations)
- Links: Server-side encryption
Swiss Hosting
Our servers are hosted in Switzerland, providing:
- Strict Swiss data protection laws
- No US government surveillance programs
- Independent legal jurisdiction
Cookies and Tracking
Essential Cookies
| Cookie | Purpose | Duration |
|---|---|---|
pvtlnk_session_token |
Session authentication | 30 days |
pvtlnk_recovery_verified |
Recovery flow | Session |
Analytics
We use anonymized, aggregated analytics only. No personal data is tracked.
Third-Party Services
Payment Processing
All payments are processed through Stripe. We never see or store your payment details.
Analytics
We may use anonymized analytics to improve our service.
Your Rights
GDPR Compliance
As a Swiss-hosted service with GDPR-compliant practices:
- Right to access - Download your data anytime
- Right to deletion - Delete all data with one click
- Right to portability - Export data in standard format
- Right to correction - Update your information
Account Deletion
To delete your account: 1. Go to Settings 2. Click “Delete Account” 3. Confirm deletion
All data is permanently deleted within 30 days.
Children’s Privacy
PVTLNK is not intended for use by children under 16. We do not knowingly collect information from children.
Changes to This Policy
We will notify users of any material changes to this policy via:
- Email notification
- In-app notification
- Updated effective date
Contact Us
For privacy-related questions, please contact us through our official channels.
Address: PVTLNK AG Bahnhofstrasse 100 8001 Zurich Switzerland
Warrant Canary
We maintain a public warrant canary at /canary that is updated daily. The absence of a update indicates we have received legal requests for user data.
Last canary update: View Current Status
Related Documentation
- Privacy & Security Whitepaper - Technical details
- Encryption Architecture Guide - Cryptographic details
- Warrant Canary - Transparency report