URLSkin LogoURLSkin
Privacy Policy

Last updated: 9th December, 2025

1. Introduction

URLSkin (“Company”, “we”, “our”, “us”) operates the website urlskin.xyz (the “Service”). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our URL shortener, QR generator, analytics dashboard, or related features.

By using URLSkin, you agree to this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

When you create an account through our standard forms or third-party sign-in (Google or GitHub via BetterAuth), you provide:

  • Full Name
  • Email Address
  • Password (encrypted; we never see or store plaintext passwords)

2.2 Generated or Collected Automatically

We automatically collect:

  • guestId cookie: A randomly generated identifier stored as a cookie for non-logged-in users.
    • Used to save temporary “guest links”, which can later be migrated to your registered account upon login.
    • You may accept or discard guest links after logging in.
  • Device & Usage Data
    • IP address (for security + anti-abuse)
    • Browser type and version
    • Pages visited on urlskin.xyz
    • Referring URLs
    • Date and time of access

2.3 Guest ID Cookie

Non-logged users receive a unique guestId cookie to temporarily save guest links. If a user later logs in, all links associated with that guestId can be migrated to their account (users may accept or discard them).

2.4 Analytics (Umami)

We use Umami Analytics, a privacy-friendly tool that:

  • Does not use cookies
  • Does not collect personal data
  • Provides aggregate usage data only

2.5 Payment Information

Payments are handled exclusively by Paddle.

We do not store or process your payment card or billing details.

Paddle collects:

  • Payment method
  • Billing email
  • Transaction identifiers
  • Country for tax compliance

Please refer to Paddle's Privacy Policy for full details.

3. How We Use Your Information

We use information to:

  • Provide and operate core features (URL shortening, QR generation, analytics)
  • Authenticate users (BetterAuth + Supabase)
  • Store and manage your created links
  • Migrate guest links to your account upon login
  • Detect and prevent abuse (e.g., phishing URLs, malicious usage)
  • Process payments and subscriptions via Paddle
  • Improve our platform, performance, and user experience
  • Provide customer support
  • Comply with legal or regulatory obligations

4. Legal Basis (GDPR)

We process personal data on the following bases:

  • Contractual necessity - to provide the service you requested
  • Legitimate interest - preventing abuse, improving the platform
  • Consent - guestId cookies, email communications
  • Legal obligation - tax compliance via Paddle

5. How We Store and Secure Data

Your data is stored securely in Supabase (PostgreSQL) with:

  • Row-Level Security (RLS)
  • Encrypted connections (TLS)
  • Access restrictions limited to authorized service operations
  • Secure password hashing (bcrypt or Argon2 depending on auth provider)

We take reasonable steps to protect your information, but no method of transmission over the internet is 100% secure.

6. Sharing of Information

We may share information only with:

6.1 Service Providers

  • Paddle (payments)
  • Supabase (database + auth)
  • Umami (analytics)
  • Email provider (used for sending system emails)

6.2 Legal & Compliance

We may disclose information if required by:

  • Law
  • Court order
  • Regulatory authority
  • To prevent fraud, abuse, or security threats

We never sell personal information.

7. Cookies

We use minimal cookies:

7.1 guestId Cookie (Essential)

Used to store temporary guest links and session data. Expires automatically after a short period.

7.2 Auth Cookies (BetterAuth)

Used for secure login sessions.

We do not use tracking cookies or advertising cookies.

8. Data Retention

  • Account data is retained as long as your account is active.
  • Guest links are deleted automatically after expiration or after account migration.
  • Payment records are retained as required by tax law (via Paddle).
  • Deleted accounts are fully purged except where legal retention applies.

9. Your Rights

Depending on your jurisdiction, you may request:

  • Access to your data
  • Correction of inaccurate data
  • Deletion of your data
  • Export of your data
  • Restriction of processing

To make a request, contact us at: legal@urlskin.xyz

10. Children's Privacy

URLSkin is not intended for users under 16.

We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy at any time.

Changes take effect upon posting on this page.

12. Contact Us

For privacy questions, contact us at: legal@urlskin.xyz