Back
Looking for Terms of Service? Click here

Privacy Policy

Last updated: March 19, 2026

1. Data Controller Identity

Sift Short acts as the Data Controller. You can contact our dedicated privacy team at privacy@sift.nu.

2. Lawful Basis for Processing

We collect and process your data under the following lawful bases:

  • Contract Necessity: To provide the shortening service and maintain your account.
  • Legitimate Interest: For security purposes, such as identifying bot traffic, preventing spam, and ensuring platform integrity.
  • Consent: For any optional marketing communications or specialized tracking cookies (if used).

3. What Data is Collected

From Link Creators:

  • Name, email address, and account authentication details.

From Link Clickers:

  • IP addresses, device types, basic browser info (user-agent, operating system, etc.), and referral URLs for analytics purposes.

4. Data Retention Policy

We retain click and log data for analytics purposes temporarily. Log data and detailed click histories are purged or anonymized after 30 days. Account information is retained for as long as your account remains active.

5. International Data Transfers

If our servers are located outside your region (e.g., in the US while you are in the EU), we ensure your data is protected through the use of Standard Contractual Clauses (SCCs) and appropriate data transfer mechanisms.

6. Third-Party Processors

We may share data with trusted third-party processors to operate our service, including hosting providers (e.g., Vercel, Convex). These processors are strictly bound by data protection agreements.

7. User Rights

Under the GDPR and other applicable privacy laws, you have the right to:

  • Access & Portability: Request a copy of the personal data we hold about you.
  • Erasure (Right to be Forgotten): Ask for your account or click history to be permanently deleted.
  • Rectification: Fix incorrect or incomplete account information.
  • Lodge a Complaint: File a complaint with your local Data Protection Authority (DPA) if you believe your rights have been violated.

8. Technical Safeguards

  • Data Minimization: We only collect the minimum amount of data necessary to redirect links safely and accurately.
  • Encryption: All data is encrypted in transit using industry-standard HTTPS/TLS protocols.
  • Anonymization: When providing analytics to link creators, we anonymize clicker IP addresses before displaying them (e.g., masking the last octet, like 192.168.1.xxx).