Privacy policy
What we collect
When you open a short link we collect the minimum signal needed to route your click and produce honest analytics for the link's owner: a hashed IP, a hashed User-Agent, the requested URL, and the rule that matched. From the User-Agent and request headers we derive coarse, non-identifying labels — device type and model, operating system and browser (with versions), the country/region and timezone, your browser language, and the referring site.
We also generate two opaque identifiers so the owner can see sessions rather than disconnected clicks: a visitor identifier (a salted hash of the hashed IP + User-Agent, scoped to that one owner) and a session identifier (a random token in the functional `ar_sess` cookie that groups your clicks within 30 minutes). Neither is linked to your name or account. If the link's URL contains an advertising click ID (for example ttclid, fbclid, or gclid), we store that value so the owner can reconcile it with their ad platform. We do not collect names, email addresses, precise location, or any other personal identifier from a redirect.
Why we collect it
We use it strictly to: (a) decide which destination to redirect you to, (b) produce per-link aggregate analytics for the AppRoute customer whose link you clicked, and (c) detect abuse such as automated traffic floods.
Your rights
GDPR and CCPA grant you the right to access, correct, port, and delete personal data we hold about you. Email privacy@getapproute.com and we will respond within 14 days.
- Right of access — copy of data we hold
- Right to rectification — correct inaccuracies
- Right to erasure — delete on request
- Right to portability — machine-readable export
- Right to object — to processing on legitimate interest
How long we keep it
Raw, hashed click events are retained for 90 days for debugging and abuse review, after which only aggregate counts remain. Aggregates are retained for the lifetime of the link, plus 12 months after deletion.
Contact
Privacy questions: privacy@getapproute.com. EU representative: AppRoute GmbH, c/o data-protection@getapproute.com.