URLCROP Privacy Policy

1. Introduction

At urlcrop.org, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our URL shortening, QR code generation, and analytics services (the “Services”). By using the Services, you agree to this Policy, our Terms of Use, and our Cookie Policy.

2. Data Controller

Micro-entreprise Nathan Mabile EI
Registered office: Marché Gare – Rue Henri Barbusse, 47300 Villeneuve-sur-Lot, France
Email: mabile.nathan.pro@gmail.com

3. Information We Collect

• Account Information: username, email, and password (securely hashed).
• Analytics Data: for each click or QR scan: IP address, user agent, device type, timestamp.
• Usage Data: pages viewed, features used, and performance metrics to improve the Services.
• Cookies & Similar Technologies: session cookies for authentication; analytics cookies subject to prior consent (see section 10 and Cookie Policy).
• Billing Data (if applicable): payment status and references (processed by our payment processor; we do not store full card details).

4. Purposes of Processing

1. Provide and Maintain Services: operate your account, process requests, deliver analytics.
2. Improve Services: understand usage, debug, enhance performance and security.
3. Communication: service updates, transactional emails (e.g., billing, security alerts).
4. Marketing (optional): newsletters and promotions only with your prior consent (you may withdraw anytime).
5. Legal Compliance & Protection: comply with applicable laws, enforce our Terms, prevent fraud and abuse.

5. Legal Bases (GDPR Article 6)

• Contract (Art. 6(1)(b)): account creation, service provision, customer support.
• Legitimate Interests (Art. 6(1)(f)): service improvement, security, anti-abuse, basic statistics (strictly necessary and privacy-preserving).
• Consent (Art. 6(1)(a)): marketing emails and non-essential cookies/trackers (e.g., analytics).
• Legal Obligation (Art. 6(1)(c)): invoicing, accounting, requests from competent authorities.

6. Data Sharing & Processors

We do not sell personal data. We may share limited data with:

• Service Providers (processors): hosting (OVH), email delivery, payment processing, analytics—bound by confidentiality and data processing agreements.
• Authorities: where required by law or to protect our rights and users.

7. International Data Transfers

Where data is transferred outside the European Economic Area (EEA), we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, additional measures. You can request copies of relevant safeguards by contacting us.

8. User Responsibility for Link/QR Analytics

If you create or share shortened URLs or QR codes, you are solely responsible for providing notice and obtaining any required consent from individuals whose data (IP, user agent, device, timestamp) you collect via your links, in compliance with applicable data protection laws (e.g., GDPR).

9. Data Retention

• Account data: retained while your account is active; deleted or anonymized within a reasonable period after closure (subject to legal retention duties).
• Analytics data (clicks/scans): up to 24 months, unless you delete it earlier or a longer period is legally required.
• Billing data: retained as required by applicable accounting/tax laws.
• Cookies: see Cookie Policy for storage periods (e.g., session vs. analytics cookies).

10. Cookies & Similar Technologies

We use essential session cookies for authentication. Analytics cookies (e.g., Google Analytics) are non-essential and are placed only if you give consent via our cookie banner. You can withdraw or change your choices at any time. For full details (types, purposes, lifetimes), see our Cookie Policy.

11. Your Rights

• Access to your data;
• Rectification of inaccurate or incomplete data;
• Erasure (“right to be forgotten”);
• Restriction of processing;
• Portability of your data in a machine-readable format;
• Objection to processing based on legitimate interests;
• Withdraw Consent at any time for marketing and cookies (does not affect prior lawful processing).

To exercise your rights, contact us at mabile.nathan.pro@gmail.com. We may request information to verify your identity before acting on your request.

You also have the right to lodge a complaint with your local Data Protection Authority. In France, this is the Commission Nationale de l’Informatique et des Libertés (CNIL) .

12. Security Measures

We apply industry-standard safeguards, including encryption in transit (HTTPS), secure password hashing, least-privilege access, and periodic security reviews. However, no method of transmission or storage is 100% secure.

13. Children’s Privacy

Our Services are not intended for children under 15 years old (France). We do not knowingly collect data from minors. If you believe a minor has provided personal data, please contact us to delete it.

14. Automated Decision-Making

We do not engage in automated decision-making producing legal or similarly significant effects on individuals.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or in-app notice. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.