Privacy Policy

Detailed explanation of how we deal with your data

Welcome to the once.to privacy policy! We pride ourselves upon the fact that we’re privacy-focused. This document explains what information we collect through your access and use of our service and how we make use of this information.

In this Policy, once.to refers to the service offered by Yktoo Solutions (the “Company” or “We”) through the once.to website (the “Service”); this umbrella term includes the provided applications, content, and other relevant parts of the functionality. We sometimes refer to “You”, which may be a visitor on one of our websites, a user of one or more of our services (“User” or “Customer”), or a visitor of a link handled by the service (“Visitor”). This Policy is further complemented by once.to’s Terms of Service.

IMPORTANT: If you do not agree with our policies and the terms of the aforementioned Terms of Service, please do not use our Service. By accessing or using our Service, you agree to this Policy.

1. Controller and Processor

Data protection laws and privacy laws in certain jurisdictions differentiate between controllers and processors of personal information. A controller decides why and how to process personal information. A processor processes personal information on behalf of a controller and following the controller’s specification. When you create a link on once.to, hence becoming a User, we are acting as a controller. When you click on a link created by a User and served by once.to, we are acting as a processor.

Our use of Personal Information is to further our legitimate interests to:

2. What data do we collect?

While using our Service we may collect information that identifies, relates to, describes, is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, to you (“Personal Information”). This does not include aggregated or de-identified information that is maintained in a form that is not reasonably capable of being associated with or linked with you.

2.1. Data provided by User

2.2. Data collected automatically

2.4. No special category of personal data

We do not collect, process, or otherwise use any sensitive personal data or any special category of personal data, as such terms are defined under applicable privacy laws, as a condition of using the Service.

3. Purposes your personal information is used for

We will share Personal Information in the following circumstances:

The purpose of our Service is to allow you to share information and to receive information about the Links you create on once.to. As a result, some Personal Information may be shared with third parties as described below:

We may also share aggregated information that does not include Personal Information and we may otherwise disclose non-identifying information and Logging data to parties for industry analysis, demographic profiling, and other purposes. Any aggregated information shared in these contexts will not contain your Personal Information.

4. Marketing and advertising

We use your Personal Information to tailor our marketing and advertising efforts. To do this, we provide your information to third party advertising networks (such as Google AdSense) and social media companies (such as Facebook, Twitter, and other social media platforms). When we provide data to agencies, ad networks, and other parties for targeted advertising, we do not provide them with your name, financial information, or any other sensitive information. We use online identifiers such as email, cookies, and device identifiers to help us provide targeted advertising to you and others like you.

We may also use aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal information we have collected from you to enable us to display advertisements to target audiences.

To opt out of targeted advertising, you may use the following links provided by third parties that manage opt outs for some ad networks:

5. Email communication

When you sign up for our Services, we may send you marketing emails. You can opt-out at any time by selecting the “Unsubscribe” option in the email you received from us. The withdrawal of your consent will not impact the lawfulness of processing based on your consent prior to the withdrawal.

Please note that even if you opt-out of receiving commercial emails, you will still receive emails that are transactional in nature, such as actions taken on your account, updates to our online policies, and other transactional communications.

6. Data storage and rights

6.1. Data location

The company uses the services of Netlify (USA), Cloudflare (USA), and Scaleway (France/Netherlands) to host all components. All care is taken to securely protect your data, including the encryption of all user data using a secret key accessibly only to the employees of the company (your password is not accessible to anyone as it’s cryptographically hashed). Backups of the entire database are regularly made in the event it is necessary to restore user data.

6.2. Cross-border data transfers

When you use our Service, your Personal Information may be transferred to our service providers and trusted partners who maintain processing facilities outside the European Economic Area (“EEA”). This is only for the purposes of providing, and to the extent necessary to provide, the Service to you. The privacy laws in these countries may not be as protective with your information as the laws in your jurisdiction. Nonetheless, the Company takes reasonable measures to ensure that adequate security measures are in place to safeguard and maintain the integrity of your Personal Information on transfer.

6.3. Data retention

We will retain your Personal Information only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Personal Information to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

When you choose to delete your account through the Service’s web interface, all derived information related to the account (including, but not limited to, short links, connected domains, and usage data) is permanently deleted from all servers. The account itself is kept in our registry for the duration of up to one year. Deleted data may be retained in our backups for another 30 days.

6.4. Data cleanup

In order to maintain the level of performance of the service, we execute periodic data cleanup routines to remove data that we deem either obsolete or irrelevant.

These routines are laid out in the Addendum I to this privacy policy.

6.5. Your data rights

Please note that when certain requests will be subject to necessary verification requirements. Only you or someone legally authorised to act on your behalf may exercise the right to deletion and the right to access or take your information. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

We will only use Personal Information provided in the request to verify the requestor’s identity or authority to make it.

7. Not directed to children

Our Service is not directed to persons under 18. We do not knowingly collect information from persons under 18. As such, we do not knowingly “sell,” as that term is defined under applicable law, including the CCPA, the Personal Information of minors.

If you are a parent or guardian of a minor who is under 16 years old and using our Service, you may contact us using the contact form (once.to/contact) to request and arrange for deletion of any Personal Information, if any, we may have collected about the minor.

For privacy reasons we may first request proof of relationship to the minor.

Our Service, email updates, and other communications may occasionally contain links to websites of others, including our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.

9. Modifications to Privacy Policy

We reserve the right to periodically review and change this policy from time to time. We will notify all customers about any such changes through the email address registered with us. Continued use of the service will be deemed as acceptance of such changes.

10. Contacting us

If you have any questions about this Privacy Policy, please contact us via the contact form.

Because email communications are not always secure, please do not include credit card or other sensitive data (such as racial or ethnic origin, political opinions, religion, health, or the like) in your messages to us.

Addendum I: Data Cleanup Policy

Data subject to removalMinimum retention period
Anonymous links with 0 total clicks90 days since creation
Anonymous links with less than 10 total clicks365 days since last clicked
Link events (“clicks”)365 days since creation

Tags: , , , , ,