Privacy Policy
Detailed explanation of how we deal with your data
Welcome to the once.to privacy policy! We pride ourselves upon the fact that we’re privacy-focused. This document explains what information we collect through your access and use of our service and how we make use of this information.
In this Policy, once.to refers to the service offered by Yktoo Solutions (the “Company” or “We”) through the once.to website (the “Service”); this umbrella term includes the provided applications, content, and other relevant parts of the functionality. We sometimes refer to “You”, which may be a visitor on one of our websites, a user of one or more of our services (“User” or “Customer”), or a visitor of a link handled by the service (“Visitor”). This Policy is further complemented by once.to’s Terms of Service.
IMPORTANT: If you do not agree with our policies and the terms of the aforementioned Terms of Service, please do not use our Service. By accessing or using our Service, you agree to this Policy.
1. Controller and Processor
Data protection laws and privacy laws in certain jurisdictions differentiate between controllers and processors of personal information. A controller decides why and how to process personal information. A processor processes personal information on behalf of a controller and following the controller’s specification. When you create a link on once.to, hence becoming a User, we are acting as a controller. When you click on a link created by a User and served by once.to, we are acting as a processor.
Our use of Personal Information is to further our legitimate interests to:
- understand who our Users are,
- manage our relationship with you and other Users,
- carry out core business operations such as billing and fulfilling regulatory obligations; and
- help detect, prevent, or investigate security incidents, fraud, and other abuse or misuse of our Service.
2. What data do we collect?
While using our Service we may collect information that identifies, relates to, describes, is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, to you (“Personal Information”). This does not include aggregated or de-identified information that is maintained in a form that is not reasonably capable of being associated with or linked with you.
2.1. Data provided by User
- Account creation
When you create a new account as a User, your full name, email address, and IP address will be collected. If you create an Account using your login from a third-party account, such as Google, Facebook, or Twitter, we will access and collect your personal information provided by that third-party account. The amount of information that is shared with us from that third-party account depends on your privacy settings on your third-party account.
The email address provided by you will serve as your identity for all operations on the Service. You will receive all important notifications such as confirmation emails, password reset links, and any updates to our Policies and Terms of Service through this email address. Your email address will not be shared with any external entity or used for any other purpose, except in cases when we are obliged to do so by law. - Shortening a link
When you as a User create a short link to a URL of a website (“Link”), once.to collects and stores the original URL and the shortened URL and links it with your session. This applies to both authenticated and anonymous Users. - Support request
When you contact the Service with a support request, we may collect your name, email address, and any other content that you shared with us. - Misuse and abuse prevention
We are required to take certain measures in order to prevent malicious users (such as spammers and bots) from excessively creating new accounts. This is to prevent an unfair degradation of service to non-malicious users, which might arise from a consistent attack from bots or human users. The Service may use CAPTCHA and email verification to mitigate such issues, record your IP address at any point for blacklisting if found to be in violation of our terms, as well as other techniques.
2.2. Data collected automatically
- Logging data
When you use the Service, whether as an authenticated or an anonymous User, we may automatically record information that your browser sends whenever you create or use a once.to Link (“Logging data”). This Logging data may include information such as your IP address, device settings (such as device and browser type, operating system, language preferences), the time and the date when the Link was created, the referring website, the time and date of each access, and relevant analytical data on the sharing of the Link on third party services, such as Twitter or Facebook. We use this information to monitor and analyse the use of the Service and to maintain the required service level. - Cookies and local storage
We use cookies and other forms of local data storage provided by your browser for record-keeping purposes, such as storing your Service session identifier and your preferences in the Service. We may also use cookies and other forms of local data storage provided by your browser, in depersonalised form, for analysing the performance of the Service, including third-party analytical engines such as Google Analytics.
2.4. No special category of personal data
We do not collect, process, or otherwise use any sensitive personal data or any special category of personal data, as such terms are defined under applicable privacy laws, as a condition of using the Service.
3. Purposes your personal information is used for
We will share Personal Information in the following circumstances:
- Operation of our Site and providing the Service.
- Processing and completion of requested transactions.
- Where it is necessary for our legitimate interest (or those of a third party) and your interests and fundamental rights do not override those interests.
- Compliance with legal and regulatory requirements.
- Enforcement of our Terms of Service and as otherwise described in this Policy.
The purpose of our Service is to allow you to share information and to receive information about the Links you create on once.to. As a result, some Personal Information may be shared with third parties as described below:
- Links you create
When you create a Link, the shortened and the original URLs are publicly available to anyone with access to the Link. - Information we share with Users
We may share the Personal Information we collect as described in this Policy with our Users. When a Link is created, the User who created the Link may be able to view aggregated information about clicks and views of the Link, including the number of times the Link was shared, whether or not it was viewed, comparison of that Link’s performance to other Links, geographic regions and other characteristics of the area where the content is being viewed, and identification of social networks or websites on which the Link appears. - Service providers
We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to improve our Service and to perform Site-related services (such as, without limitation, maintenance services, database management, web analytics, payment processing, fraud detection, and Service enhancement) or to assist us in analysing how our Service is used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. - Analytics and search engine providers
We may share Personal Information with analytical and search engine providers that assist us in the improvement and optimisation of the Service. - Feedback We may collect feedback from you about your experience to compare your experience with other Users of the Service to improve its quality. This feedback is the property of the Company, and we reserve the right to share it with any third-party.
- Acquisition, merger, bankruptcy
The Company may sell, transfer, or otherwise share some or all its assets, including your Personal Information, in connection with a merger, acquisition, reorganisation, sale of assets, or in the event of bankruptcy. - Disclosures without your consent
We may disclose information in response to subpoenas, warrants, court orders, or in connection with any legal process, or in order to comply with relevant laws. We may also share your information in the event of an emergency, to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or otherwise act regarding possible illegal activities, suspected fraud, the safety of person or property, or a violation of our policies. - Disclosures with your consent
We will share information about you when you instruct us to do so, such as when you share a Link or content with others through the Service or if we notify you that the information you provide will be shared in a particular manner and you provide such information (such as posting it to a third-party service).
We may also share aggregated information that does not include Personal Information and we may otherwise disclose non-identifying information and Logging data to parties for industry analysis, demographic profiling, and other purposes. Any aggregated information shared in these contexts will not contain your Personal Information.
4. Marketing and advertising
We use your Personal Information to tailor our marketing and advertising efforts. To do this, we provide your information to third party advertising networks (such as Google AdSense) and social media companies (such as Facebook, Twitter, and other social media platforms). When we provide data to agencies, ad networks, and other parties for targeted advertising, we do not provide them with your name, financial information, or any other sensitive information. We use online identifiers such as email, cookies, and device identifiers to help us provide targeted advertising to you and others like you.
We may also use aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal information we have collected from you to enable us to display advertisements to target audiences.
To opt out of targeted advertising, you may use the following links provided by third parties that manage opt outs for some ad networks:
- http://preferences-mgr.truste.com
- http://www.networkadvertising.org/managing/opt_out.asp
- http://www.aboutads.info/
- https://policies.google.com/privacy/partners
5. Email communication
When you sign up for our Services, we may send you marketing emails. You can opt-out at any time by selecting the “Unsubscribe” option in the email you received from us. The withdrawal of your consent will not impact the lawfulness of processing based on your consent prior to the withdrawal.
Please note that even if you opt-out of receiving commercial emails, you will still receive emails that are transactional in nature, such as actions taken on your account, updates to our online policies, and other transactional communications.
6. Data storage and rights
6.1. Data location
The company uses the services of Netlify (USA), Cloudflare (USA), and Scaleway (France/Netherlands) to host all components. All care is taken to securely protect your data, including the encryption of all user data using a secret key accessibly only to the employees of the company (your password is not accessible to anyone as it’s cryptographically hashed). Backups of the entire database are regularly made in the event it is necessary to restore user data.
6.2. Cross-border data transfers
When you use our Service, your Personal Information may be transferred to our service providers and trusted partners who maintain processing facilities outside the European Economic Area (“EEA”). This is only for the purposes of providing, and to the extent necessary to provide, the Service to you. The privacy laws in these countries may not be as protective with your information as the laws in your jurisdiction. Nonetheless, the Company takes reasonable measures to ensure that adequate security measures are in place to safeguard and maintain the integrity of your Personal Information on transfer.
6.3. Data retention
We will retain your Personal Information only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Personal Information to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
When you choose to delete your account through the Service’s web interface, all derived information related to the account (including, but not limited to, short links, connected domains, and usage data) is permanently deleted from all servers. The account itself is kept in our registry for the duration of up to one year. Deleted data may be retained in our backups for another 30 days.
6.4. Data cleanup
In order to maintain the level of performance of the service, we execute periodic data cleanup routines to remove data that we deem either obsolete or irrelevant.
These routines are laid out in the Addendum I to this privacy policy.
6.5. Your data rights
- Deletion
You can ask us to delete all or some of your Personal Information (for example, if it is no longer necessary to provide the Service to you). In such case you may no longer be able to use the Service unless you create a new account with us. - Change or correct
You can edit some of your Personal Information through your Account. You can also ask us to change, update, or fix your Personal Information in certain cases, particularly if it is inaccurate. - Object to, or limit or restrict, use of information (“Opt-Out”)
You can ask us to stop using all or some of your Personal Information or to limit our use of it (such as objecting to the processing of your Personal Information for our marketing purposes). - Right to access or take your information
You can ask us for a copy of your Personal Information and can ask for a copy of Personal Information you provided in machine readable form. - Right to non-discrimination
We will not discriminate against you for exercising your data rights. To make a request please use our contact form at once.to/contact. We will consider your request in accordance with applicable laws.
Please note that when certain requests will be subject to necessary verification requirements. Only you or someone legally authorised to act on your behalf may exercise the right to deletion and the right to access or take your information. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
We will only use Personal Information provided in the request to verify the requestor’s identity or authority to make it.
7. Not directed to children
Our Service is not directed to persons under 18. We do not knowingly collect information from persons under 18. As such, we do not knowingly “sell,” as that term is defined under applicable law, including the CCPA, the Personal Information of minors.
If you are a parent or guardian of a minor who is under 16 years old and using our Service, you may contact us using the contact form (once.to/contact) to request and arrange for deletion of any Personal Information, if any, we may have collected about the minor.
For privacy reasons we may first request proof of relationship to the minor.
8. Links to third-party websites
Our Service, email updates, and other communications may occasionally contain links to websites of others, including our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
9. Modifications to Privacy Policy
We reserve the right to periodically review and change this policy from time to time. We will notify all customers about any such changes through the email address registered with us. Continued use of the service will be deemed as acceptance of such changes.
10. Contacting us
If you have any questions about this Privacy Policy, please contact us via the contact form.
Because email communications are not always secure, please do not include credit card or other sensitive data (such as racial or ethnic origin, political opinions, religion, health, or the like) in your messages to us.
Addendum I: Data Cleanup Policy
Data subject to removal | Minimum retention period |
---|---|
Anonymous links with 0 total clicks | 90 days since creation |
Anonymous links with less than 10 total clicks | 365 days since last clicked |
Link events (“clicks”) | 365 days since creation |
Tags: data disclosure, data retention, legal, once.to, personal data, privacy policy