Share.aw Privacy Policy

1. Who we are

This Privacy Policy explains how Share.aw ("we", "us", or "our") collects, uses, and protects your personal information when you use the share.aw website and link shortening service (the "Service").

We are established in Aruba and the Service is operated under the laws of Aruba.

- Share.aw
- Pos Chikito 49N, Aruba
- Contact: [email protected]

If you have any questions about this policy or your personal data, contact us at [[email protected]].

2. Scope

This policy applies to the public website (we.share.aw), the user dashboard (app.share.aw), the links we redirect on share.aw and any custom domains you connect, and all related features. It does not apply to the destination websites your short links point to, which have their own policies.

3. Information we collect

3.1 Information you provide

- Account information: your first name, last name, and email address. Your password is stored only as a salted cryptographic hash, never in plain text.
- Links and content: the destination URLs you shorten, custom slugs, tags, redirect rules, and any custom domains you add.
- Payments: when you subscribe to a paid plan, payment is handled by our payment processor, Stripe. We do not receive or store your full card number. We store your Stripe customer reference, your plan and subscription status, and transaction records such as amount, currency, status, and date.
- Communications: if you contact us through the contact form or submit an abuse report, we collect the name, email address, and message you provide.

3.2 Information collected automatically

When someone clicks a short link you own, and when you use the Service, we record limited technical data:

- Click and analytics data: for each visit to a link, we store a hashed version of the visitor IP address (we do not store raw IP addresses; see Section 8), the approximate location at country level, browser and device information derived from the user agent, the referring website where available, a human or bot classification, and a timestamp.
- Server and security logs: standard logs needed to operate the Service securely and diagnose problems.

3.3 Cookies and similar technologies

We use a small number of strictly necessary cookies.

Our payment processor (Stripe) and our network and security provider (Cloudflare) may set their own cookies when you make a payment or when traffic passes through their network. These are used for fraud prevention and security. We do not use advertising cookies.

4. How we use your information

We use personal information to:

- create, operate, and redirect your short links;
- provide click analytics to the owner of each link;
- authenticate you and keep your account secure;
- process payments, manage subscriptions, and send billing related messages;
- respond to your messages and provide support;
- detect, prevent, and investigate abuse, fraud, spam, and links to illegal or harmful content;
- maintain, improve, and secure the Service;
- comply with our legal obligations under the laws of Aruba.

5. How we share information

We do not sell your personal information. We share it only with:

- Service providers acting on our instructions:
- Stripe for payment processing and subscription billing.
- Mailgun for sending transactional emails such as account verification, password resets, and notifications.
- Cloudflare for DNS, content delivery, and security.
- [Hosting Provider] for hosting the Service.
- Authorities or third parties where required by law, to enforce our terms, or to protect the rights, safety, and property of our users, the public, or us.
- A successor entity in connection with a merger, acquisition, or sale of assets, subject to this policy.

6. Processing of data outside Aruba

Our service providers (such as Stripe, Mailgun, Cloudflare and others) operate internationally, so your information may be stored and processed outside Aruba, including in the United States and the European Union. By using the Service, you understand that your information may be transferred to and processed in countries other than Aruba. We take reasonable steps to ensure your information is handled securely and only by providers bound to protect it.

7. Data retention

- Account data: kept while your account is active and for [retention period, for example 90 days] after you close your account, after which it is deleted or anonymized, unless we must keep it longer for legal reasons.
- Click and analytics data: the visitor IP is only ever stored as a hash, and the hashing salt is rotated daily so that older records cannot be linked back to a raw IP address. Visit records are retained for [retention period, for example 24 months] and may be kept in aggregate form afterward.
- Payment and transaction records: kept for the period required by applicable Aruban tax and accounting law.
- Contact and abuse messages: kept for as long as needed to handle the matter and a reasonable period afterward.

8. How we protect your data

We use technical and organizational measures to protect your information, including:

- passwords stored only as salted hashes;
- visitor IP addresses stored only as hashes, with a salt that rotates daily, so raw IP addresses are not retained;
- encryption of data in transit using TLS;
- least privilege database access, so each part of the Service can only touch the data it needs;
- regular database backups.

No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to any incident.

9. Your choices and rights

Subject to applicable Aruban law, you may:

- request access to the personal data we hold about you;
- ask us to correct inaccurate or incomplete data;
- ask us to delete your data;
- ask us to limit or stop certain uses of your data;
- update your account details at any time from your dashboard.

To make a request, contact us at [[email protected]]. We will respond within a reasonable time. We may need to verify your identity before acting on a request.

10. Children's privacy

The Service is not intended for individuals under the age of 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Third party links

Short links and pages on the Service may point to websites we do not control. We are not responsible for the privacy practices of those sites. Please review their policies before providing them with personal data.

12. Governing law

This Privacy Policy is governed by and construed in accordance with the laws of Aruba. Any disputes relating to it are subject to the competent courts of Aruba.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, notify you. Your continued use of the Service after a change takes effect means you accept the updated policy.

14. Contact us

If you have questions, requests, or complaints about this policy or your personal data, contact us at:

- Email: [email protected]
- Postal address: Pos Chikito 49N, Aruba