Privacy Policy

Updated: May 2025

This Privacy Policy outlines how we collect, use and share personal data of people who use or are connected to our services, are interested in Sqish or its services, or to whom we wish to market our services. This Privacy Policy also provides you with information on your rights as a data subject and how to reach us if you have any questions.

This Privacy Policy does not apply to the practices of other businesses that Sqish does not own or control, including other companies’ websites, services and applications (“Third Party Services”) that you can access through the Services or to individuals that Sqish does not manage or employ. We encourage you to review the privacy policies of any Third Party Services you access or use. Please note that we cannot take responsibility for the content or privacy policies of Third Party Services, and any third party policies linked to this Privacy Policy are strictly for informational purposes only.

Please note that our privacy practices are subject to the applicable laws of the regions in which we operate. Accordingly, some additional region-specific terms will only apply to individuals in those locations, or as required by applicable laws. If you are a United States resident of California, Virginia, Colorado, Connecticut or certain other U.S. states, please see the sections titled California Privacy Rights, and Virginia/Colorado/Connecticut and certain other U.S. State Privacy Rights for specific disclosures with respect to our collection, use, and disclosure of your information and additional rights you have under applicable U.S. laws.

ACCESSIBILITY: IF YOU ARE HAVING ANY TROUBLE ACCESSING THIS PRIVACY POLICY, PLEASE CONTACT US AT [Your Privacy Email Address].

Contact Information

This Privacy Policy describes the policies and procedures of [Sqish Legal Entity Name], [Your Address], United Kingdom (“Sqish”), for the collection, use, and disclosure of personal data about you for which we act as the data controller, in accordance with the UK General Data Protection Regulation (“UK GDPR”), the EU General Data Protection Regulation ("GDPR") where applicable, and other relevant data protection laws.

If you have any questions or concerns regarding privacy when using the Services of Sqish, wish to use your rights, such as to object to the processing or have your personal data removed, please send us a detailed message to: [Your Privacy Email Address]. We will make every effort to resolve your concerns. Please also see “Rights of Data Subjects” for more detailed information on your rights as the data subject. [Optional: Include DPO details if applicable: The designated data protection officer of Sqish is [DPO Name/Company], [DPO Contact Details]].

Information We Collect and How We Use It

Sqish collects personal data about you from the following sources, as described in this Privacy Policy, when you (i) register for the Site and the Services, through your user account with Sqish, including registering through a third-party service (your “Account”); (ii) use the Services; or (iii) view or interact with a Sqish link (either our standard links or one using a custom domain) on a third-party website. We collect the following types of information from you, some of which might be considered personal data under applicable law:

When You Register for a Sqish Account

When you create an Account, we collect the personal data from you, such as your name, phone number, company name (if applicable), email address, and sign-in information (e.g., password hash). If you create an Account using your login information from a third-party account (e.g., Google), we will access and collect the personal data about you that the third-party account provides (based on your privacy settings with them), so that you can log into your Account with us. We use your contact information to send you information about our Services and communicate with you about your Account, your activities on our Site and Services and policy changes. You may unsubscribe from receiving certain types of these messages through your Account settings, although Sqish reserves the right to contact you when we believe it is necessary, such as for administrative and account management purposes.

We may receive a confirmation when you open an email from us. We use this confirmation to improve our customer service.

Some features may allow registered users to provide their own content (e.g., descriptions of URLs). Unless you request deletion, content submitted by you may be retained by Sqish, even after you terminate your Account, and may continue to be shared by third parties as described herein.

When You Create a Sqish Link

A core feature of the Services is creating shortened URLs. When you create a shortened link, Sqish collects and stores both the original URL and the shortened URL. If you are logged into your Account, we associate this information with your Account. Sqish also collects and stores your IP address, approximate geolocation data (derived from your IP address), the time and date you shortened the URL, and potentially information about sharing on social platforms (platform name, username).

When Someone Interacts With a Sqish Link

Sqish automatically collects personal data about the interaction (such as clicks) with every Sqish link created through the Services. This information includes, but is not limited to: (i) the IP address and location derived from the IP address; (ii) internet or other electronic network activity information like the referring websites or services; (iii) the time and date of each access; (iv) device settings, such as browser type, operating system, and language; and (v) potentially cookies (as described in our Cookie Policy) and mobile advertising identifiers. As described in this Privacy Policy, we use this personal data to provide the Services, understand and analyze how our Services are used, identify trends, and detect, deter and prevent malicious, fraudulent or unlawful activity. Please see the “Information We Share” section for how we may share this interaction data.

Usage Across Devices

We may use collected information to infer that a unique individual has interacted with Sqish links on different devices to detect/prevent malicious activity and analyze usage patterns. For example, interactions from the same IP address in a short time period might suggest a single user.

Other Uses

We also may use personal data to pursue legitimate interests, such as direct marketing (where permitted), research (including marketing research), network and information security, prevention of fraudulent/malicious/unlawful activities, or any other purpose disclosed to you when the data is provided or we first contact you.

Information We Share

The Services are designed to help you share information. The following categories of personal data generated through your use of the Services may be shared publicly, within Sqish, and with the following categories of third parties for the business purposes described below.

  • Sqish Group Companies (if applicable): Personal data related to your Account may be shared within Sqish affiliated companies for joint purposes like business planning, development, and sales promotion based on legitimate interests. [Adapt or remove if Sqish has no affiliates].
  • Sqish Links You Create: When you create a Sqish link, the original URL and the shortened Sqish link are publicly available. Be mindful not to include private information in the original URL if you do not wish it to be public.
  • Account Information (Organizational): Where permitted, if you register with an email on an organizational domain (e.g., employer), we may share your email and basic account info (like link count) with that organization for business development purposes.
  • Customer Support: We use tools for customer support. Using support requires providing contact info (e.g., email). Data processed may include name, email, contract details, job title, employer, IDs, payment info, communications. This data is used to provide support, respond to inquiries, and manage customer relationships. Data may be shared internally within Sqish support teams.
  • Email Verification: We may use a service to verify email addresses and filter invalid/spam domains. Provided emails are typically deleted after verification by the service.
  • Email Marketing: We may use providers to send transactional or marketing emails (with consent where required). Data shared may include registration details and potentially activity/device info for personalization.
  • Information You Elect to Share: Information you distribute via Third Party Services (e.g., social media posts) becomes subject to their policies. Links to Third Party Services accessed via Sqish are also subject to their policies. Review their terms and privacy policies.
  • Service Providers: We employ third parties for tasks like research/analytics, advertising, payment processing, email marketing, and support. We share necessary information with them under agreements authorizing use only for providing services to us.
  • Payment Processing: For purchases, data like bank/card details, billing/shipping address, transaction details, device ID, IP/location, customer ID, tax info may be shared with payment processors.
  • Service Optimization: We use third-party tools (e.g., analytics, A/B testing) to evaluate visitor flow, understand usage, and optimize the service. Data processed may include IP address, unique identifiers, event data, device/browser info, location (country), language, mouse events, referring URL, pages visited. This is often processed pseudonymously.
  • Single Sign-On (SSO): If offered (e.g., Google Sign-In), using SSO allows login via third-party accounts, involving data exchange according to their policies.
  • Tax and Legal Compliance: Data may be transferred to third parties (lawyers, accountants, auditors, authorities) for tax and legal reasons, subject to confidentiality where applicable.
  • Trust & Safety Compliance: We may share link data (URLs, interaction data) to help detect, deter, and prevent malicious, fraudulent, or unlawful activity.
  • With Your Consent: We share information when you direct us to (e.g., sharing links) or if we notify you of specific sharing and you provide the information.

Legal Basis for Processing (GDPR/UK GDPR): Processing customer data for Services/support is necessary for contract performance (Terms of Service). Marketing communications are based on legitimate interests (promoting sales, communicating with stakeholders) or consent (where required, e.g., email marketing to new EU individuals). Improving/monitoring Services and preventing fraud/unlawful activity is based on legitimate interests (security, lawfulness, protecting users). Processing for accounting/reporting is based on legal obligations.

Data Retention: We retain personal data as long as you use our Services or as necessary for the purpose(s) collected, providing Services, resolving disputes, legal defense, audits, legitimate business purposes, enforcing agreements, and complying with legal obligations. Aggregated/anonymized data may be kept indefinitely for analysis. Personal data is typically erased/anonymized upon request, if identified as irrelevant/outdated, or after a period (e.g., 3 years) following last contact/account deactivation, subject to legal requirements (e.g., accounting records).

Contracts, Purchase Orders and Invoicing

For individuals acting as contacts for customers, suppliers, or partners, we process basic info (name, title, company, contact details), business connections, and communications to discuss business, manage contracts, invoice, and make payments. Processing is based on legitimate interests (contractual obligations, maintaining relationships, operating business) and legal obligations (accounting).

Website and Contact Requests

When you visit our Site(s), our system automatically collects data like browser type/version, OS, ISP, IP address, date/time, referring/accessed webpages (log files). This temporary storage is necessary for website delivery and functionality, optimization, and IT security, based on our legitimate interests. This data isn't typically stored with other personal data. If you subscribe to newsletters, request materials, contact us, or use chat features, we collect the provided contact information based on consent or necessity to fulfill the request. We may add you to our commercial contacts list (see "Newsletters, Events and Marketing"). Personal data from website interactions/contacts is deleted upon request, if outdated, or if no longer deemed relevant for our services.

Interactions on social media platforms are subject to those platforms' privacy policies.

We use cookies and similar technologies. Please see our Cookie Policy [Link to your Cookie Policy] for details.

Newsletters, Events and Marketing

If you subscribe to newsletters/materials, we process contact info based on consent/necessity to fulfill the subscription. For general marketing/lead generation, we may use basic info (name, title, company, contact details), business info, connections, expressed interests, communications, event participation, and marketing preferences. This data comes from you (interactions, forms, events), our partners, or public sources. Subject to consent (e.g., cookies), this may be combined with online activity data. We use this data to generate leads, target marketing (emails, calls, social/display ads), retarget contacts, provide updates/invitations, analyze market/customers, and understand interactions. Processing is based on legitimate interests (promoting sales, reaching customers) or consent (where required). You can opt-out of marketing anytime (unsubscribe links, contacting us). Marketing data is deleted upon request, if outdated, or if contact is no longer relevant.

Data Sharing and Joint Processing (If Applicable)

[Adapt or remove if Sqish has no affiliates/group companies] If you use services from different Sqish entities, data may be combined based on legitimate interests (group synergies, business development, cross-selling). Customer support may be shared. Joint controller arrangements may apply (details available on request). International transfers rely on appropriate safeguards (e.g., SCCs, adequacy decisions).

Business Transfers

We may transfer user information in connection with an acquisition, asset sale, or similar event where user information is a transferred asset. You will be notified via email or prominent website notice. The acquirer may continue using your information per this policy or as allowed by law.

Protection of Sqish and Others

Sqish may access, preserve, and disclose collected information if we believe in good faith it's reasonably necessary to: (i) comply with law, regulation, or legal process (including government/national security requests); (ii) enforce this Policy or our Terms of Service; (iii) detect, deter, prevent, or address malicious, fraudulent, or unlawful activity; (iv) respond to user support requests; or (v) protect the rights, property, or safety of Sqish, its users, and the public.

Data Analysis and Business Insights

We analyze account, subscription, payment, usage data (logs, link creation/clicks, page views), and IP addresses for business intelligence. This helps improve Services, plan business strategy, and communicate effectively (e.g., identifying customer account structures, targeting marketing based on usage patterns, creating aggregated reports on feature usage, identifying inactive accounts). This processing is based on legitimate interests. Data is anonymized/deleted according to retention policies (see above).

Web Tracking and Statistics

We may use web tracking (often pseudonymous) to understand website usage (browser type, OS, popular content, traffic sources) to improve content, design, and convenience. This statistical information doesn't typically identify you personally. Tracking data retention varies (e.g., up to 12 months for some pixels).

Third-Party Advertising Platforms (e.g., Google, Facebook, LinkedIn)

We may use third-party platforms for advertising, tracking conversions, and reaching audiences. This can involve cookies, pixels, and sharing hashed data (like email addresses) for matching and targeting, subject to platform terms and your consents. Consult the relevant platform's privacy policy for details and opt-out options (links provided in the Bitly example are specific to them; you'd need to research relevant links for platforms Sqish uses).

Rights of Data Subjects (GDPR / UK GDPR)

If GDPR or UK GDPR applies to the processing of your personal data, you have the following rights:

  • Right to be informed and access: Know how your data is processed and get a copy (Art. 15 GDPR).
  • Right to rectification: Correct inaccurate data (Art. 16 GDPR).
  • Right to erasure ('right to be forgotten'): Request deletion under certain conditions (Art. 17 GDPR).
  • Right to restriction of processing: Limit how your data is processed under certain conditions (Art. 18 GDPR).
  • Right to object: Object to processing based on legitimate interests (Art. 21 GDPR).
  • Right to data portability: Receive your data in a portable format where processing is based on consent/contract and automated (Art. 20 GDPR).
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent (doesn't affect past processing).
  • Right to lodge a complaint: Complain to a supervisory authority (Art. 77 GDPR). For the UK, this is the Information Commissioner's Office (ICO). Contact details for EU authorities can be found via the European Data Protection Board.

Contact Details for Questions and Exercising Your Rights

If you have questions or wish to exercise your rights, please email us at: [Your Privacy Email Address]. You can also send requests to our postal address: [Your Address].

We will respond to your request after verifying your identity (e.g., via account authentication). If you don't have an account, verifying your identity regarding link interactions may be impossible. You may use an authorized agent (requires written proof of authorization). We aim to respond within legal timeframes (e.g., one month under GDPR/UK GDPR, extendable). We may retain data where required by law.

Tools Available to Exercise Your Rights

If you have a Sqish Account, you may access, correct, or request deletion via your Account settings. You can typically view your link history and metrics. You can delete your Account via settings (this prevents future access/use). If unable to access your account, contact us via the privacy email.

Note: To ensure existing links function, links you created/shared generally cannot be deleted/disabled even if your Account is deleted. Past activity also cannot be deleted. If concerned about unauthorized use, delete your account.

International Transfers of Personal Data

Your information may be transferred to and processed in countries outside the UK or European Economic Area (EEA), including the United States, where Sqish or its service providers operate. These transfers are necessary for providing the Services. We rely on appropriate legal bases for such transfers, such as Adequacy Decisions, Standard Contractual Clauses approved by relevant authorities (e.g., EU Commission, UK ICO), or other valid mechanisms under Data Protection Laws. Contact us for more info on safeguards.

California Privacy Rights

This section applies to California residents under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA).

Information We Collect, Use, and Share: We collect categories of personal information as described earlier (Identifiers, Customer Records info, Commercial info, Internet activity, Geolocation, Inferences). We collect for business/commercial purposes like providing/improving services, communication, support, marketing, analytics, security, fraud prevention. We share this data with service providers for these purposes. We do **not** "sell" or "share" personal information as defined under CCPA/CPRA (e.g., for cross-context behavioral advertising).

Your Rights:

  • Right to Know/Access: Request details about categories/sources/purposes of data collected, categories of third parties shared with, and specific pieces of personal information collected in the past 12 months.
  • Right to Delete: Request deletion of your personal information, subject to exceptions (e.g., necessary for security, transactions, legal compliance).
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information: We do not collect or use sensitive personal information in a way that requires offering this right.
  • Right to Non-Discrimination: We won't discriminate against you for exercising your CCPA rights.

Exercising Your Rights: Contact us via email at [Your Privacy Email Address]. We will verify your identity (matching name, email, relationship info). Only you or your authorized agent (with written proof) can make requests.

Response Timing: We aim to respond within 45 days, extendable to 90 days for complex requests (with notice).

Shine the Light: California residents can request information about sharing personal information with third parties for their direct marketing purposes (if any). Contact us at the privacy email to inquire or opt-out (though we state we don't currently sell/share for this purpose).

Virginia/Colorado/Connecticut and other U.S. State Privacy Rights

Residents of states with similar comprehensive privacy laws (e.g., VA, CO, CT) have rights analogous to CCPA rights:

  • Right to Know/Access: Confirm if we process your data and access it.
  • Right to Data Portability: Obtain a copy of data you provided in a portable format (up to twice annually).
  • Right to Delete: Request deletion, subject to exceptions.
  • Right to Opt-Out: Opt-out of processing for targeted advertising, sale of personal data, or profiling with legal/significant effects. (As noted, we currently do not engage in these activities).
  • Right to Correct: Correct inaccuracies.
  • Right to Non-Discrimination: No discriminatory treatment for exercising rights.

Exercising Rights / Appeals: Contact us via email at [Your Privacy Email Address]. We verify identity. We respond within 45 days (extendable to 90). If we deny a request, we'll explain why and provide instructions on how to appeal our decision. We respond to appeals within 60 days (45 for CO).

Nevada Privacy Rights

Nevada residents can opt out of the "sale" of certain "covered information." Since we do not sell data as defined, this right is noted but no specific opt-out mechanism beyond contacting us is currently needed. Contact [Your Privacy Email Address] with "Nevada Do Not Sell Request" if you have questions.

Children’s Privacy

Our Services are not directed to children under 13 (or a higher age if required by law). We do not knowingly collect personal data from children. If we learn we have, we will delete it promptly. Contact us if you believe we have collected data from a child.

Data Privacy Framework (EU-US, UK Extension and Swiss-US)

[Remove or adapt this section based on whether Sqish certifies to the DPF program. If not certifying, remove it. If certifying, adapt the text below]:

Sqish complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Sqish has certified to the U.S. Department of Commerce that it adheres to the relevant DPF Principles regarding personal data received from the EU, UK, and Switzerland. If conflicts arise between this policy and the Principles, the Principles govern. Learn more and view our certification at https://www.dataprivacyframework.gov/.

In compliance with the DPF Principles, Sqish commits to resolve complaints about our handling of personal data received under the DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact Sqish at [Your Privacy Email Address]. If unresolved, Sqish commits to refer complaints to [Name of Independent Dispute Resolution Body, e.g., JAMS], an alternative dispute resolution provider based in [Location]. Contact them via [Link to Dispute Resolution Body] if you don't receive timely acknowledgment or satisfactory resolution. Their services are free. Sqish is subject to the FTC's investigatory/enforcement powers. Binding arbitration may be available under certain conditions. Sqish remains liable for onward transfers to third parties unless we prove we aren't responsible for the event giving rise to damage.

Changes to our Privacy Policy

We reserve the right to make changes to this Privacy Policy at any time. If we make material changes in how we collect or use information, we will provide notice (e.g., website announcement, email) and indicate the effective date. Your continued use of the Services after changes become effective constitutes agreement to the revised policy.