Legal

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal data.

Last updated: February 26, 2026

1. Overview

Link-Me ("we", "us", or "our") operates the URL shortening service at https://l-me.eu. This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service.

We are committed to protecting your privacy in accordance with:

  • General Data Protection Regulation (GDPR) - EU Regulation 2016/679
  • Lei n.º 58/2019 - Portuguese Data Protection Law (implementing GDPR)
  • Lei n.º 41/2004 - Privacy in Electronic Communications (as amended)

Data Controller: Link-Me
Supervisory Authority: Comissao Nacional de Protecao de Dados (CNPD) - www.cnpd.pt

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Password (stored encrypted)
  • Account preferences

2.2 URL and Service Data

When you use our URL shortening service, we collect:

  • Original (destination) URLs
  • Custom slugs (if provided)
  • URL titles and descriptions
  • Link settings (expiration, password protection)

2.3 Analytics Data (Click Tracking)

When someone clicks a shortened URL, we may collect:

  • Anonymized IP address - hashed for privacy, not stored in raw form
  • Geolocation - country, city (approximate)
  • Device information - device type, operating system, browser
  • Referrer information - where the click originated
  • Timestamp - date and time of access

Privacy by Design: We hash IP addresses by default and do not store raw IP addresses unless explicitly configured. All analytics data is automatically anonymized after 30 days.

2.4 Technical Data

Automatically collected during service usage:

  • Browser type and version
  • Operating system
  • Device type (mobile, desktop, tablet)
  • Language preferences
  • Session identifiers (anonymized)

4. Your Rights Under GDPR

Under GDPR and Portuguese law, you have the following rights:

Right of Access

Request a copy of all personal data we hold about you (Art. 15)

Right to Rectification

Correct inaccurate or incomplete personal data (Art. 16)

Right to Erasure

Request deletion of your personal data ("right to be forgotten") (Art. 17)

Right to Restriction

Restrict processing of your personal data (Art. 18)

Right to Data Portability

Receive your data in a structured, machine-readable format (Art. 20)

Right to Object

Object to processing based on legitimate interests (Art. 21)

How to Exercise Your Rights: Contact us at support@l-me.eu. We will respond within 30 days as required by GDPR. You also have the right to lodge a complaint with the CNPD.

5. Cookies and Tracking

We use cookies in accordance with Lei n.º 41/2004 (Privacy in Electronic Communications) and GDPR. We request your consent before placing non-essential cookies.

Types of Cookies We Use

Essential Cookies (No Consent Required)

Necessary for the website to function properly.

  • Session cookies (authentication)
  • CSRF protection tokens
  • Cookie consent preference

Analytics Cookies (Consent Required)

Help us understand how visitors use our service.

  • Page view tracking
  • Feature usage analytics
  • Performance monitoring

Managing Cookies

You can manage your cookie preferences at any time through:

  • The cookie consent banner (appears on first visit)
  • Your browser settings
  • Clearing your browser data

6. Data Retention

We retain your data only as long as necessary:

Data Type Retention Period
Account data Until account deletion + 30 days
Shortened URLs Until expiration or deletion
Click analytics 730 days (2 years)
IP addresses (hashed) Anonymized after 30 days
Server logs 90 days

7. Security Measures

We implement technical and organizational measures to protect your data:

HTTPS encryption (TLS 1.3)
Password hashing (bcrypt)
IP address hashing
Database encryption at rest
Regular security audits
Access controls and logging

Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you and the CNPD within 72 hours as required by GDPR Article 33/34 and Lei n.º 58/2019.

8. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure adequate protection through:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules where applicable

9. Contact Us

For any privacy-related questions or to exercise your rights, please contact us:

Supervisory Authority:

Comissao Nacional de Protecao de Dados (CNPD)
Av. D. Carlos I, 134 - 1.º
1200-651 Lisboa, Portugal
www.cnpd.pt

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide notice via email or through our service.