Privacy policy
1. Controller
Vasilache Claudiu-Gabriel PFA, CUI 52647701, Iași, Romania. GDPR contact: legal@nexturl.app
2. Data we collect
Account data: email address, name (optional).
Link access data: timestamp, country (from CloudFront headers — not exact IP), device type, browser, referrer URL. We do not store IP addresses.
Payment data: handled exclusively by Stripe (PCI DSS Level 1). We do not store card details.
3. Legal bases and retention
| Purpose | Legal basis | Retention |
|---|---|---|
| Providing the service | Contract performance | Duration of account |
| Click analytics | Contract performance | 365 days (Pro), 90 days (Free) |
| Payment processing | Contract performance | 7 years (legal requirement) |
| Security / abuse prevention | Legitimate interest | 30 days |
4. Processors
- AWS (Amazon Web Services) — cloud infrastructure, eu-west-2 (London)
- Stripe — payment processing
- Resend — transactional email
We do not sell, rent or share your data with third parties for commercial purposes.
5. Your GDPR rights
You have the right to access, rectify, erase, port, restrict or object to processing of your data. Contact us at legal@nexturl.app. Response within 30 days.
You may also lodge a complaint with the Romanian data protection authority (ANSPDCP): dataprotection.ro.
6. Security
HTTPS everywhere, encryption at rest (AWS SSE), restricted data access, monitoring. No passwords stored — we use OTP codes or Cognito authentication.