Privacy Policy

Last updated: May 29, 2025

1. Introduction

This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information when using uffy.cc, a privacy-focused URL shortener.

2. Information We Collect

• Discord user ID
• Discord username and display name
• Original URLs (Discord Invite links)
• Chosen shortcodes
• Creation date of each shortcode
• User credits, account creation date, and last login date

• Google user ID
• Google username
• Google avatar

2.1. Database Structure Transparency

We believe in complete transparency about how your data is stored. We maintain separate databases with minimal data collection:

Redirect Database:

• Discord ID, username, and display name (synchronized from Discord)
• Original URL and chosen shortcode
• Status (Active/Grace Period/Expired/Disabled)
• Custom deletion timeframe (1-60 days, user configurable)
• Creation, renewal, and deletion timestamps (used only for countdown timers and deletion scheduling)
• Usage limits and current usage count (if set)
• Deletion reason (if applicable)

User Database:

• Discord ID, username, and display name (when authenticated via Discord)
• Google ID, username, and avatar (when authenticated via Google)
• Available credits
• Account status (active/suspended) and suspension reason (if applicable)
• Role (user/member/admin)
• Membership status (if applicable)
• Account creation timestamp
• Last login timestamp (used for system maintenance to identify inactive accounts - never used for tracking or analytics)

Data Separation: These databases are kept separate by design. When you delete all your shortcodes, your data is removed from the redirect database but remains in the user database to preserve your credits and account status.

2.2. Authetication Providers

We support two login methods: Discord OAuth2 and Google OAuth2. Depending on which you use, we collect the relevant identifiers and display names from that provider. We never collect passwords.

3. Temporary Data Collection for Support

When you contact us for support, we temporarily collect:

• Contact form messages and Discord usernames
• Email addresses (when voluntarily provided for responses or required for data deletion verification)
• Any follow-up correspondence related to your support request

Purpose: This data is collected solely to process your support requests, verify identity for data deletion requests, and provide assistance.

Retention: Support communications are stored temporarily and deleted within 30 days of resolution. Data deletion request emails are deleted immediately after confirmation and completion of the deletion process.

Usage: Email addresses are never used for marketing or shared with third parties. They are used only to respond to your specific request.

4. How We Use Your Data

• To create and manage redirect shortcodes
• To authenticate via Discord OAuth2
• To authenticate via Google OAuth2
• To provide renewal and expiration reminders
• To respond to support inquiries and enforce the Terms of Service
• To process temporary support communications as described in Section 3

5. Data Retention

• Shortcodes are active for 30-60 days.
• They may be renewed within 7 days after expiration.
• If not renewed by day 37, the shortcode and associated data are deleted.
• Support communications are deleted within 30 days of resolution (as detailed in Section 3).
• If you delete all shortcodes from your dashboard, your Discord ID and username will be removed from the shortcode database.
• Your Discord ID and username are still retained in a separate database for user credits, account creation date, and last login.
• You may request full deletion of all your data by contacting us here.

6. Security

We take reasonable measures to secure your data. However, no system is completely secure, and we cannot guarantee absolute protection.

7. Third-Party Services

• We use Discord OAuth2 for login and authentication. Discord may collect additional data per their own Privacy Policy.
• We use Google OAuth2 for login and authentication. Google may collect additional data per their own Privacy Policy.
• Third-party services may process limited data on our behalf but are contractually obligated to protect your information and never use it for unrelated purposes.

8. Children

This service is not intended for children under the age of 13. We do not knowingly collect personal data from anyone under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. All changes will be reflected in the "Last updated" date at the top of this page.

10. Contact

Questions about your privacy? Please contact us here.