Privacy Policy

This Privacy Policy describes how Cut.bd ("we", "us") collects, uses, and shares information when you use our link shortening and analytics service, including our website, dashboard, and the short links our customers create.

Account information. When you register, we collect your email address, display name, and a hashed password (we never store your password in plain text).

Link and click data. When someone clicks a short link, we record the timestamp, approximate location (country, region, city, derived from IP address via a local GeoIP database), device type, operating system, browser, browser version, referrer URL, and any UTM parameters present in the link. We also classify clicks as human or automated (bot) traffic.

Unique visitor hashing. To count unique visitors without storing your IP address long-term, we compute a one-way hash of the visitor's IP address combined with a daily-rotating secret. This means we can tell "the same visitor clicked twice today" without retaining the raw IP, and the hash can't be used to re-identify a visitor across different days.

Payment information. Subscription payments are processed by Stripe. We do not receive or store your full card number — Stripe handles that directly.

We use the information above to operate the redirect and analytics service, secure your account, process payments, respond to support requests, and detect malicious or abusive use (for example, scanning destination URLs against Google's Safe Browsing list before redirecting visitors).

We use a small number of strictly functional cookies — for staying signed in, remembering your language, and remembering your light/dark theme preference. See our Cookie Policy for the full list.

We share information with the following service providers, only as needed to operate the platform:

• Stripe — payment processing and subscription billing.
• Resend — transactional email delivery (verification, password reset, notifications).
• Google Safe Browsing — scanning destination URLs for malware/phishing.
• Cloud storage provider — hosting uploaded images such as QR codes and profile avatars.

We do not sell your personal information to third parties.

We retain account data for as long as your account is active. Click-level analytics data is pruned automatically on a rolling schedule rather than kept indefinitely. If you delete your account, your links, analytics, and personal data are removed in accordance with this policy; this action is irreversible.

You can access, export, or delete most of your data directly from your dashboard settings. For anything else — including a full data export or account deletion request — contact support@cut.bd.

Passwords are hashed with Argon2id, a memory-hard hashing algorithm. Traffic to our dashboard and API is encrypted in transit. Access tokens are kept in memory only and never written to browser storage that persists across page loads.

Cut.bd is not directed at children under 13, and we do not knowingly collect personal information from them.

We may update this policy from time to time. We'll update the "Last updated" date above when we do.

Questions about this policy? Email support@cut.bd.