Privacy Policy

1. Legal Information

MiniLy
Website: minily.org
SIRET: 98872467000019
Address: 78 AVENUE des Champs Elysées, Bureau 326, 75008 Paris, France
Email: contact@minily.fr
Publication Director: Boehm Corentin
Host: Self-hosted on private server infrastructure, France
Legal Form: Individual Entrepreneur
Activity: Web and mobile application development (APE: 6201Z)

2. Introduction and Scope

This Privacy Policy explains how MiniLy collects, uses, stores, and protects your personal data when you use our URL shortening service. We are committed to protecting your privacy and ensuring transparency about our data practices.

Data Controller: Boehm Corentin, operating as MiniLy
Contact for privacy matters: privacy@minily.fr

3. Legal Basis for Data Processing

In accordance with the General Data Protection Regulation (GDPR) and French data protection law, we process your personal data based on the following legal grounds:

• Consent: For analytics cookies and marketing communications
• Contract Performance: To provide our URL shortening service
• Legitimate Interest: For security, fraud prevention, and service improvement
• Legal Obligation: To comply with applicable laws and regulations

4. Data We Collect

4.1 Account Information

• Email address (for account creation and communication)
• Username and display name
• Profile picture (if provided via OAuth providers)
• Authentication provider data (GitHub, Google)

4.2 Service Usage Data

• URLs you shorten and their destinations
• Custom short codes and aliases
• Link settings (password protection, expiration dates)
• QR code customizations and downloads
• User preferences and settings

4.3 Analytics and Click Data

• IP addresses (anonymized after 30 days)
• Geographic location (country and city level only)
• Device information: Browser type, operating system, device type
• Referrer information: Where clicks originated from
• Timestamps: When links were clicked
• User agent strings (for device/browser identification)

4.4 Technical Data

• Session tokens and authentication data
• API usage logs and rate limiting data
• Error logs and performance metrics
• Security logs (failed login attempts, suspicious activity)

5. How We Use Your Data

5.1 Service Provision

• Creating and managing shortened links
• Providing click analytics and statistics
• Generating and customizing QR codes
• User authentication and account management
• Processing password-protected link access

5.2 Security and Fraud Prevention

• Detecting and preventing malicious link creation
• Identifying spam, phishing, and abuse
• Rate limiting and DDoS protection
• Account security monitoring

5.3 Service Improvement

• Analyzing service usage patterns
• Improving user experience and interface
• Developing new features and functionality
• Performance monitoring and optimization

6. Cookies and Tracking Technologies

6.1 Essential Cookies

These cookies are necessary for the website to function and cannot be disabled:

• Authentication cookies: Keep you logged in
• Security cookies: CSRF protection and session management
• Preference cookies: Theme settings, language preferences

6.2 Analytics Cookies

With your consent, we use analytics cookies to understand how our service is used:

• Page views and user journeys
• Feature usage statistics
• Performance metrics
• Anonymous usage patterns

6.3 Cookie Management

You can manage your cookie preferences through your browser settings. Essential cookies cannot be disabled as they are required for service functionality.

7. Data Sharing and Third Parties

7.1 We Do NOT Share Personal Data With:

• Advertisers or marketing companies
• Data brokers or analytics companies
• Social media platforms (beyond OAuth authentication)
• Any third parties for commercial purposes

7.2 Limited Data Sharing

We only share data in these specific circumstances:

• Hosting Services: Self-hosted on private servers located in France
• Database: Secure cloud database providers with GDPR compliance
• OAuth Providers: GitHub and Google (only for authentication)
• Legal Requirements: When required by law or to prevent illegal activity

8. Data Retention and Deletion

8.1 Retention Periods

• Account Data: Until account deletion + 30 days for legal obligations
• Link Data: Permanently or until user deletion
• Analytics Data: 24 months maximum
• IP Addresses: Anonymized after 30 days
• Security Logs: 12 months maximum
• Session Data: 30 days after last activity

8.2 Data Deletion

When you delete your account, we immediately remove:

• All personal account information
• All created links and their analytics
• All QR codes and customizations
• All user preferences and settings

Some anonymized analytics data may be retained for legitimate business interests but cannot be linked back to your identity.

9. International Data Transfers

Data Location: Your data is primarily stored and processed within France on our private servers.

Limited data transfers outside the EEA may occur only for:

• OAuth Providers: GitHub and Google may process authentication data globally

All international transfers are protected by:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Additional security measures and encryption

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

10.1 Right of Access (Article 15)

Request a copy of all personal data we hold about you, including processing purposes and recipients.

10.2 Right to Rectification (Article 16)

Correct any inaccurate or incomplete personal data we hold about you.

10.3 Right to Erasure (Article 17)

Request deletion of your personal data when no longer necessary or when you withdraw consent.

10.4 Right to Data Portability (Article 20)

Receive your personal data in a structured, machine-readable format for transfer to another service.

10.5 Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing purposes.

10.6 Right to Restrict Processing (Article 18)

Limit how we process your data while disputes are resolved or accuracy is verified.

10.7 Exercising Your Rights

To exercise these rights:
Email: privacy@minily.fr
Response time: Within 30 days (may be extended by 60 days for complex requests)
Verification: We may request identity verification for security

Right to Lodge a Complaint:
If you're not satisfied with our response, you can file a complaint with:
CNIL (Commission Nationale de l'Informatique et des Libertés)
Website: www.cnil.fr
Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France

11. Data Security Measures

11.1 Technical Safeguards

• Encryption: All data in transit and at rest is encrypted
• Access Controls: Role-based access with principle of least privilege
• Authentication: Multi-factor authentication for administrative access
• Password Security: Bcrypt hashing with high salt rounds
• Rate Limiting: Protection against brute force and DDoS attacks

11.2 Organizational Measures

• Regular security audits and vulnerability assessments
• Data minimization and privacy by design principles
• Employee training on data protection and security
• Incident response procedures and breach notification protocols

11.3 Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms:

• We will notify the CNIL within 72 hours
• Affected users will be notified without undue delay
• We will provide details about the breach and our response measures

12. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at privacy@minily.fr and we will delete such information promptly.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated by:

• Email notification to registered users
• Prominent notice on our website
• In-app notifications for significant changes

Last updated: 9/9/2025
Effective date: 9/9/2025

14. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

We aim to respond to all privacy-related inquiries within 30 days. For urgent matters involving data security or breaches, please mark your email as "URGENT - Privacy Matter".