Privacy Policy

Effective date: 29 April 2025

1. Operator

The lnk.ua service is operated by the Flamix team. All requests regarding personal data should be sent to [email protected]. We do not publish any other contact channels.

2. What data we collect

When you create a short link or QR code

  • the original (long) URL;
  • creator's IP address and User-Agent — for anti-abuse;
  • creation date and time;
  • link to your account, if you are signed in.

When someone visits a short link

  • visitor's IP address;
  • operating system and its version;
  • browser and its version;
  • visit timestamp.

This data is shown to the link owner as click statistics and used by us for anti-abuse.

When you sign up and sign in

  • email, name, and avatar provided by the external sign-in provider (Google and others);
  • IP address and timestamp of every sign-in (audit log).

We do not store passwords — sign-in goes through an external provider.

Cookies and analytics

  • session cookie — required to keep you signed in and for the interface to work;
  • Google Analytics — anonymised website usage statistics.

We do not set advertising cookies. We do not sell data to advertisers.

3. Why we keep this data

  • click statistics for the link owner;
  • anti-abuse: detecting repeat offenders, blocking phishing and spam campaigns;
  • account security (sign-in audit log);
  • operating and improving the service.

4. Retention

  • link and click data — for as long as the link exists;
  • sign-in audit log — up to 12 months;
  • abuse logs and related investigation data — indefinitely, or until a written deletion request if no investigation is active;
  • after account deletion, personal data is deleted within 30 days; technical logs and investigation-related data may be kept longer.

5. With whom we share data

By default — with no one. Exceptions:

  • Law enforcement — upon a valid official request (procedure — see section 7).
  • Infrastructure providers (hosting, CDN, external sign-in providers) — only to the extent technically necessary to operate the service.
  • Google Safe Browsing — we submit URLs to be checked for phishing and malware.
  • Threats to life and CSAM — data may be disclosed on our own initiative to the relevant authorities without an official request.

We do not sell your data and do not share it with ad networks or data brokers.

6. Your rights

  • request a copy of the data we hold about you;
  • request deletion of your account and the related personal data;
  • request correction of inaccurate data;
  • withdraw consent to processing (this will result in account deletion).

Send your request to [email protected] from the email address you registered with. We respond within 30 days.

7. Law enforcement requests

We cooperate with law enforcement and courts of any country where the service is available. Requests are accepted in writing only at [email protected].

The request must be sent from the official email domain of the requesting authority (e.g. @npu.gov.ua, @mvs.gov.ua, @fbi.gov, etc.). Requests from public mail providers (Gmail, Yandex, Outlook, ProtonMail and the like) will not be considered, regardless of any attached documents. We additionally verify the sender and signature; where necessary we contact the authority through the contacts published on its official website.

The request must be on the authority's official letterhead, signed by an authorised officer, and must include:

  • the name and country of the requesting authority;
  • full name, position, and official contacts of the officer in charge;
  • case or file number and the legal basis (statute reference);
  • a specific list of the data being requested;
  • identifiers of the targets: the full short link (e.g. https://lnk.ua/abc123), destination domain, or user email;
  • the time range for which the data is requested.

What we can provide upon request:

  • the original URL behind a short link;
  • creator's IP address and User-Agent, time of creation;
  • if an account exists — email, name, and sign-in audit log (IP, timestamps);
  • visit logs for the link over the requested period (visitor IP, OS, browser, timestamp).

Requests from outside the country where the service is hosted are accepted via Mutual Legal Assistance Treaties (MLAT) or through your national Interpol bureau. We do not respond to informal email requests without official credentials.

Emergency requests (imminent threat to life, CSAM): put EMERGENCY DISCLOSURE REQUEST in the subject line. Describe the nature of the emergency and provide a contact channel for fast follow-up. Such requests are handled with priority.

8. Security

The website runs over HTTPS. We apply reasonable technical and organisational measures to protect data, but no system can guarantee 100% security. In the event of a material personal data breach, we will notify affected users and competent authorities as required by law.

9. Children

The service is not intended for individuals under 13. We do not knowingly collect their data. If you believe we have inadvertently received such data — write to [email protected] and we will delete it.

10. Changes to this policy

Material changes are published on this page with an updated effective date. Continued use of the service means you accept the updated version.

11. Contact

All inquiries — [email protected].