Privacy Policy – Strmfy

1. Data Controller

APPHUBIC LTD operates Strmfy and is the data controller for personal data we process via the website and APIs.

Registered Office: 20 Wenlock Road, London, England, N1 7GU
Company Number: 16438256

Contact: support@strmfy.com (subject: “Privacy”).

EU/EEA Representative (if applicable): [To be designated if required].

2. Scope & Who This Applies To

This Policy applies to visitors, account holders, and API users (“users”). If you use our APIs to process your end-users’ data, you are the controller of that data and we act as your processor; in that case, a Data Processing Addendum (DPA) may apply.

3. Data We Collect

3.1 Data you provide

• Account & profile: name, email, password (hashed), company details.
• Billing: billing address, VAT/tax info; payment details are handled by our payment provider (we do not store full card numbers).
• Support & communications: messages, requests, attachments.
• API content: long URLs, custom aliases, tags, and link metadata you submit.

3.2 Data collected automatically

• Usage & logs: IP address, timestamps, user agent, device type, language, referrer, request/response metadata, error logs.
• Analytics: aggregated events such as page views, button clicks, link clicks.
• Cookies and similar technologies (see Section 5).

3.3 Data from third parties

• Payment processors: transaction status, last 4 digits & brand (tokenized), payment intent results.
• Single Sign-On (if enabled): we may receive your email/name from your identity provider.

4. Purposes & Legal Bases

• Provide the service (create short links, analytics, API access) — Contract.
• Account administration (auth, security, billing) — Contract / Legal obligation.
• Security (fraud prevention, abuse detection, rate limiting, logs) — Legitimate interests / Legal obligation.
• Improve and develop features and performance — Legitimate interests.
• Communications (service notices, updates; marketing with your consent) — Contract / Consent / Legitimate interests.
• Legal compliance (tax, accounting, lawful requests) — Legal obligation.

5. Cookies & Similar Technologies

We use cookies, local storage, and similar technologies to operate and improve the service.

5.1 Types

• Strictly necessary: login sessions, security, load balancing.
• Preferences: language, UI settings.
• Analytics: aggregated usage statistics.
• Marketing (if used): measure campaign performance.

5.2 Your choices

You can manage non-essential cookies via our preference center:

Open Cookie Settings

You may also disable cookies in your browser. Some features may not function without essential cookies.

6. Sharing & Processors

We do not sell personal data. We share data with service providers (“processors”) who help us operate the service, such as hosting, analytics, email delivery, customer support, and payment processing, under appropriate data protection agreements.

We may disclose data:

• to comply with laws or lawful requests;
• to protect rights, safety, and security of users and the service;
• in connection with a corporate transaction (merger, acquisition), subject to safeguards.

7. International Transfers

Your data may be processed outside your country. Where required, we use appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA), the EU Standard Contractual Clauses (SCCs), and additional measures where necessary.

8. Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit, access controls, least-privilege, audit logging, and regular reviews. No method of transmission or storage is 100% secure.

9. Data Retention

• Account data: retained while your account is active and for a reasonable period thereafter (e.g., 6–24 months) for accounting, security, and dispute resolution, unless longer required by law.
• Logs & analytics: typically short to medium term (e.g., 30–365 days) depending on security and operational needs.
• Billing records: retained per legal obligations (e.g., 6–10 years in many jurisdictions).

10. Your Rights

Subject to applicable law (UK GDPR/EU GDPR), you may have the right to:

• Access your personal data;
• Rectify inaccurate or incomplete data;
• Erase data (right to be forgotten);
• Restrict or object to processing (including processing based on legitimate interests and direct marketing);
• Portability of data you provided to us;
• Withdraw consent at any time (where processing is based on consent); withdrawing consent does not affect prior lawful processing.

To exercise rights, contact us at support@strmfy.com. We may need to verify your identity. If we act as a processor for your data (e.g., via API on behalf of a customer), please contact that customer (the controller) directly.

11. Children

Strmfy is not directed to children. Do not use the service if you are below the age required by your country to consent to data processing (e.g., 13–16). We do not knowingly collect such data; if you believe a child has provided data, contact us to request deletion.

12. Changes to This Policy

We may update this Policy to reflect changes in our practices or legal requirements. We will update the “Last Updated” date and, where appropriate, provide additional notice.

13. Contact & Complaints

Data Controller: APPHUBIC LTD
20 Wenlock Road, London, England, N1 7GU
Company Number: 16438256

Email: support@strmfy.com

Supervisory Authority (UK): You may lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk. EU/EEA users may also contact their local data protection authority.