Privacy Policy

a777.lt is designed to be privacy-first — for both you as a link creator and the people who click your links. This policy explains exactly what data we collect and why.

1. Data We Collect Per Click

When someone clicks a short link, we record the following for analytics purposes:

  • Timestamp of the click
  • Referrer URL (the page the visitor came from)
  • Browser name and version (derived from User-Agent header)
  • Operating system and device type (desktop/mobile/tablet)
  • Approximate country (derived from IP address via geo lookup)
  • Whether the click appears to be from a bot
  • Redirect response time in milliseconds

We do not store the visitor's IP address after geo lookup. We do not set cookies on visitors. We do not fingerprint browsers. We do not build visitor profiles or track individuals across sessions or links.

2. Data We Collect From Link Creators

When you shorten a link, we store your IP address for rate limiting (max 10 links per 10 minutes). Rate limit records are automatically purged. We generate a Customer Secret Key (a random string) that ties your links to your analytics. This key is stored as a SHA-256 hash — we cannot reverse it. The original key is shown to you once and is your responsibility to save.

3. Paid Accounts (Stats Access)

If you purchase dashboard access, we store your email address (for the purchase confirmation), your access key, and payment provider transaction IDs. We do not store card numbers — payments are processed by Stripe and PayPal. Your email is not used for marketing unless you opt in explicitly.

4. Cookies and Sessions

We use a server-side PHP session cookie (PHPSESSID) solely to generate and validate CSRF tokens that protect form submissions. This session cookie is not used for tracking and contains no personal data. It expires when you close your browser.

5. Third-Party Services

We use the following third-party services:

  • Stripe & PayPal — payment processing for paid plans. Their privacy policies apply to payment data.
  • a777web.com — our own self-hosted analytics tracker (tsts.a777web.com). No third-party analytics (no Google Analytics, no Meta Pixel).

We do not load Google Fonts, Google Analytics, Facebook Pixel, or any other external tracking scripts. All fonts are self-hosted.

6. GDPR and Your Rights

If you are in the EU/EEA, you have the right to:

  • Request access to data we hold about your links or account
  • Request deletion of your data
  • Object to processing

Because we store Customer Secret Keys as hashes (not reversible), we cannot look up your links without you providing your secret key. To request deletion, contact us at the contact page with your short codes or access key.

7. Data Retention

Click data is retained for the lifetime of the short link. Rate limit records are purged automatically. Paid account records are retained for accounting purposes for up to 7 years as required by EU tax law. You may request earlier deletion of non-accounting data.

8. Changes to This Policy

We may update this policy. Material changes will be noted with a new "Last updated" date. Continued use of the service constitutes acceptance.

Last updated: April 2026