1. Data Controller
MI6.TF is the data controller responsible for your personal data. For any privacy-related inquiries, please contact us through the information provided on our website.
2. Information We Collect and Legal Basis
2.1 Data You Provide
- Original URLs: The long URLs you submit for shortening (Legal basis: Contract performance)
- Uploaded Files: Files you upload for temporary sharing, including filenames and content (Legal basis: Contract performance)
- Optional settings: Expiration dates, access limits, download limits, and passwords (Legal basis: Contract performance)
2.2 Automatically Collected Data
- IP addresses: For security, fraud prevention, and abuse protection (Legal basis: Legitimate interest)
- Basic request metadata and derived request fingerprint: Such as user-agent and selected request headers used to detect abuse, rate-limit evasion, and repeat malicious behavior (Legal basis: Legitimate interest)
- Access timestamps: When URLs are created and accessed, and when files are uploaded and downloaded (Legal basis: Legitimate interest)
- File metadata: File sizes, types, upload timestamps, and download counts (Legal basis: Legitimate interest)
- Security-enforcement metadata: For suspicious shortening attempts, this may include destination hostname, normalized URL signature, detection reasons, and enforcement timestamps (Legal basis: Legitimate interest)
- Basic usage statistics: Aggregated and anonymized usage data (Legal basis: Legitimate interest)
3. How We Use Your Information
We process your personal data for the following purposes:
- Providing URL shortening and temporary file sharing services
- Enforcing upload quotas and rate limits to prevent abuse
- Preventing abuse and malicious activity
- Blocking harmful content (malware, executable files, etc.)
- Detecting suspicious direct runnable-download shortening attempts
- Applying and administering temporary abuse-prevention controls, warnings, and enforcement records
- Maintaining platform security
- Complying with legal obligations
4. Data Retention
Shortened URLs: Until expiration (if set) or deletion by administrators
Uploaded Files: Automatically and permanently deleted after 1–6 hours. Cannot be recovered after deletion.
File Metadata: Retained for 30 days after file deletion for security and quota tracking
Access/Download Logs: 90 days for security purposes
IP Addresses and Derived Request Fingerprints: 30 days by default, and longer when reasonably necessary for abuse investigations, repeat-attempt detection, or enforcement history
Security Enforcement Records: Suspicious shortening attempt records and temporary creation-block records may be retained for as long as reasonably necessary to investigate abuse, enforce policy, and maintain an audit trail
Anonymized Statistics: Indefinitely (cannot identify individuals)
5. Your GDPR Rights
Under the General Data Protection Regulation (GDPR), you have the following rights:
Right to Access: Request a copy of your personal data we hold
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your personal data ("right to be forgotten")
Right to Restriction: Request limitation of processing your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Where processing is based on consent
Right to Lodge a Complaint: File a complaint with your local data protection authority
To exercise any of these rights, please contact us. We will respond within one month.
6. Data Sharing and Transfers
We do not sell your personal data. We only share data:
- When required by law or legal process
- To protect our rights or safety
- With your explicit consent
If we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses).
7. Cookies and Tracking
We do not use cookies or third-party tracking technologies. Any session data is stored locally in your browser and is not transmitted to our servers.
8. Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
This includes automated and manual abuse-prevention controls designed to detect malicious links, suspicious runnable-download shortening attempts, quota abuse, and repeated policy violations. These controls may create security logs and temporary enforcement records for review by administrators.
9. Children's Privacy
Our service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last Updated" date. Continued use of our service after changes constitutes acceptance.
11. Contact Us
For any questions about this Privacy Policy or to exercise your GDPR rights, please contact us through the website.