Privacy Policy

Last updated: March 31, 2026

We believe in radical transparency. This policy tells you exactly what data we collect, why, and what you can do about it — in plain English.

1. Introduction

SmartLink Pilot ("we," "our," or "us"), operated by Mayobe Bros, is committed to protecting your privacy and being transparent about how we handle your personal information. This Privacy Policy explains what data we collect, why we collect it, how we use it, who we share it with, and what rights you have over your data.

This policy applies to all users of SmartLink Pilot, including visitors to our website (smartlinkpilot.com), registered account holders, API users, and anyone who clicks a SmartLink Pilot shortened link. By using our service, you acknowledge that you have read and understood this policy.

If you do not agree with any part of this policy, please discontinue use of our services. You may contact us at privacy@smartlinkpilot.com with any questions before deciding whether to continue.

2. Information We Collect

2.1 Account Registration Data

When you create a SmartLink Pilot account, we collect your full name, email address, and a securely hashed password. If you register using Google OAuth, we receive your public Google profile (name, email, profile image) as authorized by you during the OAuth flow. We also collect an optional username and an optional recovery phone number, which is used solely for account recovery purposes and is never shared with third parties or used for marketing.

2.2 Link Analytics Data

When someone clicks one of your shortened links, we automatically collect the following analytics data for your reporting: the country of the click (not city or specific location), the device type (Mobile or Desktop), the browser type (Chrome, Safari, Firefox, etc.), the referring website or 'Direct' if no referrer, and the timestamp. We do not collect the personal IP address of link visitors in a way that can identify them individually. IP addresses are used only to derive country information and are not stored.

2.3 Usage & Technical Data

We collect certain technical information when you interact with our platform: your browser type and version, your device type and operating system, pages you visit within our platform, feature interactions (without recording keystrokes or form contents), and error logs that help us improve reliability. This data is used solely for platform improvement and is never used to profile individual users for advertising.

2.4 Payment Information

SmartLink Pilot uses Stripe for payment processing. We do not store your credit card numbers, CVV codes, or banking information on our servers. All payment data is handled directly by Stripe under their own PCI-DSS compliant systems. We only receive a confirmation of payment status, your subscription tier, and your Stripe customer ID for billing purposes.

2.5 Device Identifiers for Free Trial

For unauthenticated users using our free trial (up to 3 shortened links), we generate a random device identifier stored in an HTTP-only cookie. This identifier is a random UUID and is not linked to any personal information. It is used solely to enforce the 3-link trial limit and expires after one year. You can clear this by clearing your browser cookies.

3. How We Use Your Information

  • To provide, operate, maintain, and improve our URL shortening and analytics services
  • To authenticate your identity and manage your account securely
  • To process payments and manage your subscription through Stripe
  • To generate link analytics reports available in your dashboard
  • To communicate with you about service updates, security alerts, and support responses
  • To detect and prevent fraud, abuse, spam, and other malicious activity
  • To enforce our Terms of Service and Acceptable Use Policy
  • To comply with applicable laws, regulations, and legal obligations
  • To analyze aggregate usage patterns (never individual behavior) to improve the platform
  • We do NOT use your data to build advertising profiles
  • We do NOT use your data to train third-party AI systems without consent
  • We do NOT sell your email or contact information to any third parties

4. Data Sharing & Third Parties

We do not sell, rent, lease, or trade your personal data to any third parties. We share your information only in the following limited circumstances:

  • Stripe (payment processing): Your payment information is processed by Stripe. See Stripe's Privacy Policy at stripe.com/privacy
  • Vercel (hosting infrastructure): Our platform is hosted on Vercel, which processes traffic to deliver our service. Vercel is GDPR compliant
  • Prisma / Database providers: Your data is stored in a secure SQLite/PostgreSQL database instance. Only authorized internal staff have access
  • Legal requirements: If required by law, court order, or governmental authority, we may disclose data. We will notify affected users where legally permitted
  • Business transfers: In the event of a merger, acquisition, or asset sale, your data may transfer to the acquiring entity. We will provide 30 days notice
  • Protection of rights: To protect the safety, rights, or property of SmartLink Pilot, our users, or the public

5. Data Retention

We retain your account data (name, email, preferences) for as long as your account is active, plus a 30-day grace period following account deletion requests.

Analytics data (click records associated with your links) is retained for 24 months by default, after which it is automatically purged. Pro users can configure extended retention.

Payment records are retained for 7 years to comply with financial regulations.

Device identifier cookies expire after 12 months and contain no personally identifiable information.

You may request immediate deletion of all your personal data by emailing privacy@smartlinkpilot.com.

6. Your Privacy Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of all personal data we hold about you
  • Right of Rectification: Request correction of inaccurate or incomplete data
  • Right of Erasure ('Right to be Forgotten'): Request deletion of your personal data
  • Right to Data Portability: Receive your data in a structured, machine-readable format (JSON/CSV)
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Object: Object to processing of your data for marketing purposes
  • Right to Withdraw Consent: Withdraw any consent you have given at any time
  • CCPA Rights (California residents): Right to know, delete, and opt-out of sale of personal information
  • COPPA (Children): Our service is not directed to children under 13. We do not knowingly collect data from children

To exercise any of these rights, contact us at privacy@smartlinkpilot.com. We will respond within 30 days.

7. Security Measures

We implement industry-standard security measures to protect your personal information:

All data is encrypted in transit using TLS 1.3 (HTTPS). Passwords are hashed using bcrypt with a cost factor of 12 — they are never stored in plaintext. API keys and sensitive settings are stored encrypted in our database. We use HTTP-only, Secure, SameSite cookies to prevent cross-site attacks. Our servers are protected by firewalls and monitored 24/7 for anomalies. We undergo regular security reviews and address vulnerabilities promptly.

No method of internet transmission or electronic storage is 100% secure. While we implement best practices, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you within 72 hours as required by GDPR.

8. Cookies & Tracking

We use cookies and similar technologies to provide our service. For full details, please see our Cookies Policy at smartlinkpilot.com/cookies.

Essential cookies (required): Authentication session tokens to keep you logged in. Security tokens to prevent CSRF attacks. Device identifier for free trial enforcement.

Functional cookies (optional): Theme preference (dark/light mode) stored in localStorage.

We do not use third-party advertising cookies. We do not use cross-site tracking cookies. You can control cookie settings through your browser preferences.

9. International Data Transfers

SmartLink Pilot is operated from Arusha, Tanzania, with infrastructure hosted through Vercel (United States). If you are accessing our service from the European Economic Area (EEA), your data may be transferred to and processed in countries outside the EEA.

We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) where required by GDPR. By using our service, you consent to the transfer of your information as described in this policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. We will notify you of material changes by email (to the address associated with your account) and by posting a prominent notice on our website at least 14 days before changes take effect.

The date at the top of this policy indicates when it was last updated. Continued use of our service after the effective date of any changes constitutes your acceptance of the updated policy.

11. Contact & Data Protection Officer

For privacy-related inquiries, data subject requests, or questions about this policy, contact us at:

Email: privacy@smartlinkpilot.com | Subject line: 'Privacy Request'

Postal Address: SmartLink Pilot / Mayobe Bros, Arusha, Tanzania

Response time: We aim to respond to all privacy requests within 30 days.

See also: Terms of Service · Cookies Policy · Trust & E-E-A-T