Integritetspolicy

Effective date: May 10, 2026

🇺🇸 English-language original. This Privacy Policy is published in English. Any translation that may appear elsewhere on the Service is provided for convenience only and has no legal effect. In the event of any discrepancy or conflict between the English version and any translated version, the English version shall prevail. The Service is governed by the laws of the State of South Carolina and the United States of America.

🇺🇸 → 🇪🇺 Notice for EU/EEA visitors. The Service is operated from the United States and is governed exclusively by the laws of the State of South Carolina and the United States of America. Forwrd is not established in the European Union and does not act as an EU-based controller or processor under Regulation (EU) 2016/679 ("GDPR"). When you use the Service, the destination URLs you submit, click logs, account data, and limited analytics are transferred to and processed in the United States. Your statutory consumer-protection and data-protection rights under the law of your country of residence are not waived; see Section 9 below for how to exercise them.

The short version: Forwrd is a URL shortener. We store the destination URLs you create short links for, plus basic click logs (timestamp + language) needed to count clicks and prevent abuse. We don't sell your data. Accounts only need a name, email, and password. The Service is operated from Beaufort, South Carolina, USA.

This policy explains how Forwrd ("we", "us", "our") handles information when you use forwrd.us (the "Service"). The Service is operated from the United States and is governed by the laws of the State of South Carolina.

1. What we collect

When you create a short link, we store: the destination URL, the slug (short code), the page language at creation time, the time of creation, an aggregate click counter, and — if you are signed in — a reference to your account. We do not store the IP address that created the link.

When someone follows a short link, we log a single click event consisting of: the slug, a timestamp, and the page language. We do not log full IP addresses, full User-Agent strings, or browser fingerprints in connection with click events.

When you create an account, we store: your display name, your email address, and a securely hashed password. Authentication is handled by our backend provider; your password is never stored in plaintext.

When you visit the Service generally, our hosting provider may temporarily process standard server-log data (IP address, request URL, User-Agent, timestamp) for security and abuse-prevention purposes. These logs are retained for a short period and not used to build profiles of individual visitors.

2. Why we collect it

Operate the redirect. The destination URL is required to send visitors to the right place.
Click statistics. Click events power the per-link click counts and time-series charts shown to link owners (Tracker and Pro plans).
Account features. Email + password let you log in to manage your links. Display name appears in your account UI; for Pro custom-suffix links, the username you choose appears in the public short URL (e.g. forwrd.us/yourname/launch).
Abuse prevention. Slugs, click counts, and short-term server logs help us detect and disable spam, phishing, and other abuse.
Billing. If you subscribe to a paid plan, our payment processor handles the transaction and shares only the minimum data we need to provision your subscription (see Section 5).

3. What we do not collect

We do not require an account to create short links.
We do not require — and do not ask for — your physical address, phone number, date of birth, or government ID.
We do not store full IP addresses of people who follow short links.
We do not sell, rent, or trade personal information.
We do not build cross-site advertising profiles tied to your identity.

4. Cookies, analytics, and ads

The Service is supported by advertising. Google AdSense (and similar ad networks) may set cookies on your device when ads are displayed, including on the brief interstitial page shown before a redirect on free and Tracker-plan short links. On EU/EEA visits, non-essential and advertising cookies are loaded only after you indicate consent via the cookie banner; you can withdraw consent at any time by clearing site cookies or via the controls in the banner.

See our Cookie Policy for the categories of cookies used and how to manage them. Pro accounts can disable the interstitial ad page for short links they own; ads may still appear elsewhere on the Service.

5. Service providers (sub-processors)

We rely on a small number of third-party providers to operate the Service. They process limited data on our behalf only to the extent required to deliver their part of the Service:

Managed backend (Supabase) — hosting, database, authentication. Stores short links, click events, and account data.
Cloudflare — content delivery, DDoS protection, edge runtime.
Google AdSense — advertising and ad measurement.
Payment processor (e.g. Stripe or Paddle) — secure handling of subscription payments. We receive a customer/subscription identifier and billing status; full card data stays with the processor.

These providers may store data in the United States and other jurisdictions. We do not authorize them to use the data we share for their own marketing purposes.

6. Public information

Short links are public by design: anyone who knows or guesses a slug can see the page it redirects to. Do not put confidential information into the destination URL or the slug. For Pro custom-suffix links, the username portion of the URL is also public.

7. Data retention

Active short links and their click counters are retained as long as the link exists.
Click events are retained for as long as needed to display historical charts and detect abuse, and may be aggregated into anonymized statistics that are retained indefinitely.
Account data is retained until you delete your account; you may request deletion by emailing privacy@forwrd.us.
Disabled or removed links may be retained in disabled form for fraud prevention, accounting, and legal purposes.
Server logs are retained for a short period (typically up to 30 days) before being rotated.

8. Data security

The Service is served exclusively over HTTPS. Passwords are hashed by our authentication provider. Access to production data is restricted to the operator of the Service. No system is perfectly secure; we cannot guarantee that unauthorized access will never occur, but we will notify affected users without undue delay if a security incident affecting their personal data takes place, where required by applicable law.

9. International users & applicable law

Forwrd is operated from the United States. By using the Service you acknowledge that the limited information we collect (see Sections 1 and 2) is processed in the United States, which may have data-protection rules that differ materially from those of your country of residence. Your statutory rights under the law of your country of residence — including, where applicable, rights of access, rectification, erasure, restriction, portability, and objection under the GDPR or equivalent UK/Swiss law — are not waived; you may exercise them by emailing privacy@forwrd.us, and we will respond on a best-effort basis.

9a. EU/UK data-subject requests — non-binding accommodation

Although Forwrd is not established in the European Union and does not consider itself a controller within the meaning of Article 4(7) GDPR, we will, as a matter of good faith and on a best-effort basis, respond to good-faith requests from EU/EEA, UK, and Swiss residents seeking to access, rectify, erase, restrict, port, or object to processing of any personal data attributable to them, where reasonably identifiable. Send requests to privacy@forwrd.us. Nothing in this paragraph constitutes an admission that the GDPR applies to Forwrd as a controller or processor, nor a submission to the jurisdiction of any EU supervisory authority.

10. Children's privacy

The Service is not directed to children under 13 (United States, COPPA), nor under 16 in the European Union. We do not knowingly collect personal information from children below those ages. If you believe a child has provided us with personal data, contact privacy@forwrd.us and we will delete it.

11. Your rights — California (CCPA/CPRA)

If you are a California resident, you have the right to know, delete, correct, and opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA.

12. Governing law and language

This Privacy Policy is governed by, and shall be interpreted in accordance with, the laws of the State of South Carolina and the United States of America, without regard to conflict-of-law principles. The English version of this Policy is the sole authoritative version. Any translation that may appear elsewhere on the Service is provided for convenience only; in the event of any discrepancy between the English version and any translated version, the English version shall prevail and govern. This does not deprive you of any non-waivable consumer-protection right granted by the mandatory law of your country of residence.

13. Changes to this policy

If we update this policy, the "Effective date" above will change. Material changes affecting registered users will additionally be communicated by email. Continued use of the Service after a change becomes effective constitutes acceptance of the updated policy.

14. Contact us

Privacy questions: privacy@forwrd.us. Abuse reports: abuse@forwrd.us. Forwrd is operated from Beaufort, South Carolina, United States of America.