Privacy Policy

Last updated: March 28, 2026

This Privacy Policy explains how LinkForRun processes personal data when you use the website, create or manage an account, generate short links, or contact us. It is intended to reflect the requirements of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the main rules applicable within the European Union.

This policy applies to LinkForRun itself. It does not govern third-party websites, services, or content that may be reached through shortened links published on the platform.

1. Data Controller

LinkForRun is operated by Gregory CARON / GreatCode.

Privacy contact: gregory@linkfor.run
General contact form: Contact page

2. Personal Data We Process

  • Account data: email address, username, hashed password, role data, and email verification status.
  • Link management data: the original URL you submit, the generated short code, creation date, optional label, activation status, visit counter, and favicon data associated with the target link.
  • Contact data: name, email address, subject, message content, and captcha answer submitted through the contact form.
  • Session and technical data: session identifiers and technical data required to keep you logged in, protect the service, and store the captcha challenge during a contact request.
  • Security and incident data: in some technical situations, internal error logs may contain data such as an IP address, date, technical message, severity level, or username linked to an incident.

Please avoid submitting URLs or messages that contain unnecessary personal data, confidential information, or special-category data unless you are legally entitled to do so and it is strictly necessary.

3. Purposes and Legal Bases

  • To create, authenticate, and manage user accounts: Article 6(1)(b) GDPR, performance of a contract or steps taken at your request before entering into a contract.
  • To generate, store, display, and manage short links linked to your account: Article 6(1)(b) GDPR.
  • To send account-related emails such as verification messages: Article 6(1)(b) GDPR and, where relevant, Article 6(1)(f) GDPR for account security.
  • To answer messages sent through the contact form: Article 6(1)(f) GDPR, our legitimate interest in responding to requests and maintaining communications initiated by users.
  • To secure the service, prevent abuse, troubleshoot incidents, and defend legal claims: Article 6(1)(f) GDPR, our legitimate interest in operating a secure and reliable service.
  • To comply with legal obligations or lawful requests from competent authorities: Article 6(1)(c) GDPR.

Our legitimate interests mainly include service continuity, account security, abuse prevention, technical troubleshooting, and the protection of our legal rights.

4. Whether Data Is Mandatory

Some data fields are required to provide the service. For example, an email address and password are necessary for account features, a destination URL is necessary to create a short link, and contact form fields are necessary for us to answer your request. If the required data is not provided, we may be unable to deliver the relevant feature or respond properly.

5. Recipients of Personal Data

We do not sell or rent personal data. Personal data may be accessed only by people or providers who need it for the purposes described above, in particular:

  • technical administrators and authorized maintenance personnel;
  • hosting, database, backup, or mail delivery providers acting on our behalf;
  • professional advisers or competent authorities where disclosure is legally required or necessary to establish, exercise, or defend legal claims.

6. Cookies and Similar Technologies

LinkForRun uses cookies or similar technical mechanisms that are necessary for the proper operation of the website, including session handling, authentication, and contact-form captcha management.

Based on the current version of the site, no advertising cookies, social media trackers, or marketing profiling tools have been identified. If optional audience measurement or non-essential cookies are introduced later, this policy will be updated and consent will be collected where the law requires it.

7. Retention Periods

  • Account data and associated short links: kept for as long as the account remains active and the data is needed to provide the service. After account closure or deletion, limited retention may continue where necessary for legal obligations or the establishment, exercise, or defence of legal claims, generally for no longer than 5 years.
  • Contact form messages: generally kept for up to 3 years from the last meaningful contact, unless earlier deletion is justified or a longer retention period is required for a dispute or legal obligation.
  • Technical incident and security logs: generally kept for up to 12 months, unless a longer retention period is strictly necessary to investigate an incident, ensure security, or meet a legal requirement.
  • Session data: kept for the duration necessary to maintain the session and usually deleted when the session expires or the browser session ends, subject to browser settings.

8. International Transfers

Personal data is intended to be processed primarily within the European Union or the European Economic Area. If one of our technical providers processes data outside the EU/EEA, we will rely on a lawful transfer mechanism, such as an adequacy decision or appropriate safeguards including the European Commission's Standard Contractual Clauses, where required.

9. Your Rights

Subject to the conditions and limits set by applicable law, you may have the right to:

  • obtain confirmation that your personal data is being processed and access a copy of it;
  • request rectification of inaccurate or incomplete data;
  • request erasure of data that is no longer necessary or unlawfully processed;
  • request restriction of processing in certain situations;
  • receive your data in a structured, commonly used, machine-readable format where the right to portability applies;
  • object to processing based on our legitimate interests, on grounds relating to your particular situation;
  • lodge a complaint with the CNIL or with another competent supervisory authority in the EU.

To exercise your rights, please contact us at gregory@linkfor.run. We may ask for additional information if this is necessary to verify your identity before answering your request.

10. Automated Decision-Making

LinkForRun does not carry out solely automated decision-making or profiling that produces legal effects or similarly significant effects on users within the meaning of Article 22 GDPR.

11. Security

We implement reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration, or unlawful disclosure. In particular, account passwords are stored in hashed form and access to personal data is restricted to what is necessary for operation, maintenance, and security.

12. Changes to This Policy

This Privacy Policy may be updated from time to time to reflect legal, technical, or operational changes. The latest version published on this page is the version that applies.