Privacy Policy

At Spoo.me, accessible from https://spoo.me, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by Spoo.me and how we use it.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us at [email protected].

Information We Collect

Account Information

When you create an account on Spoo.me, we collect:

• Email address: Used for account creation, verification, and communication
• Display name: Your chosen username for the platform
• Password: Stored as a secure hash (we never store plain text passwords)
• Profile picture: If provided through OAuth authentication

Authentication Data

We offer multiple authentication methods:

• Email/Password Authentication: We store your email and password hash securely
• OAuth Authentication: When you sign in with Google, GitHub, or Discord, we receive your email address, display name, and profile picture from these providers. We do not receive or store your passwords for these services
• Session Cookies: Authentication cookies are used to maintain your logged-in session
• Email Verification: We send verification codes to confirm your email address

User-Generated Content

When you use our services, we store:

• Shortened URLs: The URLs you create, including custom aliases and target destinations
• API Keys: Keys you generate for programmatic access to our API
• URL Metadata: Creation dates, expiration settings, and password protection preferences

Usage Data and Analytics

We collect data about how you interact with our services:

• Click Analytics: Anonymized data about clicks on your shortened URLs, including geographic location, device type, and referrer information
• API Usage: Request logs for API calls made with your API keys
• Service Usage: Feature usage patterns to improve our platform

Log Files

Spoo.me follows a standard procedure of using log files. These files log visitors when they visit websites. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable except when you are logged in to your account. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information.

When you visit a short URL on Spoo.me, we collect your IP address. For anonymous visitors, this data is anonymized. For logged-in users, we may associate this data with your account to provide analytics for your shortened URLs.

Cookies and Web Beacons

Like any other website, Spoo.me uses 'cookies'. These cookies are used to store information including visitors' preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users' experience by customizing our web page content based on visitors' browser type and/or other information.

Authentication Cookies

When you log in to your account, we use the following cookies:

• Access Token: A short-lived cookie that maintains your logged-in session (typically expires after 15 minutes)
• Refresh Token: A longer-lived cookie that allows automatic session renewal (typically expires after 7 days)
• Session Cookie: Used to maintain your login state across page visits

These cookies are essential for the authentication functionality and cannot be disabled if you wish to use account features. You can delete these cookies by logging out or clearing your browser cookies, which will sign you out of your account.

How We Use Your Information

We use the collected information for the following purposes:

• Account Management: To create, maintain, and secure your account
• Service Provision: To provide URL shortening services and API access
• Analytics: To provide you with statistics about your shortened URLs
• Communication: To send important service updates, security alerts, and email verification
• Security: To detect and prevent fraud, abuse, and unauthorized access
• Service Improvement: To understand usage patterns and improve our platform
• Legal Compliance: To comply with applicable laws and regulations

Data Sharing and Third Parties

OAuth Providers

When you authenticate using OAuth (Google, GitHub, or Discord), we receive limited information from these providers as per their privacy policies:

• Google: Email address, profile name, and profile picture
• GitHub: Email address, username, and profile picture
• Discord: Email address, username, and profile picture

We do not share your Spoo.me account data back with these OAuth providers beyond what is required for authentication. Please review the privacy policies of these services: Google Privacy Policy, GitHub Privacy Policy, Discord Privacy Policy.

Third-Party Services We Use

We use the following third-party services that may collect data:

• hCaptcha: Used for spam and abuse prevention. See hCaptcha Privacy Policy
• Microsoft Clarity: Used for analytics and user experience insights. See Microsoft Privacy Policy
• Vercel Analytics: Used for web analytics. See Vercel Privacy Policy

We do not sell your personal data to third parties.

Privacy Policies

You may consult this list to find the Privacy Policy for each of the advertising partners of Spoo.me.

Third-party ad servers or ad networks uses technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on Spoo.me, which are sent directly to users' browser. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit.

Note that Spoo.me has no access to or control over these cookies that are used by third-party advertisers.

Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures:

• Password Security: All passwords are hashed using industry-standard bcrypt algorithm before storage
• Encryption: Data transmission is encrypted using HTTPS/TLS
• Access Controls: Strict access controls limit who can access user data
• Regular Security Audits: We regularly review our security practices
• Secure Database: User data is stored in secure, access-controlled databases

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

• Account Data: Retained while your account is active and for a reasonable period after account deletion for backup and legal purposes
• Shortened URLs: Retained indefinitely unless you delete them or they expire based on your settings
• Analytics Data: Anonymized click data is retained to provide historical statistics
• Log Files: Server logs are typically retained for 90 days for security and debugging purposes
• Deleted Accounts: When you delete your account, we remove your personal information within 30 days, though some data may be retained in backups for up to 90 days

Your Rights (GDPR & CCPA Compliance)

Depending on your location, you may have certain rights regarding your personal information:

Rights for EU Users (GDPR)

• Right to Access: You can request a copy of all personal data we hold about you
• Right to Rectification: You can update or correct inaccurate personal information
• Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data
• Right to Data Portability: You can request your data in a machine-readable format
• Right to Restrict Processing: You can request we limit how we use your data
• Right to Object: You can object to certain types of processing
• Right to Withdraw Consent: You can withdraw consent for data processing at any time

Rights for California Users (CCPA)

• Right to Know: You can request information about the personal data we collect and how we use it
• Right to Delete: You can request deletion of your personal information
• Right to Opt-Out: You can opt-out of the sale of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

How to Exercise Your Rights

To exercise any of these rights, you can:

• Access your account settings to update or delete your information
• Export your data through your dashboard
• Contact us at [email protected] with your request

We will respond to your request within 30 days. We may need to verify your identity before processing certain requests.

Lawful Basis for Processing (GDPR)

We process your personal data based on the following lawful bases:

• Consent: You provide consent when creating an account and accepting this policy
• Contract: Processing is necessary to provide the services you requested
• Legitimate Interests: We have legitimate interests in preventing fraud and improving our services
• Legal Obligation: We may process data to comply with legal requirements

International Data Transfers

Spoo.me is operated from servers that may be located in different countries. By using our service, you acknowledge that your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

Email Verification and Communications

When you create an account, we send a verification email to confirm your email address. We may also send you:

• Security alerts and notifications
• Important service updates
• Responses to your support requests

We do not send marketing emails. All communications are service-related and essential for account operation.

Third Party Privacy Policies

Spoo.me's Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options.

You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers' respective websites.

Analytics

We use third-party analytics tools to help us measure traffic and usage trends for the Spoo.me service. These tools collect information sent by your browser as part of a web page request, including the web pages you visit, your browser add-ons, and other information that assists us in improving the service. We may collect and use this analytics information together with your IP address to infer your approximate location.

Specifically, we use Microsoft Clarity and Vercel's web analytics feature for insights into our website's usage and user experience. These tools record information about your interaction with our website, such as mouse clicks, mouse movements, scrolling activity, and the text you type into the website, which helps us to understand our users' interactions with our website and improve user experience. For more information, you can refer to Microsoft's Privacy Policy and Vercel's Privacy Policy.

Personal Data

We collect personal data necessary to provide our services, including email addresses for account creation, authentication, and communication. All personal data is handled in accordance with this Privacy Policy and applicable data protection laws including GDPR and CCPA. We value your privacy and implement appropriate security measures to protect your personal information.

Children's Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

Spoo.me does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

To create an account, users must be at least 13 years of age. By creating an account, you confirm that you meet this age requirement.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will notify you by:

• Updating the "Last Updated" date at the bottom of this policy
• Sending an email notification to registered users (for significant changes)
• Displaying a notice on our website

Your continued use of our services after any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

Online Privacy Policy Only

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in Spoo.me. This policy is not applicable to any information collected offline or via channels other than this website.

Consent

By using our website, you hereby consent to our Privacy Policy and agree to its Terms and Conditions. When you create an account, you explicitly consent to the collection and processing of your personal data as described in this policy.

Data Protection Officer

For questions or concerns regarding data protection and privacy, you can contact our team at [email protected]. We are committed to addressing your privacy concerns and ensuring compliance with applicable data protection regulations.

Update

This Privacy Policy was last updated on Saturday, November 16th, 2025. If there will be any update, amendment, or changes to our Privacy Policy then these will be posted on this page.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your personal information, you can contact us:

• Email: [email protected]
• For GDPR-related requests: Please specify "GDPR Request" in your subject line
• For CCPA-related requests: Please specify "CCPA Request" in your subject line

We will respond to your inquiry within 30 days.