Zepink

Privacy Policy

Last updated: April 2, 2026

This Privacy Policy explains how Zepink ("we", "us", "our") collects, uses, and protects your information when you use the Zepink URL shortening service ("Service").

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and (if using OAuth) your profile image from the authentication provider. We store a hashed version of your password — we never store passwords in plain text.

Click Analytics Data

When someone clicks a Zepink short link, we collect:

  • Country and city — derived from Cloudflare's CF-IPCountry header and geolocation data. We do not store the visitor's IP address.
  • Device type, browser, and OS — parsed from the User-Agent header.
  • Referrer URL — the page the visitor came from (if available).
  • Timestamp — when the click occurred.
  • Unique visitor hash — a one-way SHA-256 hash of the visitor's IP + link slug + date. This hash expires after 24 hours and cannot be reversed to obtain the IP address. It is used solely to count unique visitors per day.

What We Do NOT Collect from Link Visitors

  • IP addresses (we never store them)
  • Cookies (link visitors receive no cookies from Zepink)
  • Personal information of any kind
  • Cross-site tracking data

2. How We Use Your Information

  • Account data — to authenticate you, manage your subscription, and send service-related emails.
  • Click analytics — to provide analytics dashboards to link creators. Analytics data is visible only to the link creator.
  • Aggregated data — we may use anonymized, aggregated statistics for service improvement. This data cannot identify any individual.

3. Cookies

Zepink uses essential cookies only:

  • Session cookie (better-auth.session_token) — an HTTP-only, secure cookie used to maintain your login session. It expires after 7 days or when you sign out.
  • Anonymous link cookie (zepink_anon) — a hashed identifier used to associate anonymous links with your browser. It expires after 30 days.

We do not use tracking cookies, third-party analytics cookies (no Google Analytics, no Facebook Pixel), or advertising cookies. Visitors who click your short links do not receive any cookies from Zepink.

4. Data Retention

Data TypeRetention Period
Account informationUntil you delete your account
LinksIndefinitely (unless you delete them)
Click analytics (Free)30 days
Click analytics (Pro)1 year
Click analytics (Business/Premium)2 years
Unique visitor hashes24 hours (auto-deleted)

5. Data Storage and Security

All data is stored on Cloudflare's infrastructure (D1 database and Workers KV). Data is encrypted in transit (HTTPS/TLS) and at rest. We do not transfer data to third parties except for:

  • Stripe — for payment processing (email, subscription data)
  • Resend — for transactional emails (email address only)

6. Your Rights

You have the right to:

  • Access your account data through the dashboard
  • Export your link data (Business and Premium plans)
  • Delete your account and all associated data
  • Request a copy of data we hold about you

7. Third-Party Links

Zepink short links redirect to third-party websites. We are not responsible for the privacy practices of destination websites. We check URLs against Google Safe Browsing at creation time but cannot guarantee ongoing safety.

8. Children's Privacy

Zepink is not intended for use by children under 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email. The "Last updated" date at the top indicates the most recent revision.

10. Contact

Privacy questions? Contact us at privacy@zepink.com.