savmrl.it

Privacy policy


1. Introduction & Scope

Welcome to savmrl.it (the “Service”, “we”, “us”, or “our”). This Service provides a URL shortening and redirection feature.

This Privacy Policy explains how we collect, use, store, and protect data when you use our Service. We are committed to complying with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679) and applicable Italian privacy laws.

Our servers are hosted in Italy (via Aruba.it), and the Service operates under Italian jurisdiction.

By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use savmrl.it.

2. Data We Collect

We only collect the data necessary to provide the Service and ensure its proper functioning and security.

2.1 Data Provided by the User

  • The original URL you want to shorten.
  • Optional settings: maximum number of clicks, expiry date, and an access code / password to restrict access.

If you set an access code, it is stored encrypted (hashed) in our database, and the link is stored encrypted (AES-256) as well, so that even the service operator cannot view the plain text. Other data such as timestamps and the user’s IP address are stored in clear text to ensure correct functionality.

2.2 Data Automatically Collected

  • The public IP address of the client creating or accessing the link.
  • The timestamp of creation or access.
  • The click count for the shortened link.
  • The link expiry settings and any hashed access code.

We do not collect additional personal data such as names, emails, or precise geolocation.

3. Purpose and Legal Basis for Processing

Purpose Legal Basis (GDPR) Details
Provide link shortening and redirection Performance of a contract / user request Processing is necessary to create and manage shortened links.
Enforce expiry, access codes, click limits Legitimate interest Necessary to provide requested link protection and validity features.
Prevent abuse and maintain security Legitimate interest Monitoring to protect service from spam, abuse, or attacks.
Technical logs and analytics Legitimate interest Used for reliability, debugging, and improving performance.
Legal compliance Legal obligation To respond to lawful requests or enforce rights.

We do not process data for profiling, marketing, or advertising.

4. Data Sharing and Disclosure

We do not share, sell, rent, or disclose any user data to third parties under any circumstance.

Data are never transferred to external companies, analytics providers, or advertisers. Access to data is strictly limited to the service’s system administrator for operational and security purposes only.

Exceptions: Data may be disclosed only when required by law or court order (e.g., judicial or police request) or to enforce our Terms of Service or defend legal claims, if necessary.

No data are transferred outside the European Economic Area (EEA).

5. Data Retention

  • Data related to a link (original URL, creation date, IP address, expiry, click count) are kept until the link is expired or deleted.
  • Expired or deleted links may be purged after a short retention period.
  • When technically possible, users may request removal of a specific link and associated data.

After deletion, stored data are permanently erased or anonymized.

6. Data Security

We apply reasonable technical and organizational measures to protect data, including:

  • Hashed/encrypted storage for access codes;
  • Controlled and logged database access;
  • Firewall and server protections;
  • Regular security updates and audits.

Despite precautions, no system is completely immune to unauthorized access or cyberattacks. The service provider is not liable for breaches or incidents beyond reasonable control.

7. User Rights (GDPR)

If you are located in the EU/EEA, you have the following rights:

  • Access your personal data (Art. 15).
  • Rectify inaccurate or incomplete data (Art. 16).
  • Request erasure ("right to be forgotten", Art. 17).
  • Restrict processing (Art. 18).
  • Data portability, when applicable (Art. 20).
  • Object to processing based on legitimate interests (Art. 21).
  • Withdraw consent where applicable.
  • Lodge a complaint with the supervisory authority (Garante per la Protezione dei Dati Personali).

Requests should be sent to the contact below. We may need to verify identity before acting on requests.

8. Disclaimer and Limitation of Liability

The Service is provided "as is" without warranties. The operator of savmrl.it is not responsible for:

  • Content or safety of shortened links;
  • Continuous availability or correctness of the Service;
  • Damages resulting from malicious, fraudulent, or inappropriate use of the Service;
  • Data loss, technical issues, or temporary unavailability.

Users are responsible for the URLs they submit and share.

9. Data Controller & Contact

Data Controller: Saverio Morelli
Contact: https://www.saveriomorelli.com/contact-me/

For privacy inquiries or requests regarding your personal data, contact the email above. If unresolved, you may file a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali): https://www.garanteprivacy.it.

10. Changes to This Privacy Policy

We may revise this Privacy Policy from time to time. The latest version will always be available at https://www.savmrl.it/privacy with the updated "last modified" date. Please review periodically.

By using the savmrl.it shortener service, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

Last updated: 16 Oct 2025