prvly logoprvly
Sign in

Privacy Policy

Last updated: 1 Sep 2025

Controller

Daniel Hommen
Postfach 300610
53186 Bonn
Germany
Email: contact@prvly.de

Scope and purpose of processing

We operate a privacy‑first short‑link service. Destination URLs and related metadata are encrypted in your browser and stored only as ciphertext on our servers (zero‑knowledge design). We process personal data primarily to provide, secure, and bill for the service.

  • Account and authentication data (if you sign in via our identity provider).
  • Service data: encrypted link blobs, minimal technical metadata (timestamps, identifiers).
  • Server logs for security and troubleshooting (e.g., IP address, user agent).
  • Billing data processed by our payment provider for paid plans.

Legal bases (GDPR)

  • Art. 6(1)(b) GDPR (contract) for providing the service and handling payments.
  • Art. 6(1)(f) GDPR (legitimate interests) for security, abuse prevention, and service reliability.
  • Art. 6(1)(c) GDPR (legal obligation) where applicable (e.g., tax/record‑keeping duties).

Hosting and processors

Our servers are hosted in the European Union by IONOS. We use carefully selected processors to operate the service:

  • Hosting: IONOS (EU datacenters).
  • Payments: Stripe (payment processing and invoicing).
  • Support chat (Pro plan only): Userlike (in‑app widget for customer support).

Support chat (Pro plan)

We offer live support chat for Pro users via the third‑party provider Userlike. The chat widget is loaded only when you are signed in and your account is on the Pro plan. It is not shown on public pages or for Free accounts.

When the widget loads, your browser retrieves script files from Userlike’s CDN and connects to their systems (including API and WebSocket endpoints) to provide the chat. This necessarily transmits technical data such as your IP address, browser and device information, the page you’re on, and timestamps. If you use the chat, the content of your messages and any contact details you provide are processed by Userlike to deliver support. For Pro users, we pass your account email (and, if available, display name) to the widget to identify you for support. This helps link conversations to your account and may skip redundant registration steps in the chat.

Legal bases: for Pro users, Art. 6(1)(b) GDPR (performance of contract) to provide support; additionally, Art. 6(1)(f) GDPR (legitimate interests) in efficient customer service and service reliability. Userlike may act as our processor. International transfers by the provider, if any, are covered by appropriate safeguards (e.g., Standard Contractual Clauses). For details, please refer to Userlike’s privacy information.

If you prefer not to use the chat, you can contact us by email at contact@prvly.de.

Chrome extension

Our Chrome extension is an optional companion to the prvly service. It does not run tracking in the background and does not sell or use personal data for advertising. It only acts when you interact with it (e.g., clicking the extension button or using the context menu) to help you create a privacy‑preserving short link or QR code for the page you are on.

Data the extension processes

  • On use, the current tab’s URL you choose to shorten and the options you set (e.g., max clicks, expiry).
  • For Pro features, a one‑time plan check using your existing prvly session (if you are signed in on prvly.de).
  • No continuous collection of browsing history, page content, or keystrokes.

How the data is used

When you request a short link, the URL is encrypted client‑side (in your browser) before being sent to our servers. We store only the ciphertext and minimal technical metadata (timestamps, identifiers, optional click limits and expiry). The decryption key is embedded in the link fragment and is never sent to our servers. For offline QR codes, generation happens locally in your browser.

Permissions

The extension requests the minimum necessary permissions (for example, access to the active tab) so it can read the current tab’s URL when you invoke it. It does not request blanket access to all sites and does not collect your browsing history.

Sharing and third parties

Data from the extension is transmitted only to prvly’s own backend to provide the requested function. We do not sell data. The extension does not embed third‑party trackers. Billing (Stripe) and support chat (Userlike) are part of the web app; the extension does not send your data directly to those services.

Storage and retention

The extension does not store personal data persistently in your browser beyond minimal local settings, if any. Data you send to prvly through the extension is subject to the retention rules described in this policy (see Retention above).

Security

Communication with our servers uses TLS. The core zero‑knowledge design applies equally when you create links via the extension: destination URLs are encrypted client‑side.

Your choices

  • You can disable or uninstall the extension at any time in your browser.
  • You can sign out of prvly in the web app, which disables Pro‑only functions in the extension.
  • You can create links directly on prvly.de without using the extension.

International data transfers

Where processors transfer data outside the EU/EEA (e.g., Stripe), such transfers are protected by appropriate safeguards, typically Standard Contractual Clauses (SCCs) under Article 46 GDPR. Details are available from the respective provider.

Retention

Encrypted links expire automatically after their configured lifetime. Account, billing, and log data are retained only as long as necessary for the stated purposes and statutory retention periods, after which they are deleted or anonymized.

Cookies and tracking

We use strictly necessary cookies to maintain sessions and authentication. We do not use marketing cookies or third‑party tracking for advertising. We do not perform behavioral profiling.

The Pro support chat widget from Userlike may set technically necessary cookies and use network storage to operate the chat. These are not used for advertising or cross‑site tracking by us.

Your rights

  • Access, rectification, erasure, and restriction (Art. 15–18 GDPR).
  • Data portability (Art. 20 GDPR) and objection (Art. 21 GDPR).
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

To exercise your rights, contact us at contact@prvly.de.

Security

We employ industry‑standard security measures. The core of our service is client‑side encryption: decryption keys are embedded in the URL fragment and never transmitted to our servers.

Changes

We may update this policy to reflect operational, legal, or regulatory changes. The latest version is always available on this page.

Privacy Policy — prvly