Privacy Policy

Account and usage data. When you create an account or use the dashboard, we process information such as your email address and any profile details you provide, plus authentication and security-related metadata.

Product analytics data. When you use the website or dashboard after consenting to analytics, we may process event data, user properties, account-level properties, device identifiers, and session identifiers in Amplitude so we can understand product usage, adoption, and account activity.

Link configuration data. We store link and domain configuration needed to operate the service (for example: custom domains, short codes, destination URLs, redirect settings, and optional link metadata).

Click analytics (event data). When a link is clicked, our edge infrastructure records non-identifying dimensions used for reporting and abuse prevention, such as referrer (where available), coarse device/OS/browser family, bot signals, and coarse location (for example country; region/city may be available depending on the network).

Nimriz is designed to be privacy-aware by default. We do not store raw IP addresses or full User-Agent strings in our analytics event store.

By default, accounts use “Privacy Mode”, which means we omit IP and User-Agent entirely from click events. If an account disables Privacy Mode, Nimriz may compute and store salted hashes of IP and User-Agent at the edge. The salt rotates daily to support per-day deduplication while preventing long-term tracking.

Configuration and aggregates. We use Postgres (via Supabase) as the system of record for accounts, domains, and link configuration, plus aggregated analytics rollups.

Raw click events. Raw click events are stored in Cloudflare Analytics Engine. Postgres does not store raw per-click logs. We may also maintain privacy-safe archives and customer export artifacts in cloud object storage to support long-term reporting.

Product analytics. Product analytics data sent to Amplitude is stored in Amplitude's EU residency environment.

Our website and/or app may use cookies and similar technologies for security, basic functionality, and measurement.

When you consent to analytics cookies, Nimriz initializes Amplitude in the app codebase for product analytics. This may create or access cookies or similar browser storage for identifiers such as device ID and session ID so product analytics remain consistent across visits and across the Nimriz marketing and app surfaces on our domain.

When analytics consent is granted, Amplitude may also enable related product features such as Session Replay, Experiment, and Guides and Surveys, depending on product configuration at the time of your visit.

We may also use Google Tag Manager (“GTM”) to load other consent-gated tags. Those tags may set cookies or collect online identifiers depending on how they are configured.

For more details, see our Cookie Policy.

You can control cookies through your browser settings. Some features may not work correctly if you block all cookies.

We use service providers (“subprocessors”) to host and operate Nimriz. Depending on the feature, this may include Cloudflare (edge redirects and Analytics Engine), Supabase (Postgres), Amplitude (product analytics and related analytics features in the EU residency environment), and Google (GTM for other consent-gated tags).

We may disclose information if required to comply with law, to protect users, or to enforce our Terms.

We retain information for as long as necessary to provide the service and meet legal, security, and operational requirements.

Deleting your workspace or profile removes your access and deletes the associated configuration and aggregate data from our primary databases. However, raw click events in our analytics engine are append-only and age out based on platform retention limits; they cannot be selectively erased on a per-account basis.

Depending on your location, you may have rights to request access, correction, deletion, or restriction of your personal data. To make a request, email legal@nimriz.com.

For links you click on customer-controlled domains, the destination website is operated by a third party and has its own privacy practices.