Privacy Policy

Memorajo LTD is controller for Nimriz account administration, our website and dashboard, billing, product analytics, security, abuse prevention, platform reliability, subprocessors, and legal operations.

Customers control their branded domains, destinations, campaign purposes, link metadata, pixels, conversion payloads, exports, webhooks, and integration destinations. For customer-controlled link analytics, conversions, exports, webhooks, and integration delivery performed through the Service on customer instructions, Nimriz acts as processor where the applicable terms or DPA say so.

Nimriz may separately process limited redirect and service data as controller where needed for security, abuse prevention, legal compliance, fraud prevention, and platform reliability.

Account and workspace data. When you create an account or use the dashboard, we process information such as your email address, profile details you provide, membership, authentication, security metadata, workspace settings, and organization roles.

Product analytics data. When you use the website or dashboard after allowing analytics, we may process event data, user properties, account-level properties, device identifiers, and session identifiers in Amplitude so we can understand product usage, adoption, and account activity.

CRM and support context. If you submit a contact, support, subscription, or signup opt-in form, we may process the information you provide, bounded attribution context, consent status, and account or workspace context in HubSpot so we can respond, manage consent, and understand customer lifecycle milestones.

Link configuration data. We store link and domain configuration needed to operate the service, including custom domains, short codes, destination URLs, redirect settings, UTM fields, custom parameters, pixels, integrations, conversion settings, and optional link metadata.

Redirect analytics data. When a link is clicked, our edge infrastructure records privacy-aware dimensions used for service operation, reporting, deduplication, exports, integrations, security, and abuse prevention. This can include time, link/domain identifiers, country, region, device category, browser/OS family, bot signals, referrer host, social source, sanitized referrer URL in standard privacy, and daily-salted visitor hashes in standard privacy.

Nimriz does not store raw IP addresses or full User-Agent strings in redirect analytics. We may use these values transiently at the edge to derive reporting dimensions, detect bots, and compute hashes before raw values are discarded.

In standard privacy, Nimriz may compute daily-salted pseudonymous hashes of IP address and User-Agent to support per-day deduplication, unique-click reporting, security, and abuse prevention. The salt rotates daily to prevent long-term identifier reuse. In strict privacy, those hashes are omitted and selected granular fields, such as city, colo, and sanitized referrer URL, are also omitted.

These hashes are treated as pseudonymous personal data and sensitive operational data.

Configuration, accounts, and aggregates. We use Postgres (via Supabase) as the system of record for accounts, domains, link configuration, immutable business facts, and aggregated analytics rollups.

Redirect analytics. Cloudflare Analytics Engine stores a bounded hot projection for realtime views and rollups. Privacy-aware touch archives and customer export artifacts may be stored in cloud object storage to support reporting, replay, warehouse loading, and customer-requested exports. Postgres is not used as a generic per-click raw log store.

Product analytics and CRM. Product analytics data sent to Amplitude is configured for Amplitude's EU residency environment. CRM and support context may be processed in HubSpot.

Our website and dashboard may use cookies and similar technologies for security, basic functionality, preferences, analytics, and marketing, depending on your choices.

Cookie preferences apply to your browser on Nimriz website and dashboard surfaces. They do not disable core redirect analytics for customer links. Redirect analytics follow the workspace, organization, and link privacy settings that apply to the link.

Customer-configured ad-pixel interstitials and downstream advertising platforms are separate from Nimriz website cookie preferences. Customers are responsible for the notices, legal basis, consent where required, and vendor configuration for those campaign choices.

For more details, see our Cookie Policy.

Where data protection law requires a legal basis for Nimriz controller processing, we may rely on contract, legitimate interests, consent, legal obligations, or legal claims depending on the context.

Examples include contract for account administration and service delivery, legitimate interests for security, abuse prevention, service reliability, support, and proportionate product improvement, consent for optional browser analytics or marketing tools where required, and legal obligations for tax, accounting, compliance, and lawful requests.

Where Nimriz acts as processor for customer-controlled link analytics, conversions, exports, webhooks, or integrations, the customer is responsible for determining the legal basis for that campaign context.

Customers are responsible for the campaign purposes, destinations, branded domains, link metadata, pixels, conversion payloads, exports, webhooks, integrations, downstream vendors, notices, legal basis, and consent where required for their use of Nimriz.

Customers should not place personal data, secrets, access tokens, or sensitive data in destination URLs, short-link paths, UTM fields, custom query parameters, pixel settings, or conversion payloads unless they have an appropriate basis and understand how those values are processed downstream.

We use service providers and subprocessors to host, secure, operate, measure, support, and bill for Nimriz. Depending on the feature, these may include Cloudflare, Supabase, Vercel, Amplitude, Google, HubSpot, and Paddle.

See our Subprocessors page for a current provider list. We may also disclose information if required to comply with law, to protect users, or to enforce our Terms.

We retain information for as long as necessary to provide the service and meet legal, security, contractual, and operational requirements. Retention periods may vary by data category, account status, plan, and feature.

Deleting your workspace or profile removes your access and deletes associated configuration and aggregate data from our primary databases according to our deletion process. Append-only analytics, archive, warehouse, log, or backup systems may age out based on platform retention limits and operational schedules.

Depending on your location, you may have rights to request access, correction, deletion, objection, portability, or restriction of your personal data. To make a request, email legal@nimriz.com.

For customer-controlled link analytics, the customer may be the controller for the campaign context. If your request relates to a link you clicked for a customer campaign, we may direct you to that customer or assist the customer in responding where required by the applicable terms or DPA.