CreepyLink

Privacy Policy

Last updated: June 2026

At CreepyLink, we build utility tools with privacy by design. This policy outlines how we handle data and why we minimize logging on all redirects.

TL;DR: Our Privacy Commitment

We operate a stateless redirect service. We do not use cookies, collect browser fingerprints, identify individuals, or log visitor IP addresses. We only store the redirection maps you explicitly create.

Our Data Practices at a Glance

What we track

  • Link opened (yes/no)
  • Timestamp of open
  • Device type (mobile/desktop)
  • Approximate location (country)

What we never do

  • Use cookies or fingerprinting
  • Track across multiple sites
  • Identify individuals
  • Store personal data
  • Track behavior or mouse movement

1. Data We Collect

To provide our redirection service, we store only the minimal parameters needed to resolve short URLs:

  • Original Destination URL: The target address you want visitors to reach.
  • Masked URL Path: The custom or random slug generated for the disguise.
  • Creation Date: Recorded strictly to manage cleanup and link expiration.

2. Data We Do NOT Collect

CreepyLink is engineered with strict limitations to prevent tracking and data collection. Our service does not:

  • Store visitor IP addresses in our databases or temporary server logs.
  • Set persistent cookies, tracking pixels, or local storage tokens on visitor devices.
  • Collect browser fingerprinting profiles or hardware identifiers.
  • Monitor user browsing behaviors before or after using our redirect.
  • Sell, rent, or monetize aggregate or individual request patterns.

3. Technical Architecture: How Stateless Redirects Work

Unlike standard URL shorteners that trace user demographics, our redirection engine is stateless and privacy-hardened:

  1. The client request hits our Edge server requesting a generated path.
  2. Our routing logic fetches the corresponding destination URL from the database directly in memory. No database record or access log writes down the requester's IP or browser identity.
  3. The server immediately responds with an HTTP 302 Found status pointing to the destination.
  4. The connection closes. We store zero traces of who initiated the request.

Implementation Note: Redirection endpoints run with server access-log headers disabled. We do not store log streams.

4. GDPR & CCPA Alignment

Because CreepyLink is designed around the core principle of data minimization (Privacy by Design), we do not collect, process, or store Personal Data or Personally Identifiable Information (PII) of link visitors.

  • GDPR Compliance: Since no visitor IP addresses or cookie identifiers are stored or linked to individual profiles, visitor requests do not fall under the scope of processing personal data under Article 4(1) of the GDPR.
  • CCPA Compliance: We do not sell, rent, or share personal information as defined by the California Consumer Privacy Act (CCPA) because we do not collect PII from redirect visitors in the first place.

5. How to Self-Verify Our Privacy Guarantee

We believe in technical transparency. You do not need to take our word for it—you can verify our zero-tracking claims yourself using standard browser developer tools:

  1. Open a new browser window and press F12 (or right-click and select Inspect) to open Developer Tools.
  2. Go to the Network tab and check the Preserve Log option.
  3. Paste any generated CreepyLink URL into your address bar and press Enter.
  4. Find the first request in the list (the one showing a 302 status code) and click it.
  5. Inspect the Response Headers. You will verify that:
    • There is no Set-Cookie header present.
    • The response contains only a standard location header pointing to the destination URL.

6. Privacy Comparison: CreepyLink vs. Typical URL Shorteners

See how our architecture prioritizes privacy compared to traditional web analytics and tracking links:

FeatureTypical Shortener (e.g., Bitly)CreepyLink
Visitor IP LoggingLogged for geolocation & click tracking❌ Never Logged
Persistent CookiesPlaced for visitor profiling & ads❌ Zero Cookies
Browser FingerprintingUsed to generate persistent user IDs❌ None
Server Access LogsStored indefinitely on servers❌ Access Logging Disabled

7. Data Retention & Expiry

Since we collect no user accounts, links are mapped anonymously. Links generated on CreepyLink automatically expire and are physically deleted from our database after 30 days of inactivity. Once deleted, the short path becomes available for regeneration and all original mapping is permanently lost.

8. Security & Abuse Prevention

Because we do not track or log visitor IPs, we cannot trace who clicked a specific link. To protect public safety and prevent phishing abuse, we automatically scan target destination URLs against known malicious directories. If a target destination is reported as unsafe or abusive, we will immediately disable the redirect path without exceptions.

9. Your Rights

You can remove any link you created by submitting a deletion request or contacting support. Since we do not associate links with personal names or IP addresses, deletion requests must contain the exact generated short link URL path to be executed.

10. Changes to This Policy

We may update this policy to reflect modifications in our redirection infrastructure. Significant modifications will be announced on our home page.

11. Contact Us

If you have questions about our data minimization practices, stateless redirection architecture, or security compliance, contact us at [email protected].

Learn More About CreepyLink

Create Creepy Link

How It Works

Terms of Service