MSK LogoMSK Shortener
Back

Privacy Policy

As of May 2026

We take the protection of your personal data very seriously. This privacy policy informs you about the nature, scope and purpose of processing personal data when using MSK Shortener.

1. Data Controller

The controller responsible for data processing on this website is:

Moritz Kohm c/o Impressumservice Dein-Impressum

Stettiner Str. 41 35410 Hungen Germany

Email: info@msk-scripts.de

2. What data we process

MSK Shortener is designed to be deliberately data-minimal. We only process the following data:

a) Submitted URLs and short codes

When you shorten a link, we store the submitted target URL, the generated or self-chosen short code, an optional password (as a bcrypt hash) and an optional expiry date. This data is necessary to provide the URL shortener service.

b) IP addresses (anonymized)

When creating a link and on every click on a short link, your IP address is stored exclusively as a salted SHA-256 hash. The original IP address is never stored in plain text. This is used for abuse prevention (rate limiting) and the anonymous creation of click statistics.

c) Technical information

On every click on a short link, the browser type (e.g. Chrome), operating system (e.g. Windows) and device type (desktop/mobile/tablet) are stored. This information is derived from the User-Agent header and contains no personal data.

d) Referrer

If your browser transmits referrer information (the page from which you accessed the short link), we store only the domain and path – not the query parameters, as they could contain sensitive information.

3. Cookies

MSK Shortener uses exclusively a single technically necessary cookie to store your language selection:

NEXT_LOCALE

Purpose: Storing the selected language (German or English)

Duration: 1 year

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest)

No tracking cookies, analytics cookies or advertising cookies are used.

4. Legal basis for processing

Processing of your data is based on Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interests – abuse prevention and provision of anonymous statistics).

5. Storage duration

  • Short links are stored until they are either deleted by the creator using the delete token or until the optional expiry date is reached.
  • Anonymized click data is stored indefinitely, as it has no personal reference.
  • Server logs (Apache access logs) are processed exclusively for the purposes of technical operation and security, and are deleted as soon as they are no longer required for these purposes.

6. Recipients of the data

Your data is not shared with third parties, with the following exception:

Hosting provider

This website is operated on servers of Netcup GmbH (Daimlerstraße 25, 76185 Karlsruhe, Germany). A data processing agreement pursuant to Art. 28 GDPR exists with Netcup.

7. Your rights

You have the following rights at any time:

  • Access to the data stored about you (Art. 15 GDPR)
  • Rectification of incorrect data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Complaint to a supervisory authority (Art. 77 GDPR)

To exercise your rights, please contact us using the contact details above.

8. Supervisory authority

The competent supervisory authority is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Lautenschlagerstraße 20 70173 Stuttgart, Germany

https://www.baden-wuerttemberg.datenschutz.de

9. Security

We use technical and organizational security measures to protect your data against manipulation, loss or unauthorized access. Transmission is encrypted via HTTPS (TLS). Passwords are hashed with bcrypt (cost factor 12). IP addresses are hashed with SHA-256 using a secret salt.

10. Changes to this privacy policy

We reserve the right to adapt this privacy policy to changes in legal requirements or service updates. The new privacy policy will apply on your next visit.

11. Data protection officer

The appointment of a data protection officer is not required by law in this case. For privacy-related inquiries, please contact the controller directly at info@msk-scripts.de.

12. No automated decision-making

Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place on this website.

13. Webfonts (locally hosted)

Webfonts (Inter, JetBrains Mono) are bundled into the application at build time via Next.js's built-in font system (next/font) and served exclusively from this application's own origin. No connection to third-party servers (in particular Google Fonts) takes place at runtime. No other external scripts or tracking services are loaded.

Privacy Policy | MSK Shortener