Privacy Policy
Last updated: 17 May 2026
This policy explains which personal data MA URL processes, for which purposes, on which legal bases, and what rights you have. The German version is authoritative for this Germany-based service.
Controller
Max Andreas
Sachsen
Deutschland
Scope and data categories
Depending on use, the platform processes account data, contact data, authentication and security data, short-link data, link statistics, technical request data, device/browser data, uploaded feedback files and support communication.
Purposes and legal bases
- Providing accounts, short links, bio pages, tool pages and APIs: Art. 6(1)(b) GDPR.
- Security logging, rate limiting, fraud prevention, CSRF protection and abuse handling: Art. 6(1)(f) GDPR.
- Transactional emails, account verification, password reset and security notices: Art. 6(1)(b) and Art. 6(1)(f) GDPR.
- Optional analytics and non-essential storage: consent under Art. 6(1)(a) GDPR and § 25 TDDDG.
Cookies and local storage
Necessary cookies and local storage are used for sessions, login state, CSRF protection, language, theme, tool history and security settings. Optional analytics storage is only activated after consent in the privacy banner.
Short links and analytics
When a short link is opened, technical access data may be processed for delivery, statistics, fraud prevention and security checks. This can include timestamp, short code, target URL, referrer, browser/device signals, IP address and approximate IP-derived location.
Technical tools
Local browser tools keep input on your device unless a server-side lookup is explicitly required. Server-side tools validate input, block local/private network targets where relevant and apply rate limits.
External services and APIs
| Service | Purpose | Data | Legal basis | Optional |
|---|---|---|---|---|
| Hosting and server logs | Website delivery, error analysis, attack detection and abuse prevention. | IP address, time, URL, user agent, referrer, status code and technical log data. | Art. 6 Abs. 1 lit. f DSGVO | No |
| Cloudflare Turnstile | Bot and abuse protection for registration, sign-in and forms. | Technical browser, device and interaction data for challenge verification. | Art. 6 Abs. 1 lit. f DSGVO | No |
| Microsoft Clarity | Optional usage analytics to improve usability and stability. | Usage events, technical device information and pseudonymous analytics identifiers. | Art. 6 Abs. 1 lit. a DSGVO / § 25 TDDDG | Yes |
| ipdata / ipapi | Optional IP context data in the IP lookup. | Queried IP address and technical request metadata. | Art. 6 Abs. 1 lit. f DSGVO | Yes |
| Mapbox | Optional map display for IP geodata. | Map requests, IP address, browser data and map viewport. | Art. 6 Abs. 1 lit. a DSGVO, soweit nicht technisch erforderlich | Yes |
| Google Safe Browsing | Checking destination URLs for malware, phishing and social engineering. | URL to be checked and technical request metadata. | Art. 6 Abs. 1 lit. f DSGVO | Yes |
| macvendors.com | OUI vendor lookup in the MAC lookup tool. | Entered MAC address or OUI and technical request metadata. | Art. 6 Abs. 1 lit. f DSGVO | Yes |
| crt.sh | Certificate transparency data in the Domain OSINT tool. | Queried domain and technical request metadata. | Art. 6 Abs. 1 lit. f DSGVO | Yes |
Retention
Personal data is stored only as long as necessary for the relevant purpose or statutory duties. Account and short-link data can be deleted when the account/link is removed unless security, proof or legal retention reasons apply. Rate-limit and log data should be kept as short as operationally possible.
Your rights
You have the rights of access, rectification, erasure, restriction, portability and objection where the legal requirements are met. Consent can be withdrawn for the future at any time.
You may also complain to a competent data protection supervisory authority.
Security
The application uses HTTPS-oriented security headers, CSRF tokens, password hashing, HMAC-protected login cookies, rate limits and SSRF checks for outbound tools. No system can guarantee absolute security.