t.my
Get started

PRIVACY POLICY – t.my

Last updated: January 21, 2026

This Privacy Policy describes how t.my (“we”, “us”, “our”) collects, uses, stores, and protects information when you use our website, services, applications, and links (collectively, the “Service”).

If you do not agree with this Privacy Policy, please do not use t.my. We are a neutral link-shortening/redirect tool; we do not host destination content, and visiting third-party sites is at your own risk.

1. WHAT INFORMATION DO WE COLLECT?

Information you provide to us

You may voluntarily provide information when you:

  • Create an account
  • Contact support
  • Subscribe to updates or paid plans
  • Create or manage short links
  • Submit link destinations or metadata

This may include:

  • Name or alias
  • Email address
  • Authentication handled by Supabase Auth (no plaintext passwords; salted/hashed credentials or identity tokens managed by the auth provider)
  • Preferences and settings
  • Payment-related metadata (if applicable – processed via third-party provider)
  • Content you submit in support requests

If you sign up with email and password, Supabase stores only salted/hashed credentials. We do not store your plaintext password. If you use Google OAuth, identity tokens are used only to authenticate your session; we do not receive your Google password.

If you choose “Sign in with Google,” we receive:

  • Name
  • Email
  • Profile photo URL (if provided)
  • Google account unique identifier (subject ID)

We do not receive your Google password. Identity tokens from Google are used only to authenticate your session via Supabase Auth.

We do NOT intentionally collect sensitive personal information such as ethnic origin, health data, or religious beliefs.

Payment Data

If payment is required, processing is handled by a secure third-party processor (e.g., Stripe, Paddle, or similar). We do not store your card details.

Automatically collected data

When you use t.my links or visit the site, we may collect technical information such as:

  • IP address (hashed/anonymized or truncated where possible)
  • Browser type
  • Operating system
  • Referrer URL
  • Device type (mobile/desktop)
  • Country or region (approximate)
  • Date and time of access
  • Link ID accessed
  • Abuse or bot indicators (e.g., user agent patterns, request velocity)

This data is used for analytics, security, and platform functionality. Link analytics are generally tied to link IDs and may be associated with the account that owns the link. Geo data remains approximate. IPs may be stored in hashed or truncated form for uniqueness, fraud prevention, and abuse mitigation. Analytics may be incomplete due to privacy protections, ad blockers, network filtering, or security controls.

2. HOW DO WE USE YOUR INFORMATION?

We use your information to:

  • Provide and maintain our Service
  • Generate link analytics
  • Prevent fraud, abuse, and automated attacks
  • Improve functionality and performance
  • Notify you of important changes
  • Support technical requests
  • Ensure legal compliance and enforce our Terms
  • Run optional features (e.g. AI, Link Lottery, Conditional Redirects)

We do not sell your personal data or share it for cross-context behavioral advertising.

3. LEGAL BASIS FOR PROCESSING

Depending on your location, we process data under one or more of the following legal bases:

  • ✅ Your consent
  • ✅ Performing a contract (providing the Service)
  • ✅ Our legitimate business interest
  • ✅ Legal obligations
  • ✅ Protection of users and systems

This covers GDPR, UK GDPR, Australian Privacy Act 1988, and US state privacy laws.

4. WHEN DO WE SHARE INFORMATION?

We may share limited data with trusted service providers only when necessary to operate t.my, including:

  • Hosting & Infrastructure: Cloudflare, Supabase
  • Analytics: Internal systems, PostHog, optional Google Analytics
  • AI Processing: Cloudflare AI, custom models
  • Payments: Stripe, Paddle (if used)
  • Security: Anti-bot / abuse tools
  • Authentication: Supabase Auth and Google (only when you choose Google sign-in)

All providers are required to follow strict data protection standards. We may also share data to comply with law, lawful requests, enforce our Terms, or protect rights, safety, or security.

When you choose “Sign in with Google,” Google receives the OAuth redirect and authentication metadata necessary to complete the login. Google’s processing is governed by their own privacy terms.

We do not sell personal data.

5. COOKIES & TRACKING TECHNOLOGIES

t.my may use:

  • Cookies
  • Web beacons / pixels
  • Local storage

These may be used for:

  • Preferences
  • Security
  • Analytics
  • Fraud detection

You can disable cookies in your browser. Some features may stop working properly. See our Cookie Policy for more detail.

Authentication may set essential cookies or local storage (e.g., session tokens) to keep you signed in; these are necessary for the Service.

We currently do not respond to Do-Not-Track (DNT) signals, as there is no standard enforcement mechanism worldwide.

6. ANALYTICS ACCURACY

Analytics and metrics are approximate. Data may be limited or incomplete due to privacy protections, ad blockers, browser or network settings, or security controls. We may sample or aggregate data to reduce risk.

7. AI & AUTOMATED FEATURES

Some t.my features use AI or automated decision systems (for example: transformation, prediction, link safety scanning, or creative functions). These systems may process text or metadata. They do not make legal decisions, and you should not rely on them for legal, financial, or medical advice.

We do not share personal identities with AI services.

8. SOCIAL LOGINS (IF ENABLED)

If you choose to log in using Google / GitHub / etc, we receive:

  • Name
  • Email
  • Avatar or profile photo URL (if available)
  • Provider identifier (e.g., Google subject ID)

Access tokens are used only to authenticate your session and are not used to access other Google data beyond basic profile sign-in. We do not receive your social login passwords. Provider policies govern their processing.

9. DATA STORAGE AND INTERNATIONAL TRANSFERS

t.my uses global infrastructure. Your data may be processed in:

  • Australia
  • European Union
  • United States
  • Other data center locations

We use internationally approved safeguards such as Standard Contractual Clauses (SCCs) when required. Sub-processors (e.g., Cloudflare, Supabase, PostHog, Google Analytics, Stripe/Paddle) may process data in multiple regions consistent with their policies.

10. DATA RETENTION AND DELETION

We retain data only as long as necessary:

  • Account data: While active
  • Analytics data: Aggregated or anonymized
  • Support records: Up to 24 months
  • Legal/Compliance: As required

Once no longer required, data is deleted or anonymized.

Account deletion: you can request deletion at support@t.my. We will remove your account and authentication records via Supabase Auth. Some minimal logs or records may be retained for fraud prevention, security, or legal compliance even after deletion.

11. SECURITY MEASURES

We protect your data using:

  • Encryption
  • Role-based access
  • Secure APIs
  • Tokenization
  • Firewall and bot mitigation
  • Access logging
  • KV isolation

However, no system is 100% secure. You use the Service at your own risk.

12. CHILDREN'S PRIVACY

t.my is not intended for users under 13. If you believe a child has provided information, contact us and we will remove it.

13. YOUR PRIVACY RIGHTS

Depending on your location, you may have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Request export
  • Restrict processing
  • Opt out of marketing
  • Withdraw consent

You can request this by contacting: support@t.my

14. UNITED STATES PRIVACY RIGHTS

If you live in a U.S. state with privacy laws (e.g. California, Virginia, Colorado, etc.) you may also have rights to:

  • Know what data is held
  • Know how it’s used
  • Opt-out of targeted advertising
  • Request deletion or correction

We honor verified requests.

15. AUSTRALIA & NEW ZEALAND

We comply with:

  • ✅ Australia Privacy Act 1988
  • ✅ Australian Privacy Principles (APPs)
  • ✅ New Zealand Privacy Act 2020

You may request access or correction at any time.

If unsatisfied, you may contact the OAIC (Australia) or NZ Privacy Commissioner.

16. UPDATES TO THIS POLICY

We may update this policy from time to time. Latest version will always be posted at: https://t.my/privacy

17. CONTACT INFORMATION

For privacy matters, contact:

t.my

📧 support@t.my

🌍 https://t.my

📍 New South Wales, Australia