Tryst Link

Privacy

Privacy policy.

Last updated: 2026-05-04

This page describes what data Tryst Link collects, processes, and stores. It is written in plain language and covers everything an actual user would want to know.

Short version

The QR generator runs entirely in your browser — anything you type into it stays on your device. The URL shortener requires an account and stores the links you create plus aggregate click data. We do not sell data, we do not run third-party trackers, and we do not log the IP addresses or user agents of people who click your short links.

The QR generator (no data collected)

The QR generator is fully client-side. The text or URL you encode is never sent to a server, logged, or stored anywhere by us.

The URL shortener (account required)

To create short links you need an account. Here is what we store when you sign up and use the service.

Account data

  • Your email address. Used to send you sign-in links and important account notices. Not used for marketing.
  • Authentication metadata (last sign-in time, encrypted session tokens). Stored by our auth provider, Supabase.

Link data

  • The destination URLs you shorten and the short codes we assign.
  • Optional title and expiry date you set on each link.
  • Counts of how many times each link has been clicked.

Click data (privacy-respecting)

When someone clicks one of your short links, we record:

  • The country the click came from, derived from the visitor's IP address at the edge. The IP itself is never stored.
  • A coarse device class — "mobile," "tablet," "desktop," or "bot" — derived from the user-agent string. The full user-agent is never stored.
  • The referring website's hostname only, never the full referring URL. So we might log "twitter.com" but not the specific tweet.
  • The timestamp of the click.

We do not use cookies on the redirect path. We do not fingerprint devices. We do not build profiles of individual visitors.

What we don't collect

  • IP addresses of people who click your links.
  • Full user-agent strings.
  • Behavioral analytics (scroll depth, session recordings, heatmaps).
  • Cross-site identifiers, advertising IDs, or fingerprints.

Third parties we use

We use the following service providers to run the site:

  • Supabase — our database and authentication provider. Stores your account email, encrypted authentication tokens, and your link/click data. Subject to Supabase's own privacy policy.
  • Vercel (or whoever hosts this site at the time you read it) — serves the pages and runs the redirect handler. Standard server logs are kept for a short period to detect abuse and diagnose outages.
  • Google Fonts — delivers the typefaces. Google may log the IP of font requests. We plan to migrate to self-hosted fonts to remove this dependency.

Cookies

We set one functional cookie when you are signed in — the authentication session cookie issued by Supabase. It is first-party, HttpOnly, SameSite=Lax, and deleted when you sign out. We do not set any analytics or advertising cookies. See the Cookie Policy for the full list.

Data retention

  • Account data: retained as long as your account exists. Delete your account to remove it.
  • Links and clicks: retained as long as the link is active. Click data is aggregated; we keep individual click events for 90 days, then aggregate to daily totals.
  • Server logs: retained for 30 days for abuse detection.

Your rights

  • Access. Email us and we will send you a copy of all data we hold about you.
  • Deletion. Delete your account from the dashboard or email us. Account deletion removes your links, click data, and account record within 30 days.
  • Portability. We will export your link data as JSON on request.
  • Correction. Update your email or other account info anytime in the dashboard.

If you are in the EU/UK and want to file a GDPR complaint, you have the right to lodge it with your national data protection authority.

Children

The service is not directed at children under 13. We do not knowingly process data from anyone under 13. If you believe a child has signed up, contact us and we will delete the account.

Changes to this policy

If we change anything material, we will update this page and the "last updated" date above. Significant changes will be announced on the blog and emailed to active users.

Contact

For privacy questions, write to hello@trystlink.com.