runn.site URL SHORTENER

Privacy Policy

How we handle your data when you use the URL shortener.

← Back to home

Last updated: June 4, 2026

This Privacy Policy describes how runn.site (the "Service") collects, uses, retains, and shares information when you use the website or the Runn Android app. By using the Service you agree to the practices described here. If you do not agree, please do not use the Service.

1. Information we collect

We collect only what is necessary to operate the Service, prevent abuse, and (for premium subscribers) deliver the features you've paid for. Specifically:

a. When you shorten a URL

  • The original (long) URL you submit.
  • The generated short slug and the domain it was created under.
  • Your IP address, used for rate-limiting and abuse prevention.
  • Timestamps for creation and the most recent visit.
  • A per-install identifier (UUID), when you use the Runn Android app. Generated locally on the device the first time you open the app, stored only in the app's private storage, and sent with each request so that premium analytics can be scoped to "your" links without requiring a sign-in.

b. When someone visits a short link

  • The timestamp of the visit (used to update the link's "last used" date).
  • A click counter for the link.
  • Standard web-server access information (IP address, user agent, request path), retained for a limited period for operational and security purposes.

c. When you report a link

  • The short URL you're reporting and the reason.
  • Any details you choose to include.
  • Your email address, only if you choose to provide one for follow-up.
  • Your IP address at submission time.

d. When you subscribe to Runn Pro (Android app)

  • A purchase token issued by Google Play. We use this token to verify with Google that your subscription is active. We do not receive your name, email, payment method, or any other personal data from Google Play.
  • The subscription expiry date and auto-renewal status returned by Google.

e. Contact form submissions

Any name, email address, or message you submit through the contact form is delivered to us by email. It is not stored in our database beyond what is necessary to receive and respond to the message.

2. What we do not collect

  • We do not require you to create an account or sign in.
  • We do not use third-party analytics services (no Google Analytics, no Meta pixel, no behavioural tracking SDKs).
  • We do not serve advertising or share any data with advertisers.
  • We do not collect device identifiers like the Android Advertising ID, IMEI, MAC address, or any other persistent hardware identifier.
  • We do not access your contacts, photos, location, microphone, camera, or files. The app requests only the Internet permission.

3. How we use this information

  • To operate the Service — resolve short links to their destinations, keep link history, return your previously-shortened links for premium analytics.
  • To prevent abuse — rate-limit by IP address, block links reported as spam, phishing, malware, or other abuse.
  • To comply with legal obligations — respond to valid legal process from competent authorities.
  • To verify premium subscriptions — confirm your purchase token is valid by checking with the Google Play Developer API. The verification result is cached on our server for up to 6 hours so we don't have to ask Google on every request.

4. Retention

  • Short links and their associated metadata are retained for at least the duration of the link's active lifetime (currently 12 months from the most recent visit). Inactive links may be deleted after that period. We may retain data longer where required by law, for fraud prevention, or for the investigation of abuse.
  • Premium token verification results are retained until the subscription's expiry date plus a small grace period.
  • Server access logs are retained for a limited period (typically days to a few weeks).
  • Abuse reports are retained for as long as the reported link or its replacement remains under investigation.

5. Sharing

We do not sell, rent, or trade your data. We share information only in the following narrow cases:

  • Hosting provider — the Service runs on Hostinger; the database and server logs are stored on Hostinger infrastructure.
  • Google Play (premium only) — we send your subscription purchase token to Google's API to verify it. No additional data is sent.
  • Cloudflare Turnstile — the website's web forms use Cloudflare Turnstile for bot protection. When you complete a challenge, Cloudflare receives the standard set of information needed to score the request (IP, user agent, browser characteristics). See Cloudflare's privacy policy. Turnstile is not used by the Android app.
  • Law enforcement — when required by valid legal process (subpoena, court order, lawful request), or when we believe in good faith that disclosure is necessary to comply with the law, prevent imminent harm, or investigate violations of our Terms & Conditions.

6. Security

We protect data in transit with HTTPS / TLS for all web and API traffic. Server-side credentials and the Google Play service-account key are stored outside the public web root and accessed only by the application code. Despite these measures, no system is perfectly secure; you use the Service at your own risk.

7. Your rights

Depending on where you are located you may have legal rights regarding your personal data, including the right to access, correct, or request deletion of information about you. You can exercise these rights by contacting us through the contact form.

To request removal of a specific short URL you created, use the link deletion request form. To report a link being misused by someone else, please use the abuse reporting page instead.

8. Children

The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have collected such data, please contact us so we can delete it.

9. International transfer

The Service is operated from infrastructure that may process data in countries other than your own. By using the Service you consent to the transfer of your information to those locations.

10. Data stored on your device

The Runn Android app stores the following on your device only, never transmitted unless explicitly noted:

  • Your local short-link history (stored in the app's private database).
  • Your install UUID (sent with each request to scope premium analytics).
  • Your theme preference and other in-app settings.
  • Your premium subscription state, including the cached entitlement verdict and the Google Play purchase token (sent only to our server for verification).

No account, no restore. Because we don't require a sign-in, this on-device data cannot be backed up to or restored from any Runn account. Uninstalling the app, clearing its data, or moving to a new device permanently loses your local history and detaches you from any premium analytics tied to this install — a new install gets a new install UUID and starts with an empty view. The short links themselves stay active on runn.site and continue to work for anyone who has them; only your in-app view of them is lost. Copy any link you want to keep before clearing data or uninstalling.

11. Changes to this Policy

We may update this Privacy Policy at any time, in our sole discretion, without prior notice. The "Last updated" date at the top of this page indicates when the most recent revision was made. Continued use of the Service after a change constitutes acceptance of the updated Policy.

12. Contact

Questions about this Privacy Policy may be directed to us through our contact form.