Privacy Policy

At Tonmly, privacy isn't just a policy — it's our foundation. We believe you should control your data, understand how it's used, and trust that we'll protect it. This Privacy Policy explains how we collect, use, protect, and share information when you use our URL shortening, email forwarding, profile pages, and related services.

Tonmly is operated by Tonmly Inc., a Canadian company committed to privacy-first digital services. We comply with applicable privacy laws including GDPR, CCPA, and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

Account Information

When you create an account, we collect:

• Email address (for account creation and communication)
• Username and password (encrypted and stored securely)
• Profile information you choose to add (name, bio, profile picture, links)
• Subscription and billing information (for premium features)

Service Usage Data

To provide and improve our services, we collect:

• Link Analytics: Click counts, referrer information, geographic data (country/region), device types, and timestamps for shortened URLs
• Email Forwarding: Metadata about forwarded emails (sender, recipient, timestamp, spam scores) — we do not read email content
• Profile Interactions: Views, QR code scans, and vCard downloads
• DNS Queries: For custom domain functionality

Technical Information

We automatically collect:

• IP addresses (for security, spam prevention, and geographic analytics)
• Browser type and version
• Operating system
• Device information (mobile, desktop, tablet)
• Cookies and similar tracking technologies (see Cookie Policy below)

Communications

When you contact us, we retain your correspondence including support tickets, feedback, and any information you voluntarily provide.

Service Provision

• Create and manage your account
• Provide URL shortening and redirect services
• Forward emails to your designated addresses
• Generate and display profile pages
• Create QR codes and vCards
• Provide analytics and reporting

Security and Fraud Prevention

• Detect and prevent spam, abuse, and malicious activity
• Protect against unauthorized access
• Maintain system security and integrity
• Comply with legal obligations

Service Improvement

• Analyze usage patterns to improve our services
• Develop new features and functionality
• Monitor system performance and reliability

Communication

• Send important service notifications
• Respond to support requests
• Share product updates (you can opt out)

We do not sell, rent, or trade your personal information. We may share information only in these limited circumstances:

With Your Consent

When you explicitly authorize us to share information with third parties.

Service Providers

We work with trusted service providers who help us operate our platform:

• Cloud hosting providers (for secure data storage)
• Payment processors (for subscription billing)
• Email delivery services (for system notifications)
• Analytics providers (for aggregate usage statistics)

These providers are contractually bound to protect your information and use it only for specified purposes.

Legal Requirements

We may disclose information when required by law, including:

• In response to valid legal process (subpoenas, court orders)
• To comply with applicable laws and regulations
• To protect our rights, property, or safety
• To prevent illegal activity or policy violations

Business Transfers

If Tonmly is acquired or merged, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

Aggregate Data

We may share aggregated, non-personally identifiable information for research, analytics, or marketing purposes.

We implement industry-standard security measures to protect your information:

Technical Safeguards

• Encryption: All data transmissions use TLS/SSL encryption
• Secure Storage: Sensitive data is encrypted at rest
• Access Controls: Limited employee access based on job requirements
• Regular Updates: Security patches and system updates
• Monitoring: 24/7 security monitoring and threat detection

Physical Security

Our servers are hosted in a secure underground facility in Finland with:

• Bedrock construction for natural protection
• Restricted physical access controls
• Environmental monitoring systems
• Redundant power and cooling systems

Data Breach Response

In the unlikely event of a data breach, we will:

• Investigate and contain the incident promptly
• Notify affected users within 72 hours when required
• Report to appropriate authorities as legally required
• Take steps to prevent future incidents

We retain information only as long as necessary to provide our services and comply with legal obligations:

• Account Data: Retained while your account is active and for 30 days after deletion
• Link Analytics: Aggregated data retained indefinitely; detailed logs for 24 months
• Email Metadata: Retained for 12 months for spam filtering and service improvement
• Support Communications: Retained for 2 years for quality assurance
• Security Logs: Retained for 12 months for security monitoring

You can request early deletion of your data by contacting us. Some information may be retained longer if required by law or for legitimate business purposes.

You have several rights regarding your personal information:

Access and Portability

• View and download your personal data
• Export your links, analytics, and profile information
• Request copies of data we hold about you

Correction and Updates

• Update your profile and account information
• Correct inaccurate personal data
• Request updates to outdated information

Deletion

• Delete your account and associated data
• Remove specific links or profile information
• Request erasure of personal data (subject to legal requirements)

Control and Consent

• Opt out of non-essential communications
• Withdraw consent for data processing (where applicable)
• Object to processing for legitimate interests

Exercising Your Rights

To exercise these rights, contact us at privacy@Tonmly or through your account settings. We will respond within 30 days and may require identity verification.

We use cookies and similar technologies to improve your experience:

Essential Cookies

Required for basic site functionality:

• Authentication and security
• Session management
• Form submissions and error handling

Analytics Cookies

Help us understand how you use our services:

• Page views and navigation patterns
• Feature usage and performance
• Error tracking and debugging

Preference Cookies

Remember your choices and settings:

• Language and display preferences
• Dashboard customizations
• Notification settings

Managing Cookies

You can control cookies through:

• Browser settings and preferences
• Our cookie consent manager
• Account privacy settings

Note: Disabling essential cookies may limit site functionality.

Tonmly is operated from Canada, and our servers are located in Finland. Your information may be transferred to, stored, and processed in countries other than your own.

We ensure appropriate safeguards for international transfers:

• Standard Contractual Clauses (SCCs) for EU transfers
• Adequacy decisions where available
• Strong technical and organizational measures
• Regular compliance reviews and audits

By using our services, you consent to these transfers under the protections described in this policy.

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If we discover we have collected information from a child under 13, we will:

• Delete the information immediately
• Terminate the associated account
• Notify parents or guardians if required

If you believe we have collected information from a child under 13, please contact us immediately at privacy@Tonmly.

We may update this Privacy Policy to reflect changes in our practices or applicable laws. When we make significant changes:

• We'll notify you via email or in-app notification
• We'll post the updated policy on our website
• We'll update the "Last Modified" date
• For material changes, we may seek your consent

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our privacy practices, please contact us:

EU Representative

For users in the European Union, you may also contact our EU representative at eu-privacy@Tonmly.

Data Protection Authorities

If you're not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority.