Privacy

What zrl.kr processes, why it is needed, and the choices available to you.

Last updated: 2026-07-17

Scope

This notice applies to zrl.kr short-link, account, reporting, API, and administration functions. The operator of zrl.kr determines the purposes described here. A third-party destination reached through a short link has its own privacy practices, which we do not control.

Data we process

We process destination URLs, short codes, optional notes and expiry, link-password hashes, account email, account-password hashes, sessions, verification/reset records, API-key hashes, management receipts, abuse reports, and security, quota, and audit records. Plaintext account and link passwords are not stored. One-time credentials are shown only when issued and are stored as hashes where verification is required.

Why we process data

We process data to create and resolve links, provide account and API tools, enforce lifecycle choices and limits, authenticate users, prevent and investigate abuse, respond to reports, maintain security, comply with law, and establish or defend legal claims. Processing relies on providing the requested service, legitimate security and operational interests, consent where required, and legal obligations.

Network data and analytics

Anonymous creation limits use a rotating HMAC of a coarse network prefix instead of storing the raw address in the application database. Network and hosting infrastructure may handle connection metadata transiently for delivery and security. This service version does not provide or promise user-facing redirect analytics and does not use redirect traffic for advertising profiles.

Cookies and local storage

We use necessary cookies for locale, CSRF protection, authenticated sessions, and protected-link unlock state. A local-storage preference remembers light or dark theme. We do not use advertising cookies or third-party behavioral trackers in this service version.

Sharing and disclosures

We do not sell personal data. We may disclose the minimum necessary data to infrastructure, communications, and safety vendors acting for service operation; to professional advisers; during a lawful organizational transaction; or when required to protect users, enforce these rules, comply with law, or respond to valid legal process. Providers are permitted to use data only under their applicable agreements and legal duties.

International processing

Infrastructure or vendors may process data outside your country. Where required, we use legally recognized safeguards and disclose material cross-border processing through this notice or an updated provider disclosure.

Deletion and retention

Link deletion erases the destination, password hash, note, expiry, ownership association, management credentials, and linked API replay data while retaining the non-reusable code and lifecycle evidence. Other records are retained according to the Retention notice and may be preserved longer when reasonably necessary for security, disputes, or law.

Security

We use access controls, hashed credentials, encryption for administrator TOTP material, least-privilege database roles, and lifecycle controls. These measures reduce but do not eliminate security risk; the Disclaimer governs assumption of that risk and related liability.

Your choices and rights

Owners can disable or delete links and manage account data through available controls. Depending on applicable law, you may request access, correction, deletion, restriction, objection, portability, or withdrawal of consent. We may verify identity, refuse requests that would expose another person or undermine security, and retain data that law or legitimate legal claims require.

Children

zrl.kr is not directed to children under 14. Do not submit a child’s personal data without legally valid guardian authority. If we learn that data was collected without required authority, we may delete it and restrict the related account or link.

Changes

We will publish an updated date when this notice changes. Material changes will receive additional notice where required by law. Continued use after the effective date is subject to the updated notice, without limiting rights that cannot legally be waived.

Contact

Report a link