Privacy policy
Last updated: 4 July 2026
How personal data is collected, used, stored, disclosed, and protected when you visit or use its.gd.
This Privacy Policy explains how personal data is collected, used, stored, disclosed, and protected when you visit or use its.gd.
its.gd is a short-link service operated by DOMU.STUDIO. The service allows users to create, manage, and share shortened URLs. We check destination URLs before activation, provide account and dashboard features, process payments for paid plans, send service-related emails, provide link analytics where applicable, and help users and visitors report suspicious or abusive links.
We take privacy seriously. We aim to collect only the data that is necessary to operate, secure, improve, bill, and protect the service.
1. Controller
The controller responsible for processing personal data through its.gd is:
Dominic Müller
DOMU.STUDIO
Sole proprietor
Mainzer Straße 19
50678 Cologne
Germany
Email: contact@domu.studio
VAT ID: DE245024829
its.gd is a product operated by DOMU.STUDIO.
2. Operating platform
its.gd is operated using Lovable.dev as the technical operating platform.
Lovable.dev provides and supports core technical functionality for the website and application, including platform operation, hosting/deployment-related functionality, connected integrations, consent and cookie implementation, account or dashboard features where configured, cancellation or withdrawal flows where configured, and other technical tools necessary to operate its.gd.
Although Lovable.dev provides important technical infrastructure and implementation support, DOMU.STUDIO remains responsible for the purposes and means of processing personal data in connection with its.gd, unless another provider acts as an independent controller for its own services.
More information about Lovable.dev is available here:
Privacy Policy: https://lovable.dev/privacy
Data Processing Agreement: https://lovable.dev/data-processing-agreement
Security information: https://lovable.dev/security
3. Scope of this Privacy Policy
This Privacy Policy applies to:
- visitors of the its.gd website
- users who create short links
- users who create an account or use the dashboard
- users who purchase or manage paid plans
- visitors who click or preview its.gd short links
- people who report suspicious or abusive links
- people who contact us by email or other support channels
This Privacy Policy does not apply to destination websites that are reached through short links. Destination websites are operated by third parties and have their own privacy practices.
4. What is personal data?
Personal data means any information relating to an identified or identifiable person. This can include names, email addresses, IP addresses, account identifiers, billing information, device information, usage data, online identifiers, and information contained in URLs if that information relates to a person.
5. Key privacy principles
We process personal data according to the following principles:
- lawfulness, fairness, and transparency
- purpose limitation
- data minimization
- accuracy
- storage limitation
- integrity and confidentiality
- accountability
We do not sell personal data.
We do not intentionally use short-link redirects to load tracking pixels or surprise advertising interstitials. Redirects are designed to be clean, fast, and safety-focused.
6. Data we process when you visit its.gd
When you visit the website, we may process technical access data, including:
- IP address
- date and time of access
- requested URL
- referrer URL
- browser type and version
- operating system
- device type
- language settings
- approximate location derived from IP address
- server logs
- security events
- cookie and consent preferences
We process this data to:
- deliver the website
- maintain security
- prevent abuse
- detect technical errors
- protect the service from attacks
- comply with legal obligations
- understand general service usage where analytics consent has been given
Legal bases may include Article 6(1)(b) GDPR where processing is necessary to provide the service, Article 6(1)(f) GDPR for security and legitimate operational interests, Article 6(1)(c) GDPR for legal obligations, and Article 6(1)(a) GDPR where consent is required.
7. Data we process when you create a short link
When you create a short link, we may process:
- destination URL submitted by you
- generated or selected short slug
- link creation date and time
- link status, such as active, suspicious, blocked, inactive, or deleted
- scan status and safety-check results
- redirect-chain information
- final landing domain
- account ID, if you are logged in
- IP address and technical request data
- abuse-prevention and rate-limit data
- metadata necessary to operate and secure the link
We process this data to:
- create and activate short links
- check destination URLs before activation
- prevent phishing, malware, scams, open redirects, cloaking, and other abuse
- lock destinations after activation
- operate preview and report features
- enforce our Terms of Service
- protect visitors and third parties
- maintain service integrity
Legal bases may include Article 6(1)(b) GDPR for providing the requested short-link service, Article 6(1)(f) GDPR for abuse prevention, service security, fraud prevention, and trust-and-safety operations, and Article 6(1)(c) GDPR where legal obligations apply.
8. Destination URL safety checks
Before a short link is activated, its.gd may run safety checks on the submitted destination URL.
These checks may include:
- structural and heuristic URL checks
- scheme validation
- detection of embedded credentials
- detection of raw IP addresses, localhost, or private hosts
- detection of dangerous file extensions
- detection of suspicious double extensions
- detection of brand-impersonation patterns
- detection of homograph, punycode, mixed-script, or emoji-domain risks
- detection of abuse-heavy TLDs
- detection of chained shorteners
- detection of open redirects
- detection of opaque encoded parameters
- DNS resolution checks
- redirect-chain checks
- Google Safe Browsing lookups
- URLhaus lookups
- checks against internal abuse reports
Depending on the check, the destination URL, destination domain, redirect-chain information, or related technical metadata may be processed by our systems or by third-party security providers.
We use these checks to reduce risk. They do not guarantee that a destination is permanently safe, lawful, accurate, available, or free from risk.
9. Data we process when someone clicks a short link
When a visitor clicks an its.gd short link, we may process:
- requested short link
- date and time of click
- IP address
- browser and device information
- approximate country or region
- referrer information, if provided by the browser
- operating system
- security and abuse signals
- redirect outcome
- warning or blocked-page events
- preview-page events, where applicable
We process this data to:
- redirect visitors
- show warning or blocked pages where necessary
- detect and prevent abuse
- maintain security
- provide aggregated analytics to paid users where applicable
- diagnose technical issues
- comply with legal obligations
Where analytics are provided to link owners, they are intended to be aggregated or statistical. Link owners must not use its.gd analytics to identify individual visitors unless they have an independent legal basis and comply with applicable law.
Legal bases may include Article 6(1)(b) GDPR for providing the redirect service, Article 6(1)(f) GDPR for security, abuse prevention, analytics, and service operation, and Article 6(1)(c) GDPR where legal obligations apply.
10. Link previews
Visitors may be able to preview a destination before visiting it, for example by appending "+" to an its.gd link.
When a preview page is used, we may process:
- requested short link
- destination domain
- last scan status
- safety status
- technical request data
- IP address
- browser and device information
- report interactions, if a report is submitted
We process this data to provide transparency, reduce risk, and allow visitors to report unsafe or suspicious links.
11. Abuse reports
If you report an unsafe, suspicious, unlawful, or abusive link, we may process:
- reported short link
- selected report reason
- additional details you provide
- your email address, if you provide it
- date and time of report
- IP address and technical metadata
- review status
- internal moderation notes
- actions taken, such as warning, blocking, disabling, or no action
We process reports to review potential abuse, protect visitors, comply with legal obligations, enforce our Terms of Service, and maintain the integrity of the service.
Legal bases may include Article 6(1)(f) GDPR for abuse prevention, security, and legal defense, Article 6(1)(c) GDPR where legal obligations apply, and Article 6(1)(a) GDPR where you voluntarily provide optional information such as your email address for follow-up.
12. Account data
If you create an account, we may process:
- name or display name, if provided
- email address
- login credentials or authentication identifiers
- account ID
- account settings
- dashboard activity
- links associated with your account
- subscription status
- billing-related identifiers
- communication preferences
- security logs
- support history
We process account data to:
- create and manage your account
- authenticate you
- provide dashboard features
- manage links and subscriptions
- send service emails
- prevent account abuse
- enforce our Terms of Service
- comply with legal obligations
Legal bases may include Article 6(1)(b) GDPR for account and contract performance, Article 6(1)(f) GDPR for security and abuse prevention, and Article 6(1)(c) GDPR for legal obligations.
13. Paid plans and payments
If you purchase a paid plan, payment and billing data are processed by Stripe.
We may process or receive:
- customer identifier
- subscription status
- plan type
- paid link or slug information
- billing email
- billing address, where required
- VAT or tax information, where required
- payment status
- invoice information
- transaction identifiers
- refund, chargeback, or cancellation status
Stripe may process additional payment data, including card or payment-method details. We generally do not receive full card numbers.
We process payment-related data to:
- create and manage subscriptions
- process payments
- issue invoices
- manage cancellations
- handle refunds, disputes, and chargebacks
- comply with tax, accounting, and legal obligations
- prevent fraud
Legal bases may include Article 6(1)(b) GDPR for payment and contract performance, Article 6(1)(c) GDPR for tax and accounting obligations, and Article 6(1)(f) GDPR for fraud prevention and legal defense.
More information about Stripe is available here:
Privacy Policy: https://stripe.com/privacy
Privacy Center: https://stripe.com/legal/privacy-center
Data Processing Agreement: https://stripe.com/legal/dpa
Data Privacy Framework Policy: https://stripe.com/legal/data-privacy-framework
14. Emails and notifications
We may send service-related emails, including:
- account emails
- login or authentication emails
- payment and subscription emails
- link-management emails
- analytics emails, depending on your plan
- security notifications
- abuse-report follow-up emails
- legal or policy notices
- support replies
We use Lovable Email, the built-in email service provided by Lovable.dev, to send transactional and service-related emails. Lovable Email uses Mailgun as its underlying email delivery provider.
When we send emails, we may process:
- email address
- recipient name, if provided
- email subject and content
- delivery status
- bounce information
- technical email metadata
- opening or interaction data, where enabled and legally permitted
We process this data to deliver transactional and service-related communications, manage subscriptions, provide support, and secure the service.
Legal bases may include Article 6(1)(b) GDPR for service communications, Article 6(1)(f) GDPR for operational communications and security, Article 6(1)(c) GDPR for legal notices, and Article 6(1)(a) GDPR where consent is required.
More information about Lovable.dev and Mailgun is available here:
Lovable Privacy Policy: https://lovable.dev/privacy
Lovable Data Processing Agreement: https://lovable.dev/data-processing-agreement
Mailgun Privacy Policy: https://www.mailgun.com/legal/privacy-policy/
Mailgun DPA: https://www.mailgun.com/legal/dpa/
15. Support and contact
If you contact us, we may process:
- name
- email address
- message content
- attachments or screenshots you provide
- related account or link information
- communication history
- technical metadata
We process this data to respond to your request, provide support, investigate issues, and protect our legal interests.
Legal bases may include Article 6(1)(b) GDPR if your request relates to a contract or account, Article 6(1)(f) GDPR for support and legal defense, and Article 6(1)(c) GDPR where legal obligations apply.
16. Google Analytics
We may use Google Analytics to understand how visitors use the its.gd website and to improve the service.
Google Analytics may process:
- online identifiers
- cookie identifiers
- device information
- browser information
- approximate location
- page views
- events
- referrer information
- interaction data
- technical usage data
Google Analytics is used only where legally permitted and, where required, only after you have given consent through the cookie or consent system implemented on the website.
You can refuse or withdraw consent at any time through the available consent settings.
We aim to configure Google Analytics in a privacy-conscious way, including appropriate retention settings, IP-related privacy settings, and restricted data sharing where available.
Google Analytics is not intended to be used on short-link redirect pages unless clearly disclosed and legally permitted. Short-link redirects are intended to remain clean and free from surprise tracking pixels.
Legal basis: Article 6(1)(a) GDPR, where consent is required. The storage of or access to information on your device may also require consent under applicable ePrivacy rules.
Google may process data in the United States or other countries. Data transfers are handled according to the mechanisms provided by Google, such as data-processing terms, transfer safeguards, and other available legal mechanisms.
More information about Google and Google Analytics is available here:
Google Privacy Policy: https://policies.google.com/privacy
Google Analytics Terms of Service: https://www.google.com/analytics/terms/default.html
Google Analytics Data Processing Terms: https://support.google.com/analytics/answer/3379636
How Google uses information from sites or apps: https://policies.google.com/technologies/partner-sites
17. Cookies and similar technologies
its.gd may use cookies, local storage, or similar technologies.
The technical implementation of cookie and consent functionality may be provided or configured through Lovable.dev and connected services.
Cookies and similar technologies may include the following categories:
Essential technologies
Essential technologies are necessary to operate the website and service. They may be used for:
- login sessions
- account security
- CSRF protection
- consent preferences
- checkout and payment flows
- abuse prevention
- rate limiting
- security
- service stability
Legal bases may include Article 6(1)(b) GDPR for service delivery and Article 6(1)(f) GDPR for security and operation. Consent is generally not required for technologies that are strictly necessary.
Analytics technologies
Analytics technologies help us understand usage and improve the service.
These are used only where legally permitted and, where required, only with your consent.
Legal basis: Article 6(1)(a) GDPR.
Payment-related technologies
Stripe may use cookies or similar technologies during checkout, fraud prevention, and payment processing. Some of these may be necessary to provide secure payment functionality.
The details are governed by Stripe's own privacy and cookie information where Stripe acts independently.
18. Hosting, infrastructure, and security providers
its.gd uses technical service providers to operate, secure, and deliver the website and application.
Cloudways / Frankfurt server
We use Cloudways-managed server infrastructure located in Frankfurt, Germany, to host or operate parts of the service.
Hosting infrastructure may process:
- website files
- application data
- databases
- server logs
- IP addresses
- request metadata
- account and link data
- security logs
- backups
More information about Cloudways is available here:
Terms overview: https://www.cloudways.com/en/terms.php
Privacy Policy: https://www.cloudways.com/en/privacy.php
Cookie Policy: https://www.cloudways.com/en/cookie-policy.php
Cloudflare
We use Cloudflare for DNS, security, performance, routing, and protection against abusive or malicious traffic.
Cloudflare may process:
- IP addresses
- DNS queries
- HTTP request data
- security logs
- device and browser data
- traffic metadata
- firewall events
- cache-related data
We use Cloudflare to operate the website, improve performance, prevent abuse, protect against attacks, and maintain secure access.
More information about Cloudflare is available here:
Privacy Policy: https://www.cloudflare.com/privacypolicy/
Customer Data Processing Addendum: https://www.cloudflare.com/cloudflare-customer-dpa/
Legal bases may include Article 6(1)(b) GDPR for providing the service and Article 6(1)(f) GDPR for security, reliability, performance, and abuse prevention.
19. Safety and threat-intelligence providers
We may use third-party safety and threat-intelligence services to check submitted destination URLs.
Google Safe Browsing
We may use Google Safe Browsing as part of our safety checks for submitted destination URLs.
Depending on implementation, destination URLs, domains, or related technical data may be checked against Google Safe Browsing systems.
More information is available here:
Google Safe Browsing: https://safebrowsing.google.com/
Google Safe Browsing Terms: https://developers.google.com/safe-browsing/terms
Google Safe Browsing Privacy Notice: https://www.google.com/intl/en_us/privacy/browsing.html
URLhaus / abuse.ch
We may use URLhaus by abuse.ch as part of malware-URL and threat-intelligence checks.
Depending on implementation, destination URLs, domains, or related technical data may be checked against URLhaus systems.
More information is available here:
URLhaus: https://urlhaus.abuse.ch/
URLhaus API information: https://urlhaus.abuse.ch/api/
20. Processors and service providers
We use selected third-party service providers to operate, secure, analyze, communicate, and monetize its.gd.
Depending on the context, these providers may act as processors, sub-processors, or independent controllers.
| Provider | Role | Purpose | Possible data processed | Possible location / transfers |
|---|---|---|---|---|
| Lovable.dev | Processor or platform provider, depending on configuration | Operating platform, app functionality, consent/cookie implementation, connected integrations | Technical data, project/application data, usage data, configuration data | International transfers possible depending on provider setup |
| Cloudways | Processor / hosting provider | Managed hosting and server infrastructure | Application data, databases, logs, IP addresses, backups | Frankfurt, Germany, with possible provider/support-related transfers |
| Cloudflare | Processor or independent controller depending on service and context | DNS, security, performance, routing, CDN, abuse protection | IP addresses, request data, DNS data, security events | International transfers possible |
| Lovable Email (Mailgun) | Processor / sub-processor | Transactional and service-related emails | Email addresses, email content, delivery metadata | International transfers possible |
| Google Analytics | Processor / Google role according to applicable terms | Website analytics after consent | Usage data, device data, online identifiers, cookies | International transfers possible |
| Google Safe Browsing | Security provider / independent controller or processor depending on implementation | URL safety checks | Destination URL/domain and related technical data | International transfers possible |
| URLhaus / abuse.ch | Threat-intelligence provider | Malware URL checks | Destination URL/domain and related technical data | International transfers possible |
| Stripe | Independent controller and/or processor depending on context | Payments, subscriptions, billing, invoices, fraud prevention | Billing data, payment data, transaction data, customer identifiers | International transfers possible |
We may update this list if our providers change.
Where required, we enter into data-processing agreements with processors. Where data is transferred outside the European Economic Area, we rely on appropriate safeguards such as adequacy decisions, the EU-U.S. Data Privacy Framework where applicable, Standard Contractual Clauses, transfer impact assessments, additional safeguards, or another valid transfer mechanism.
21. International data transfers
Some providers may process personal data outside Germany, the European Union, or the European Economic Area.
International transfers may occur in particular when using providers such as Lovable.dev, Cloudflare, Mailgun (via Lovable Email), Google Analytics, Google Safe Browsing, URLhaus, Stripe, or their sub-processors.
Where personal data is transferred to countries that do not provide an adequate level of data protection, we use appropriate safeguards where required, such as:
- Standard Contractual Clauses
- adequacy decisions
- EU-U.S. Data Privacy Framework participation where applicable
- supplementary technical and organizational safeguards
- data-processing agreements
- encryption and access controls where appropriate
Despite these safeguards, international transfers may carry additional privacy risks, especially where foreign authorities may access data under local laws.
22. Legal bases under GDPR
We process personal data only where we have a legal basis.
The main legal bases are:
Article 6(1)(a) GDPR — consent
Used for optional analytics, non-essential cookies, marketing-like communications where applicable, and other processing based on your permission.
You may withdraw consent at any time with effect for the future.
Article 6(1)(b) GDPR — contract
Used where processing is necessary to provide the service, create links, manage accounts, operate subscriptions, process payments, provide dashboard features, and respond to contract-related requests.
Article 6(1)(c) GDPR — legal obligation
Used where processing is necessary to comply with tax, accounting, consumer protection, legal notice, law-enforcement, regulatory, or other legal obligations.
Article 6(1)(f) GDPR — legitimate interests
Used for security, abuse prevention, fraud prevention, service reliability, debugging, moderation, trust and safety, legal defense, internal administration, and improvement of the service.
Where we rely on legitimate interests, we balance our interests against your rights and freedoms.
23. Legitimate interests
Our legitimate interests may include:
- operating and securing the service
- preventing phishing, malware, scams, fraud, and abuse
- protecting visitors and third parties
- enforcing the Terms of Service
- detecting technical errors
- maintaining service reliability
- preventing account misuse
- protecting payment and billing processes
- handling abuse reports
- defending legal claims
- improving the service in a privacy-conscious way
24. Data retention
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Unless a different period is required for legal, tax, accounting, security, or abuse-prevention reasons, we aim to use the following retention periods:
- Server logs: 14 days, unless needed longer for security, abuse investigation, or legal reasons
- Account data: for as long as the account exists, then deleted or anonymized after a reasonable period unless retention is required
- Active link data: for as long as the link remains active
- Deleted or expired link data: deleted or anonymized after 30 days, unless needed for abuse prevention, legal defense, billing, or security
- Safety-check data: for as long as needed to operate link status, abuse prevention, moderation, and security systems
- Abuse reports: for 24 months after closure, unless needed longer for recurring abuse, legal defense, or legal obligations
- Payment and invoice data: retained according to statutory tax and accounting retention periods
- Support communications: retained for as long as needed to handle the request and protect legal interests
- Analytics data: retained according to the configured Google Analytics retention settings and consent choices
If the service is shut down, sold, transferred, or reorganized, personal data may be retained, deleted, anonymized, or transferred as necessary for legal, tax, accounting, security, abuse-prevention, contractual, migration, or business-continuity purposes.
Free-link data may be deleted or anonymized when the service is discontinued, unless retention is necessary for legal, security, abuse-prevention, or documentation reasons.
Paid-account and billing data may be retained for the periods required by tax, accounting, contractual, and legal obligations.
We may anonymize or aggregate data so that it no longer identifies a person. Anonymized or aggregated data may be retained for longer.
25. Security measures
We use technical and organizational measures to protect personal data.
These may include:
- HTTPS encryption
- access controls
- account authentication
- provider-side infrastructure security
- restricted administrative access
- logging and monitoring
- backups
- firewall and abuse-prevention systems
- Cloudflare protection features
- secure payment processing through Stripe
- data minimization
- role-based access where applicable
- periodic review of security-relevant settings
No online service can guarantee absolute security. If you believe your account or data has been compromised, please contact us immediately.
26. Children
its.gd is not intended for children.
We do not knowingly collect personal data from children below the age at which they may legally use online services without parental consent under applicable law.
If you believe that a child has provided personal data to us, please contact us so we can review and take appropriate action.
27. Automated decision-making and safety automation
its.gd uses automated safety checks to detect suspicious, unsafe, or abusive URLs.
These checks may influence whether a link is activated, warned, blocked, or reviewed.
The purpose is to protect visitors, users, third parties, and the integrity of the service.
If you believe a link was incorrectly blocked or restricted, you may contact us for review at contact@domu.studio.
We do not use automated decision-making to make decisions that produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22 GDPR, unless otherwise stated or legally permitted.
28. Your GDPR rights
Subject to legal requirements and limitations, you may have the following rights:
- right of access
- right to rectification
- right to erasure
- right to restriction of processing
- right to data portability
- right to object to processing based on legitimate interests
- right to withdraw consent at any time
- right to lodge a complaint with a supervisory authority
To exercise your rights, contact us at contact@domu.studio.
We may need to verify your identity before fulfilling a request.
29. Right to object
You have the right to object, on grounds relating to your particular situation, to processing based on Article 6(1)(f) GDPR.
If you object, we will stop processing the relevant personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless the processing is necessary for legal claims.
You may object to direct marketing at any time. At present, its.gd is designed primarily around service-related communications rather than marketing emails.
30. Withdrawal of consent
Where processing is based on consent, you may withdraw consent at any time with effect for the future.
This may include consent for analytics cookies or optional tracking.
Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
31. Supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority.
You may contact the supervisory authority in your place of residence, workplace, or the place of the alleged infringement.
For North Rhine-Westphalia, Germany, the competent authority is generally:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Germany
Website: www.ldi.nrw.de
32. Third-party destination websites
Short links created through its.gd may lead to third-party websites.
We do not control third-party destination websites and are not responsible for their privacy practices, cookies, tracking, content, security, or legal compliance.
Before entering personal data on a destination website, you should review that website's privacy policy and terms.
33. Data you should not submit
You should not submit sensitive personal data through its.gd unless strictly necessary.
This includes, for example:
- health data
- biometric data
- genetic data
- political opinions
- religious or philosophical beliefs
- trade-union membership
- sexual orientation
- criminal-offense data
- government identifiers
- payment-card data outside the Stripe checkout flow
- passwords
- authentication tokens
- private document links that are not intended to be shared
If you include personal data in destination URLs, query parameters, slugs, reports, or support messages, that data may be processed by its.gd and relevant service providers. You are responsible for ensuring that you have a lawful basis for submitting such data.
34. Public nature of short links
Short links may be shared publicly by users.
If a short link, slug, or destination URL contains personal data, that data may become visible to anyone who receives or accesses the link, uses a preview page, sees analytics, or reviews abuse reports.
Do not include personal data in slugs or destination URLs unless you have a lawful basis and understand the risks.
35. Business transfers
If its.gd, DOMU.STUDIO, or relevant assets are sold, transferred, assigned, merged, reorganized, or otherwise transferred to another business or legal successor, personal data and service-related data may be transferred as part of that transaction where legally permitted.
This may include, depending on the context:
- user accounts
- email addresses
- subscription and billing identifiers
- short links
- slugs
- destination URLs
- link status
- safety-check results
- analytics data
- abuse reports
- support communications
- technical logs
- contractual records
- other data necessary to continue operating, securing, billing, or administering the service
The buyer or successor may continue to process the transferred data for the purposes described in this Privacy Policy, unless and until a new privacy policy applies.
Where required by law, we will inform affected users about the transfer. Users with accounts or paid subscriptions may be notified by email where we have a valid email address.
36. Service shutdown and user notifications
If its.gd is permanently shut down or materially discontinued, we may process account and contact data to notify affected users where possible.
Because free links may be created without an account or email address, we may not be able to notify free-link users individually before free links are deleted, disabled, or discontinued.
For Pro and Pro+ users, we may use the email address associated with the account or subscription to provide service-related notices, including planned shutdown notices, subscription notices, legal notices, or important operational updates.
The legal basis for these notifications may be Article 6(1)(b) GDPR where the notice relates to the contract, Article 6(1)(c) GDPR where legally required, and Article 6(1)(f) GDPR for our legitimate interest in transparent service administration and risk reduction.
37. Legal disclosures
We may disclose personal data if required or permitted by law, including to:
- courts
- law-enforcement authorities
- regulators
- tax authorities
- legal advisors
- payment providers
- hosting and infrastructure providers
- affected third parties where necessary to prevent abuse or harm
We may also preserve and disclose data where necessary to investigate abuse, enforce our Terms of Service, protect visitors, prevent fraud, defend legal claims, or comply with legal obligations.
38. Changes to this Privacy Policy
We may update this Privacy Policy from time to time.
The updated version will be posted on the website with a new "Last updated" date.
If changes are material, we may provide additional notice where legally required.
39. Contact
For privacy questions, requests, objections, withdrawals of consent, or data protection concerns, contact:
DOMU.STUDIO
Dominic Müller
Mainzer Straße 19
50678 Cologne
Germany
Email: contact@domu.studio
Placeholder document for the its.gd prototype. Replace with reviewed legal copy before production.