Clicro
Sign up

Legal

Privacy Policy

Effective: June 20, 2026 · Last updated: June 20, 2026

Clicro ("Clicro", "we", "us", "our") is a product of Prolixis OPC Private Limited, an Indian company. This Privacy Policy describes how we collect, use, store, share and protect information when you use clicro.link, our dashboard, our APIs, and any link shortened with Clicro. By using the service you agree to this policy.

1. Information we collect

1.1 Account information

When you sign up we collect your name, email, an encrypted password hash (we never store your plain-text password), optional profile photo, optional username, and the country you choose.

1.2 Content you create

The short links, destination URLs, bio-page content, campaign names, sponsor reports and team invites you create are stored so we can render and serve them. You own this content.

1.3 Click events on your links

When a visitor opens a Clicro short link we log: timestamp, country / state / city derived from request headers (no GPS), device class (mobile / tablet / desktop), browser family, OS family, and HTTP referrer. We compute a one-way salted SHA-256 hash of the visitor's IP for de-duplication and abuse detection — we do not store the raw IP address.

1.4 Billing

Payments are processed by Razorpay (India) and our partner gateways for international payments. We receive a payment ID, plan, amount and status — we never see or store card numbers, UPI IDs or bank credentials.

1.5 Cookies and similar technologies

We use a small number of strictly necessary cookies (auth session, CSRF) and one analytics cookie on marketing pages only. No third-party advertising or cross-site tracking cookies are set.

2. What we never collect

  • We never track click events across other websites.
  • We never sell, rent or licence your personal data.
  • We never share individual visitor data with sponsors — sponsor reports are aggregated.
  • We never train AI models on your private link data.

3. How we use information

  • To operate the service: shorten URLs, render bio pages, deliver analytics dashboards.
  • To detect and prevent abuse, fraud, phishing and malware.
  • To send transactional email (sign-in alerts, receipts, plan changes) from notify.clicro.link.
  • To improve product quality through aggregate, de-identified usage metrics.
  • To comply with applicable law and lawful requests from authorities.

4. Legal bases (GDPR / DPDP)

We rely on (a) the contract with you to deliver the service, (b) our legitimate interest in preventing abuse and improving the product, (c) your consent for marketing emails (which you can withdraw at any time), and (d) compliance with legal obligations including India's Digital Personal Data Protection Act, 2023 ("DPDP Act").

5. Data retention

  • Click events: retained for the lifetime of your account on paid plans, or 24 months on the Free plan.
  • Account data: deleted within 30 days of account deletion.
  • Billing records: retained for 8 years as required by Indian tax law.
  • Backups: rolling 35-day window, encrypted at rest, then permanently erased.

6. Sharing with sub-processors

We share the minimum data necessary with a small set of vetted sub-processors:

  • Lovable Cloud / Supabase — application database and authentication (EU + India regions).
  • Cloudflare — edge network and DDoS protection.
  • Razorpay — payments (India).
  • Resend / Postmark — transactional email.

All sub-processors are bound by a Data Processing Agreement.

7. International transfers

Primary data residency is India and the EU. When data is transferred outside, we rely on Standard Contractual Clauses and equivalent safeguards under the DPDP Act.

8. Security

TLS 1.3 everywhere, AES-256 at rest, row-level security on every table, salted hashes for visitor IPs, MFA for our team, scoped database roles, and quarterly access reviews. No system is perfectly secure — please report any vulnerability to the email below.

9. Your rights

You can access, export, correct or delete your data anytime from Settings → Account, or by writing to us. We respond within 30 days. Indian users have the right to nominate a representative under Section 14 of the DPDP Act.

10. Children

Clicro is not directed at children under 18. We do not knowingly collect their data.

11. Changes to this policy

We will post any material change here and notify active users by email at least 14 days before it takes effect.

12. Contact

Prolixis OPC Private Limited
For all privacy questions, data requests and DPDP grievances: clicroofficial@gmail.com