Effective date: 26.01.2026
Website: irpara.pt
Data Controller: Load Aspas Aspas, Lda. (“Load Aspas Aspas”, “we”, “us”, “our”)
Registered office: Rua de Ramos. 4405-247 Vila Nova de Gaia, Porto, Portugal.
Company number (NIPC): 518408396
Contact email: info@loadaspasaspas.pt

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use irpara.pt (the “Service”), a URL shortener and redirection platform.

1) What data we collect

Depending on how you use the Service, we may collect:

A. Data you provide

• Contact details you submit via forms (e.g., email, name, message content).

• Account data (if accounts exist): username, email, hashed password, and basic settings.

• Billing data (if paid plans exist): we typically receive billing status and transaction references, but not full card details (handled by the payment provider).

B. Data collected automatically (technical and usage data)
When you create links, access dashboards, or when someone clicks a shortened link, we may process:

• IP address

• Date and time of access/click

• User agent (browser and device information)

• Referrer/previous page (when provided by the browser)

• Approximate location derived from IP (city/region level, not precise GPS)

• Request metadata needed for security and troubleshooting

• Link identifier and destination domain (and sometimes the full destination URL, depending on how the Service is configured)

C. Cookies and similar technologies
We may use cookies or similar technologies to:

• keep the site working properly (session cookies),

• remember preferences,

• protect the Service (security cookies),

• measure performance (analytics cookies, if enabled).

You can control cookies through your browser settings. Some features may not work if cookies are disabled.

2) Why we use your data (purposes)

We use personal data to:

• provide redirection and link-shortening functionality,

• operate and maintain the Service (performance, debugging, customer support),

• secure the Service (fraud prevention, abuse detection, rate limiting, bot detection),

• generate analytics and aggregated statistics (e.g., number of clicks, approximate geography, device types),

• comply with legal obligations and respond to lawful requests,

• enforce our Terms of Use and protect users and the public.

3) Legal bases (GDPR)

Where the GDPR applies, our legal bases typically include:

• Performance of a contract: to provide the Service and requested features.

• Legitimate interests: to secure, improve, and operate the Service; prevent abuse and fraud; ensure network and information security.

• Consent: where required, for certain cookies/analytics or marketing communications.

• Legal obligation: when we must retain or disclose data to comply with law.

4) Link analytics and tracking

Shortened links may include basic analytics. This can mean that when someone clicks a shortened link, we may record technical data (like IP, user agent, timestamp) to:

• count clicks,

• detect suspicious traffic,

• provide aggregated insights to the link creator (if dashboards exist).

We do not sell “personal click profiles” and we aim to keep analytics proportionate to the Service’s purpose.

5) Sharing and disclosure of data

We may share personal data only when necessary, including with:

Service providers (processors)
Vendors who help us run the Service, such as:

• hosting and infrastructure providers,

• analytics providers (if enabled),

• email/support tools,

• security and anti-abuse services,

• payment processors (if paid plans exist).

They process data under instructions and appropriate contractual safeguards.

Legal and safety reasons
We may disclose data if required by law, court order, or if necessary to:

• investigate abuse or security incidents,

• protect users, the public, or our rights,

• enforce our Terms of Use.

Business transfers
If we are involved in a merger, acquisition, or asset sale, data may be transferred as part of that transaction, subject to appropriate protections.

6) International transfers

Your data may be processed in countries outside your own (for example, where our hosting providers operate). Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

7) Data retention

We retain personal data only as long as needed for the purposes described above.

Typical retention approach (you can adjust to match what you actually do):

• Security logs and abuse prevention data: retained for a limited period, typically [e.g., 30–180 days], unless needed longer for investigations.

• Link analytics: retained for [e.g., 12–24 months] in aggregated form, and shorter periods for raw logs where possible.

• Support requests: retained for as long as necessary to resolve and document the issue.

• Legal compliance: retained for the period required by law.

If you disable or delete a link (where that option exists), some associated technical logs may still be retained for security, fraud prevention, and legal compliance.

8) Security

We use reasonable technical and organisational measures designed to protect personal data, such as:

• access controls and least-privilege policies,

• encryption in transit (HTTPS),

• monitoring and rate limiting,

• backups and incident-response practices.

No system is 100% secure, so we cannot guarantee absolute security.

9) Your rights (GDPR/UK GDPR where applicable)

Depending on your location, you may have rights to:

• access your personal data,

• rectify inaccurate data,

• erase data (“right to be forgotten”), where applicable,

• restrict processing,

• object to processing based on legitimate interests,

• data portability (in certain cases),

• withdraw consent (where processing is based on consent),

• lodge a complaint with a supervisory authority.

To exercise your rights, contact us at [privacy@irpara.pt]. We may need to verify your identity before responding.

10) Children’s privacy

The Service is not intended for children under [choose: 13/16]. We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact us and we will take appropriate steps.

11) Third-party links and destinations

Shortened links redirect to third-party sites we do not control. Their privacy practices are governed by their own policies. We encourage you to review the privacy policy of any destination site you visit.

12) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on irpara.pt with the updated effective date. If changes are significant, we may provide additional notice where appropriate.

13) Contact us

For privacy questions or requests:

Load Aspas Aspas, Lda.
Email: info@loadaspasaspas.pt
Address: Rua de Ramos. 4405-247 Vila Nova de Gaia, Porto, Portugal.
NIPC: 518408396