Privacy Policy
Last updated: July 1, 2026
1. Introduction
At tox.li (pronounced to-x-li), we respect your privacy. This policy outlines what data we collect, how it is stored, and how it is processed. We do not sell, rent, or trade your data to third parties.
2. Data Collected from Account Holders
If you create an account on tox.li, we collect and store:
- Your name and email address.
- Your encrypted password hash (if using email/password authentication).
- Social profile tokens (if logging in via Google OAuth).
- Details of the shortened links you create.
3. Link Visitor Logging (Cloudflare Integration)
tox.li utilizes Cloudflare Workers and Cloudflare KV (Key-Value) to route and resolve redirections. When a visitor clicks a tox.li shortened URL, the worker resolves the redirect at the global network edge.
During this redirection process, the Cloudflare Worker registers a log entry containing:
- Timestamp of the request.
- Referrer headers (the site the visitor clicked the link from).
- Visitor User Agent (browser type and operating system).
- Anonymized/Truncated IP Address (used solely to identify the approximate country/city of origin for redirection analytics).
These logs do not contain personally identifiable details. Logs are retained for a maximum of 30 days in our database solely to render click analytics in user dashboards and to run automated anti-abuse controls.
4. Cookies
We use security cookies solely to maintain active sessions for authenticated account users. We do not use third-party marketing, targeting, or cross-site tracking cookies.
5. Data Deletion
Account holders may delete their accounts and all associated link history at any time through the dashboard settings. Upon deletion, all links and dashboard data are permanently purged from our active database and Cloudflare KV cache.
6. Contact
If you have any questions regarding this Privacy Policy, please reach out to us at hi@tox.li.