GDPR Compliance
General Data Protection Regulation (GDPR) Information
Last updated: June 10, 2026
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union law that protects the privacy and personal data of EU citizens. It gives individuals more control over their personal data and requires businesses to be transparent about how they collect, use, and store personal information.
At Goxy, we are committed to protecting your privacy and complying with GDPR requirements. This page explains how we handle your data and what rights you have under GDPR.
2. What Personal Data We Collect
We collect and process the following personal data:
| Data Type | Examples | Purpose |
|---|---|---|
| Account Data | Name, email address, username | Account management and communication |
| Link Data | Original URLs, short links created | Providing our core service |
| Usage Data | Clicks, referrers, device info | Analytics and service improvement |
| Technical Data | IP address, browser type, OS | Security and performance optimization |
| Cookie Data | Session tokens, preferences | Authentication and user experience |
3. Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide our service to you (e.g., creating short links, managing your account).
- Legitimate Interests: Processing for our legitimate business interests, such as improving our service, preventing fraud, and analytics.
- Legal Obligation: Processing required to comply with applicable laws and regulations.
- Consent: Processing based on your explicit consent (e.g., marketing communications).
4. Your Rights Under GDPR
If you are an EU resident, you have the following rights regarding your personal data:
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure (Right to be Forgotten)
Request deletion of your personal data.
Right to Restrict Processing
Request limitation of how we use your data.
Right to Data Portability
Request transfer of your data to another service.
Right to Object
Object to processing based on legitimate interests.
5. Data Retention Periods
We retain your personal data for specific periods based on your account type:
| User Type | Link Data Retention | Analytics Retention | Account Data Retention |
|---|---|---|---|
| Guest Users | 7 days | 7 days | Not applicable |
| Free Users | 60 days | 60 days | Until account deletion |
| Pro Users | 365 days | 365 days | Until account deletion |
| Business Users | Unlimited | Unlimited | Until account deletion |
Account data is retained until you request deletion or terminate your account. You can delete your account at any time from your dashboard settings.
6. Data Sharing and Transfers
We do not sell your personal data. We may share your data with:
- Service Providers: Third-party companies that help us operate our service (e.g., hosting, analytics). All providers are GDPR-compliant.
- Legal Authorities: When required by law or to protect our legal rights.
- Business Transfers: In connection with a merger, acquisition, or sale of assets.
Your data may be transferred to and processed in countries outside the EU. We ensure appropriate safeguards are in place for such transfers.
7. Data Security Measures
We implement robust security measures to protect your personal data:
- 🔐 Encryption of data in transit (TLS/SSL) and at rest
- 🔐 Regular security audits and vulnerability assessments
- 🔐 Access controls and authentication mechanisms
- 🔐 Employee training on data protection
- 🔐 Incident response procedures
8. Cookies and Tracking
We use cookies for essential functionality and analytics. You can manage cookie preferences through your browser settings. Essential cookies cannot be disabled as they are necessary for the service to function.
Types of cookies we use:
- Essential Cookies: For authentication and session management
- Analytics Cookies: To understand how users interact with our service
- Preference Cookies: To remember your settings
9. Children's Data
Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us.
10. Data Protection Officer (DPO)
We have appointed a Data Protection Officer to oversee our GDPR compliance. You can contact our DPO at:
- 📧 Email: dpo@gosy.cc
- 📬 Address: Goxy DPO, 123 Digital Street, Singapore 12345
11. How to Exercise Your Rights
To exercise any of your GDPR rights, you can:
- 📧 Email us at privacy@gosy.cc
- 🌐 Use our Dashboard to access, update, or delete your data
- 📬 Write to us at the address above
We will respond to your request within 30 days. Some requests may require identity verification.
12. Right to Lodge a Complaint
If you believe we have not complied with GDPR requirements, you have the right to lodge a complaint with your local supervisory authority. In Singapore, you can contact the Personal Data Protection Commission (PDPC).
We encourage you to contact us first so we can address your concerns directly.
13. Updates to This GDPR Information
We may update this GDPR compliance page from time to time. The "Last updated" date at the top of this page indicates when changes were made. We encourage you to review this page periodically.
14. Contact Information
If you have any questions about GDPR or how we handle your personal data, please contact us:
- 📧 General Privacy: privacy@gosy.cc
- 📧 Data Protection Officer: dpo@gosy.cc
- 🌐 Website: https://gosy.cc/contact
For more information, please also read our Privacy Policy and Terms of Service.