Privacy Policy

Last updated: June 27, 2026.

This policy covers the whole Kondaino service: this marketing site at kondaino.com and the application — registration, login, the dashboard, short-link redirects, and the API — at kdourl.com. Kondaino is operated by DEC Group (decgroup.pro). Questions about this policy or your data can be sent to hello@kondaino.com.

Information we collect

Account information

To register at kdourl.com we collect your email address and a password. Passwords are never stored in plain text — they're hashed with PHP's password_hash() (bcrypt) and we cannot recover or view your actual password, even on request. We also store your plan (free or paid) and whether your account is suspended.

Content you submit

The destination URLs you shorten, any names you give to link groups, and any rows you upload via bulk CSV import. This content is necessary to provide the redirect service itself.

What we deliberately don't collect

When someone visits one of your short links, we increment a click count on that link and nothing else. We do not log the visitor's IP address, device or browser fingerprint, or referring page, on any plan. There is no per-click record to request, export, or breach — because it's never created in the first place.

API tokens & password reset tokens

API tokens (kdo_...) and password reset links are only ever stored as a SHA-256 hash. The raw value is shown to you once, at creation, and is not retrievable afterward, including by us.

Cookies & advertising

kdourl.com sets a session cookie so you can stay logged in, and a CSRF token used to protect state-changing requests — both strictly necessary for the service to function. This marketing site (kondaino.com) does not set any first-party cookies of its own.

The kondaino.com homepage loads Google AdSense to display ads. Google AdSense may set third-party cookies and use other identifiers in your browser to personalize ads and measure performance. We don't control what Google does with that data; see Google's policy on data used in partner sites for details. You can opt out of personalized advertising via Google Ads Settings or your browser's cookie/tracking controls. We do not currently detect automated opt-out signals (such as Global Privacy Control) on kondaino.com; if you'd like us to act on one manually, email us.

Hosting & server logs

Like virtually any website, our hosting provider keeps standard web server access logs (request timestamps, requested URLs, IP addresses) for security and operational purposes. These logs are not used to build profiles of individual visitors.

Payment information

We don't collect or store any payment card details, and we don't process payment through this website. Plan upgrades are arranged manually by emailing hello@kondaino.com, and payment is collected via Interac e-Transfer — we send you the recipient email and a one-time security password privately, by email, rather than publishing them anywhere on this site. We don't retain e-Transfer security passwords once a transfer is completed.

How we use your information

• To create and operate your account, and to authenticate you when you log in.
• To create, redirect, and manage your short links, and to enforce your plan's link and expiry limits.
• To respond to support requests sent to hello@kondaino.com.
• To serve advertising on kondaino.com via Google AdSense.

How we share your information

We never sell your personal information. We share data only with:

• Our hosting provider (Hostinger), which processes data on our behalf to run the service — it doesn't use your data for its own purposes.
• Google, via AdSense, for ad delivery and personalization on kondaino.com as described above. Under California's CPRA, this may be considered "sharing" personal information for cross-context behavioral advertising even though no money changes hands — see the California section below for your opt-out options.
• Anyone else, only if required by law or to protect against fraud or abuse.

Data retention & deletion

Free links expire after 6 months and paid links after up to 24 months (or a custom date you set); expired links are hard-deleted on a daily schedule, and their short code is recycled for reuse. Deleting your account immediately deletes your links, API tokens, link groups, and any pending password reset tokens. We keep anonymous, aggregate totals (e.g. total links ever created, total clicks ever recorded) that are not tied to your identity once your account is deleted.

Security

Passwords are hashed with bcrypt, API tokens and password reset tokens are stored only as SHA-256 hashes, and state-changing requests are protected with CSRF tokens. No method of storage or transmission is 100% secure, but we don't store anything we don't need in the first place — the biggest privacy protection here is data we simply never collect.

Your rights under GDPR (EU/UK)

If you're in the EU or UK, you have the right to access, correct, export, restrict, or object to our processing of your personal data, and the right to erasure ("right to be forgotten"). Our legal basis for processing account and link data is performance of our contract with you (providing the service); for security/fraud prevention it's our legitimate interest; for AdSense advertising cookies it's your consent, to the extent required in your jurisdiction. You can exercise any of these rights by emailing hello@kondaino.com, or by deleting your own account directly. You also have the right to lodge a complaint with your local data protection supervisory authority.

Your rights under CCPA/CPRA (California)

If you're a California resident, you have the right to know what personal information we collect, to access or delete it, to correct inaccurate information, and to opt out of the sale or sharing of your personal information. We do not sell personal information for money. We do use Google AdSense on kondaino.com, which may constitute "sharing" for cross-context behavioral advertising under CPRA — you can opt out via Google Ads Settings or by emailing us to request exclusion. We do not collect sensitive personal information as defined by CPRA. You will not be discriminated against for exercising any of these rights.

Your rights under PIPEDA (Canada)

If you're in Canada, PIPEDA gives you the right to know why we collect your personal information, to access it, to request corrections, and to expect that we only collect what's necessary and safeguard it appropriately. Consistent with PIPEDA's accountability principle, DEC Group is responsible for the personal information described in this policy; you can reach us, or challenge our compliance with this policy, at hello@kondaino.com.

Children's privacy

Kondaino is not directed at children, and we do not knowingly collect personal information from anyone under the age of 16. If you believe a child has created an account, contact us and we'll delete it.

Changes to this policy

If we make material changes to this policy, we'll update the "Last updated" date above. Continued use of Kondaino after a change means you accept the revised policy.

Contact us

Questions, requests, or complaints about this policy can be sent to hello@kondaino.com.