Be careful on the websites where you need to specify personal data: name/surname, credit card number, phone number, postal address. Many phishing services steal your personal information to use it for criminal purposes.
Security Guardrails for Short Links Storage
Short.io stores URLs privately in AWS S3 in Virginia, United States. Our provider is AWS, and they have all the required certifications: https://aws.amazon.com/compliance/iso-certified/.
We don't share your links with third-parties, and our data privacy model is GDPR-compliant. We do not track the users who visit your URLs.
We use the npm audit of Snyk to scan third-party requirements and keep them up to date if any vulnerability is found (and we receive notifications if any are found). If we receive a security report, we fix it as soon as possible.
We want you to trust Short.io and wish that you have no doubt about Short.io's security. Here are the four essential security requirements that Short.io meets.
GDPR is a recently adopted law describing and regulating personal data security. According to it, if a website gathers personal data from people in Europe (or if your code is used by sites that do), that website is under the GDPR.
The types of personal data Short.io collects are cookies, email address, usage data, password, first name, last name, image, and company name. Short.io stores the personal data privately in AWS S3 in Virginia in the United States and never shares it with third-party services.
Secure Sockets Layer (SSL) is a security level for protecting transmitted information between a server and a user's browser.
An SSL certificate ensures that users can confidently enter private information, such as account login data or credit card numbers. SSL secures data from third-party services as well as Internet hackers. Note that Google blocks sites that do not support SSL and provides protected sites with a better search engine ranking.
You can check if a website is secured by yourself. Just note that sites with 'http' are dangerous, and we don't advise specifying personal data there. The websites with 'https' are secured.
Short.io is an encrypted service, so the official website URL starts with 'https.' Short.io uses the TLS 1.2 and TLS 1.3 encryption standard to encrypt short URLs.
Stripe Payment service
Short.io accepts credit/debit cards and can invoice via ACH credit transfer. We use Stripe to receive card payments. They are performed through a secure connection between your browser and Stripe. We don't know your card number and don't store payment data on our server.
Two-factor Authentication (2FA)
We implemented a two-step verification login to Short.io so that you are sure of your online safety.
Short.io supports 2FA via the Google Authenticator and the Authy authenticator app. The app, preinstalled by you to apply for a Short.io login, has a constantly rotating set of codes you can use whenever needed.
Short.io takes care of every customer. We are responsible for keeping personal information secure, so it is stored according to strict privacy guidelines and requirements.
What did you learn?
- online safety
- safe URL shortener
- internet safety
- internet phishing, frauds, malicious services