GDPR
The EU's General Data Protection Regulation — in force since May 2018, with global reach.
The GDPR (General Data Protection Regulation) has governed how organizations handle personal data of EU residents since May 2018. It applies extraterritorially: any US company that processes EU residents' data has to comply, regardless of where the servers sit.
Core principles: explicit consent for tracking, right to access and erasure, data minimization (only collect what you need), privacy by design, and steep fines (up to 4% of global annual revenue). Meta, Amazon, and Google have all paid GDPR fines in the hundreds of millions.
For short links and analytics: click tracking is fine, but IP addresses should be anonymized (hashed) before storage. Tools with servers outside the EU need supplementary safeguards (Standard Contractual Clauses, transfer impact assessments) since Schrems II. promolinks.net hashes IPs and offers EU data residency for GDPR-sensitive customers.
Related terms
What you should know next
Cookie Banner / Consent
Consent prompt for tracking cookies — required by GDPR in the EU and CCPA/CPRA in California.
IP Anonymization
Truncating the last octet of an IP address or hashing it — strips its status as personal data.
Data Processing Agreement (DPA)
A contract between you and any vendor that processes personal data on your behalf.
Start now — the free plan is free forever
Short links, QR codes, bio page and digital business card — all in one tool. GDPR-compliant, EU hosting.