Legal
Terms of Service
Last Updated: 2026-01-18
This Terms of Service covers all components of Qlink.fi, including the Sheets add-on, app for Slack, Chrome extension, web app, and API.
Welcome to Qlink.fi. These Terms of Service ("Terms") govern your use of our URL shortening service ("Service"), including the "QLink.fi - URL shortener & UTM builder" Google Sheets Add-on, the app.qlink.fi web app, the Chrome extension, "Qlink.fi" bot for Slack and domains such as qik.fi and qli.fi, operated by Mirlan Dzhumagulov, based in Oulu, Finland ("we," "us," or "our").
By using the Service, you agree to be bound by these Terms. If you do not agree, do not use the Service.
- 1. Description of Service
- 2. Account and Access
- 3. Subscriptions, Payments, Refund policy
- 4. Acceptable Use
- 5. Link and Data Retention
- 6. Intellectual Property
- 7. Service Availability
- 8. Termination
- 9. Data Processing Agreement (DPA)
- 10. Changes to Terms
- 11. Governing Law
- 12. Other information
- 13. Contact
- Annex I: Data Processing Agreement (DPA)
- Annex II: Vulnerability disclosure program
1. Description of Service
The Service allows you to:
- Create shortened links (via qik.fi)
- Track click analytics
- Use the Google Sheets add-on to generate and manage links
- Use the web app (app.qlink.fi) and Chrome extension to create short links
- Use the QLink bot for Slack to shorten and share links via slash commands
- Build UTM-tagged URLs
Free and paid subscription tiers are available, offering different usage limits and analytics retention.
2. Account and Access
To use the Service, you may need to log in with your Google Account. By doing so, you authorize access to your Google Sheets for the purpose of link generation and data handling within those documents.
For the web app and Chrome extension, you authenticate using your API key to create and manage short links.
You are responsible for safeguarding your account credentials and any actions performed under your account.
For bot for Slack usage, we collect and use your Slack user ID and workspace/team ID to manage permissions and process slash commands. We do not access messages outside of direct bot interactions.
3. Subscriptions, Payments, Refund policy
Subscription plans are managed via payment operator Paddle.com. Plans may include limits on link creation, analytics retention periods, and branding features.
Paid subscriptions renew automatically unless cancelled. All sales are final and we will not issue refunds, including for prepaid monthly fees. If you later decide to end your subscription, cancelling the payment is your responsibility. We do not refund automatic payments not cancelled in time.
For Enterprise customers, custom contracts may apply. Contact us for invoicing and terms.
4. Acceptable Use
You agree not to:
- Use the Service for spam, phishing, or malware distribution
- Create misleading or deceptive redirects
- Abuse the service to bypass content restrictions or engage in illegal activities
- Interfere with or disrupt our infrastructure or platform
- Misuse the bot for Slack or command interface to perform automated spamming, impersonation, or violate Slack’s Acceptable Use Policy
We reserve the right to suspend or delete any links or accounts found in violation.
5. Link and Data Retention
We retain link metadata and total click counts indefinitely.
| Plan | Detailed analytics retention |
|---|---|
| Free | 7 days |
| Starter | 30 days |
| Pro | 90 days |
| Business/Enterprise | 180 days |
6. Intellectual Property
You retain ownership of the original URLs you input. We retain rights to the infrastructure, software, and interfaces powering the Service.
7. Service Availability
We strive for high availability, but the Service is provided "as is" without warranties. We are not liable for data loss, downtime, or third-party service interruptions.
8. Termination
We may terminate or suspend your access at any time for violations of these Terms, abuse, or legal reasons.
9. Data Processing Agreement (DPA)
If you are a business customer subject to the GDPR, our Data Processing Agreement (Annex I) is incorporated into these Terms by reference.
10. Changes to Terms
We may update these Terms at any time. Continued use of the Service after changes means you accept the revised Terms.
11. Governing Law
These Terms are governed by the laws of Finland and the European Union. Disputes will be handled under Finnish jurisdiction.
12. Other information
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com, to determine the approximate country of visitors who click on shortened links.
13. Contact
For questions about these Terms, contact:
Annex I: Data Processing Agreement (DPA)
This Data Processing Agreement ("DPA") forms an integral part of the Qlink.fi Terms of Service.
This DPA applies when you, as the Data Controller, use Qlink.fi’s services to process personal data subject to the GDPR. Qlink.fi acts as the Data Processor.
Qlink.fi processes data for the sole purpose of providing link shortening, UTM tagging, analytics, and redirect tracking via the Google Sheets Add-on and related APIs. Qlink.fi also processes Slack command input and user/team identifiers for the purpose of generating short links and managing bot access.
- Country (derived from IP address at click time)
- Timestamps
- Referrer domains (e.g., facebook.com, google.com)
- Device metadata: browser, OS, and device type (data not stored, used only to derive device type, e.g. mobile, desktop)
- Google Account email (only for users of the Sheets add-on)
- Slack user ID and workspace/team ID (for permission and bot usage management)
- Slash command content (e.g., original URL, back-half preferences)
- Anonymous visitors who click on short links (device and location data derived at click time)
- Authenticated users of the Google Sheets Add-on (email only)
Qlink.fi uses the following subprocessors:
- Google Cloud Platform (hosting, EU region)
- Supabase (PostgreSQL storage, EU region)
- Paddle.com (payment processing)
Each subprocessor is GDPR-compliant and bound by confidentiality.
Personal data is retained based on subscription tier and deleted or anonymized after the stated retention period unless otherwise required by law.
Slack user and workspace IDs are retained only as long as the bot for Slack is active in the respective workspace or until uninstallation.
We implement appropriate technical and organizational measures, including:
- TLS encryption in transit
- Role-based access controls
- Regular backups and logging
We assist Controllers in responding to requests from data subjects to access, correct, delete, or export their data, within the limits of our technical systems.
Data is processed exclusively within the EU. No data is transferred to third countries outside the EEA.
Upon written request, we will provide documentation regarding our data protection practices.
In the event of a personal data breach, we will notify affected Controllers without undue delay, and within 72 hours where feasible.
Upon termination of the Services, all personal data will be deleted within 90 days unless retention is required by law or specifically requested by the Controller.
Annex II: Vulnerability disclosure program
Security researchers can report vulnerabilities to security@qlink.fi. We acknowledge reports within 3 business days, begin triage immediately, and share a remediation timeline once confirmed. We follow responsible disclosure and provide updates until resolution. We don’t operate a bug bounty or pay rewards at this time.
Our VDP explicitly covers the QLink app for Slack and its endpoints, including slackbot.qlink.fi(/slack/commands, /slack/interactions, /slack/events, /slack/oauth_redirect) and related backend services used to create short links.
Findings related to OAuth flows, token handling, permission scopes, and Slack request signature verification are in scope.
Report to support@qlink.fi with steps to reproduce and the affected workspace/app details.