When you visit oneli.nk we collect the minimum signal needed to route your click and produce honest analytics for the link's owner: a hashed IP, your User-Agent, the requested URL, and the rule that matched. We do not collect names, email addresses, advertising IDs, precise location, or any other personal identifier from a redirect.

We use it strictly to: (a) decide which destination to redirect you to, (b) produce per-link aggregate analytics for the OneLink customer whose link you clicked, and (c) detect abuse such as automated traffic floods.

We share data with our infrastructure sub-processors (listed on the sub-processors page) under written agreements. We do not sell data, we do not share data with advertisers, and we run no third-party trackers in the redirect flow.

GDPR and CCPA grant you the right to access, correct, port, and delete personal data we hold about you. Email privacy@oneli.nk and we will respond within 14 days.

• Right of access — copy of data we hold
• Right to rectification — correct inaccuracies
• Right to erasure — delete on request
• Right to portability — machine-readable export
• Right to object — to processing on legitimate interest

Raw, hashed click events are retained for 90 days for debugging and abuse review, after which only aggregate counts remain. Aggregates are retained for the lifetime of the link, plus 12 months after deletion.