Privacy Policy
Last updated: April 3, 2026
NullMark ("we", "us", "our") is operated from Austria and is committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR / DSGVO), the Austrian Data Protection Act (DSG), and the Austrian Telecommunications Act (TKG 2021).
This Privacy Policy explains what personal data we collect, why we collect it, how we process it, and what rights you have.
1. Data Controller
The data controller responsible for the processing of your personal data is:
NullMark
Melvin Morina
Austria
Email: hello@nullmark.tech
If you have questions about how we process your data or wish to exercise your rights, you can contact us at the email address above at any time.
2. What Data We Collect
We collect only the data necessary to provide our service. Below is a complete overview:
2.1 Account & Payment Data
When you purchase a license, we collect:
- Email address — to send your license key and service notifications
- Payment information — processed entirely by Stripe (our payment processor). We do not store credit card numbers, bank details, or other payment credentials on our servers. Stripe acts as an independent data controller for payment data under its own privacy policy.
- Stripe Customer ID — a reference ID to manage your subscription
2.2 Link & Usage Data
When you create a forwarding link or when visitors click on a NullMark link, we collect:
- Destination URL — the URL you want to redirect to
- Link creator's IP address — stored for abuse prevention and legal compliance
- Click count — aggregate number of clicks per link (no individual visitor tracking)
- Monthly visit count — to enforce plan limits
- Adult content flag — whether you marked the link as 18+ or it was auto-detected
- Legal confirmation timestamp — when you confirmed the legal checkbox
- Custom slug — if you chose a custom short URL (Pro/Lifetime only)
- Pixel ID — if you provided a Meta or TikTok tracking pixel (Pro/Lifetime only)
2.3 Technical Data (Visitors Clicking Links)
When someone clicks a NullMark forwarding link, standard technical data may be processed by our infrastructure provider (Cloudflare) in the course of delivering the page:
- IP address (processed transiently by Cloudflare, not stored by us)
- User-Agent string (used to determine device type for browser redirection)
- Referrer header
We do not create individual visitor profiles and do not use cookies for tracking link visitors.
2.4 Data We Do NOT Collect
- We do not use analytics tools (Google Analytics, etc.) on our website
- We do not use advertising cookies or trackers on our website
- We do not sell, rent, or trade personal data to third parties
- We do not build individual visitor profiles from link clicks
3. Legal Basis for Processing (Art. 6 GDPR)
We process your data based on the following legal grounds:
| Processing Activity | Legal Basis |
|---|---|
| Providing the forwarding service (link creation, redirects) | Art. 6(1)(b) — Performance of contract |
| Processing payments via Stripe | Art. 6(1)(b) — Performance of contract |
| Sending license key via email | Art. 6(1)(b) — Performance of contract |
| Storing creator IP address for abuse prevention | Art. 6(1)(f) — Legitimate interest (fraud/abuse prevention) |
| Storing legal confirmation timestamp | Art. 6(1)(c) — Legal obligation (documentation of consent) |
| Enforcing visit limits per plan | Art. 6(1)(b) — Performance of contract |
| Responding to support inquiries | Art. 6(1)(b) — Performance of contract / Art. 6(1)(f) — Legitimate interest |
4. Third-Party Processors & Data Transfers
We use the following third-party service providers to operate NullMark. Each acts as a data processor under Art. 28 GDPR unless noted otherwise:
| Provider | Purpose | Data Processed | Location |
|---|---|---|---|
| Cloudflare, Inc. | Hosting, CDN, edge computing (Workers), DDoS protection | IP addresses (transient), request metadata | Global (EU SCCs in place) |
| Stripe, Inc. | Payment processing (independent controller) | Email, payment details, billing address | USA/EU (EU SCCs, DPF certified) |
| Supabase, Inc. | Database hosting (PostgreSQL) | Email, license keys, link data, IP (creator) | EU region |
| Resend, Inc. | Transactional email delivery | Email address, license key | USA (EU SCCs) |
Where data is transferred outside the EU/EEA, we ensure adequate safeguards are in place (EU Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms under Art. 46 GDPR).
5. Tracking Pixels (Pro/Lifetime Users)
If you are a Pro or Lifetime user and choose to add a Meta (Facebook) or TikTok tracking pixel to your forwarding link, the following applies:
- The pixel fires on the interstitial page before redirecting the visitor
- You (the link creator) are the data controller for any data collected by your pixel
- We merely execute the pixel code you provide — we do not access, store, or process the data collected by your pixel
- You are solely responsible for ensuring your pixel usage complies with GDPR, the ePrivacy Directive, and the terms of the respective platform (Meta, TikTok)
- You must ensure appropriate consent mechanisms and privacy disclosures for your pixel tracking
6. Cookies & Local Storage
Our main website (nullmark.tech) does not set cookies. We do not use cookie-based tracking, analytics, or advertising.
The interstitial redirect page shown to link visitors does not set cookies either. If a user-configured tracking pixel sets cookies, the link creator (not NullMark) is responsible for those cookies.
7. Data Retention
We retain your data only as long as necessary:
| Data | Retention Period |
|---|---|
| Account data (email, Stripe ID) | Duration of service + 7 years (Austrian tax retention: BAO §132) |
| License keys | Duration of active subscription or lifetime license |
| Link data (URLs, slugs, click counts) | Duration of active license; deleted upon account deletion request |
| Creator IP address | 12 months after link creation (abuse prevention) |
| Legal confirmation timestamp | 7 years (legal documentation obligation) |
| Payment data (at Stripe) | Per Stripe's retention policy |
8. Your Rights Under GDPR
As a data subject, you have the following rights under the GDPR. To exercise any of these rights, contact us at hello@nullmark.tech:
- Right of Access (Art. 15) — Request a copy of all personal data we hold about you
- Right to Rectification (Art. 16) — Request correction of inaccurate data
- Right to Erasure (Art. 17) — Request deletion of your data ("right to be forgotten"), subject to legal retention obligations
- Right to Restriction (Art. 18) — Request that we limit how we process your data
- Right to Data Portability (Art. 20) — Receive your data in a structured, machine-readable format
- Right to Object (Art. 21) — Object to processing based on legitimate interest
- Right to Withdraw Consent (Art. 7(3)) — Where processing is based on consent, withdraw at any time without affecting prior lawfulness
We will respond to your request within one month as required by Art. 12(3) GDPR. If your request is complex, we may extend this by an additional two months, and we will inform you of any extension.
9. Right to Lodge a Complaint
If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the competent supervisory authority:
Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40–42
1030 Vienna, Austria
Email: dsb@dsb.gv.at
Website: www.dsb.gv.at
10. Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS on all connections)
- Database-level access controls with Row-Level Security (RLS)
- Secrets and API keys stored securely (not in source code)
- Payment data handled exclusively by PCI DSS-compliant Stripe
- Access to backend systems limited to authorized personnel only
11. Children's Privacy
NullMark is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For material changes, we will notify affected users by email where possible.
13. Contact
For any questions regarding this Privacy Policy or your data:
NullMark
Melvin Morina
Email: hello@nullmark.tech