Easy Redirects
Sign inStart free

Privacy Policy

Last updated: June 11, 2026

Easy Redirects ("we", "us") provides geo-redirect services for websites hosted on HubSpot Content Hub. This policy explains what personal data we process, why, and what rights you have. It covers two groups: customers (people who create an Easy Redirects account) and website visitors (people who visit our customers' websites where our script is installed).

1. Data we process about customers

  • Account data — your email address and a hashed password, stored by our authentication provider (Supabase).
  • Configuration data — the workspaces, sites, domains and redirect rules you create.
  • Billing data — handled by Stripe. We store only your Stripe customer ID and subscription status; we never see or store your card details.

Legal basis: performance of our contract with you (GDPR Art. 6(1)(b)).

2. Data we process about website visitors

When a visitor loads a page where our script is installed, the script sends a request to our servers containing the visitor's IP address (inherent to any web request), the page path, and the site hostname. We use the IP address transiently to derive a country code at our hosting provider's network edge. We do not store visitor IP addresses.

When a redirect fires, we store an event containing only:

  • the two-letter country code (e.g. "DE")
  • the page path the visitor was on
  • which redirect rule matched, and a timestamp

We set no cookies on visitors' browsers and do no cross-site tracking. The script stores a single flag in the browser's sessionStorage to avoid redirecting the same visitor twice in one session; this never leaves the visitor's device.

For visitor data we act as a data processor on behalf of our customer (the website owner), who is the data controller. Legal basis is the customer's legitimate interest in serving regionally appropriate content (GDPR Art. 6(1)(f)).

3. Subprocessors

  • Vercel — application hosting and edge network (request processing, IP-to-country resolution)
  • Supabase — database and authentication
  • Stripe — payment processing

4. Data retention

  • Account and configuration data: kept while your account is active; deleted within 30 days of account deletion.
  • Redirect events: kept for up to 13 months for usage metering and analytics, then deleted.

5. International transfers

Our subprocessors may process data outside the EEA. Where they do, transfers are protected by the EU Standard Contractual Clauses or an adequacy decision (including the EU–US Data Privacy Framework where applicable).

6. Your rights

Under the GDPR you may request access to, correction of, deletion of, or a portable copy of your personal data, and you may object to or restrict certain processing. Website visitors should direct requests to the owner of the website they visited (the data controller); we assist our customers with such requests. You may also lodge a complaint with your supervisory authority — in Norway, Datatilsynet.

7. Security

Data is encrypted in transit (TLS) and at rest. Database access is protected by row-level security so customers can only access their own data.

8. Changes & contact

We will post any changes to this policy on this page and update the date above. Questions or requests: support@easyredirects.com.