KWY

Privacy Policy

Last updated: April 2026

Who We Are

KWY (kwy.uk) is a URL shortening service operated by NHostn, LTD , 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

Data We Collect

When you shorten a URL, we store the following in our database:

  • Original URL — the destination you submitted.
  • Short code — the 6-character identifier we generated.
  • IP address — used to enforce rate limits and prevent duplicate short links per user.
  • User-agent string — your browser or client identifier, stored for abuse prevention.
  • Creation timestamp — the date and time the link was created.
  • Click count — the number of times the short link has been visited.

We do not collect your name, email address, or any account information.

Cookies & Sessions

KWY uses a single session cookie for the purpose of CSRF protection on the URL submission form. This cookie is temporary, contains no personal information, and is deleted when you close your browser. We do not use tracking cookies, advertising cookies, or any third-party cookies.

How We Use Your Data

  • To operate the redirect service — matching a short code to its destination URL.
  • To enforce rate limiting — preventing automated abuse from a single IP address.
  • To prevent duplicate short links — returning an existing link when the same IP submits the same URL again.
  • To process deletion requests — verifying ownership via the delete token.

We do not sell, share, or transfer your data to third parties.

Data Retention

Link records are retained indefinitely unless you delete them using your delete link. Rate-limit records are automatically purged after one hour. Deleted links are soft-deleted — the short code returns HTTP 410 Gone and the original URL is no longer used for redirects.

Your Rights

Under applicable data protection law (including UK GDPR), you may request access to, correction of, or deletion of data associated with your IP address. To exercise these rights, contact us at:

info@nhostn.com

Note: because we do not collect names or email addresses, requests must include the short code(s) or delete token(s) associated with the links you wish to manage.

Security

All data is stored in a local SQLite database that is inaccessible via HTTP. Connections to kwy.uk are encrypted via HTTPS (TLS). Delete tokens are cryptographically random 64-character strings that cannot be guessed or brute-forced.

Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of KWY after changes constitutes acceptance of the updated policy.

Contact

Privacy enquiries: info@nhostn.com
NHostn, LTD, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.