What makes filxo Links analytics different?

filxo separates real human opens from bots, link previews (Slack, WhatsApp, iMessage), search crawlers, and AI agents. Your headline view count focuses on likely real people — not every automated fetch.

I run a newsletter. How does filxo help?

Wrap every link individually or add channel labels (newsletter, social, thread). Each label gets its own tracked link so you can compare which channel actually drove engaged readers. Export your data anytime.

Can I import existing link analytics?

Yes. In Playground, use Import external data and upload a CSV export from your previous shortener. filxo maps common columns and lets you compare that history alongside new filxo links.

What does wrapping a link actually do?

You give us any URL, we give you back a filxo URL. When someone clicks your filxo URL, we record the open and send them to your original destination. They reach the page; you get the analytics.

How do channel labels work?

Add labels like LinkedIn or Newsletter during link creation. Each label gives you a unique tracked link with its own analytics. Post each labeled link to the matching channel and compare what worked.

Do Slack or WhatsApp previews count as clicks?

No — not in your headline view total. filxo classifies those as link previews and shows them separately in your traffic breakdown so you can see unfurls vs real human opens.

Yes. Click tracking, bot filtering, country and device breakdown, and labeled links are free. Paid plans add optional subdomain, larger files, and more storage.

Last updated: May 9, 2026

Privacy Policy — filxo Links

This Privacy Policy describes how filxo (“we,” “us,” or “our”) collects, uses, stores, and shares information about you when you use the filxo Links product—the expiring file-share and link-analytics service operated at app.filxo.com and related endpoints (the “Service”).

If you use other filxo offerings (for example filxo Workplace), additional or different terms may apply on those surfaces. This policy is limited to filxo Links unless we say otherwise.

1. Who we are and how to contact us

The organization offering filxo Links is referred to as filxo. If your local law requires a legal entity name or postal address, contact us using the contact form or the emails below—we will provide available details where we are obligated to do so.

Privacy and data-protection requests: privacy@filxo.com

General support: Contact us (filxo Links)

2. Information we collect

We collect information in the following categories:

Account information. When you register, we collect your email address, authentication data (for example a password hash), verification status, and identifiers for signed-in dashboards.
Link and file metadata. Short link codes or IDs, filenames, MIME types, sizes, expiry timestamps, deletion state, tracking preferences (such as tracking email tokens), upload status for multi-file bundles, wrapped destination URLs where you configure them, and similar technical metadata needed to operate the Service. When you create a link, we may also store a salted hash of your network address (never the raw address) and, when our CDN provides it, a two-letter approximate country code for that request—used for abuse prevention and service integrity.
Uploaded content. Files you associate with links are stored in our object storage for delivery until the link expires, is deleted, or is removed by housekeeping jobs.
Anonymous use. You may generate links without signing in where the product allows it; we still collect the categories above necessary to operate the link (such as salted hashed uploads and metadata).
Analytics and usage. We log link views at a coarse level (for example timestamps; approximate geography where available via edge or application data; salted hashed IP representations aligned between our API and short-link edge where configured; device class; and referrer where present). Where you use optional tracking email, we process the address you provide to deliver notifications you request.
Abuse reports. If you use the report flow (for example via app.filxo.com/report after following a link from a download page), we collect the reason, optional description, optional email if you choose to provide it, and technical data such as a salted hash of your IP address (not the raw IP) and a two-letter approximate country when available.
Technical and security. Server logs, error diagnostics, rate-limit signals, Redis queue metadata for background jobs (such as transactional email sends), moderation and enforcement records, and similar operational data.

3. Purposes and legal bases (including EEA / UK visitors)

We process personal data for the following purposes:

Operate the Service (host links, authenticate users, rotate sessions, deliver dashboards)—typically under performance of contract where you have an account, or necessary steps prior to subscribing.
Security and abuse prevention (including hashing, quotas, reports, bans, uploads blocked for policy reasons)—typically legitimate interests (balancing test) and, where relevant, legal duties.
Compliance and legal claims—typically legal obligation or legitimate interests.
Optional marketing. If we ever introduce optional newsletters or product updates separate from transactional messages, we will rely on consent or soft opt-in where the law permits, clearly at collection. Today, most messages are transactional or operational.

If GDPR or UK GDPR applies, you may have the right to object to certain legitimate-interest processing relating to your situation; describe your request using the contact form or emails above.

4. How we use information

In practice we use personal data to:

provide, operate, secure, and improve the Service;
authenticate accounts, rotate refresh sessions (see our Cookie Policy), and send transactional messages (verification, resets, receipts where offered);
enforce caps, quotas, expiry, acceptable use, and abuse response;
comply with law and respond to lawful requests;
communicate service-related notices; we do not sell your personal information or use your files for unrelated advertising.

5. Sharing and subprocessors

We engage infrastructure providers that process data only to provide the Service. Typical categories include Cloudflare (CDN, edge compute, and R2 object storage), Render (hosting), Postmark (transactional email), managed PostgreSQL and Redis providers, and Razorpay when you choose a paid plan (payment processing). Vendors may change; we use contracts that limit their use to service provision.

We may disclose information if required by law; to protect the rights, safety, and integrity of users and the Service; or through a merger or asset sale subject to appropriate safeguards. We do not permit subprocessors to use your uploaded files for independent machine-learning training unrelated to delivering the Service.

Copyright and IP complaints. Notices sent to our abuse channels may include personal data about complainants; we process that correspondence to address intellectual property issues and protect users.

6. Retention

Link metadata and uploaded files are retained for as long as needed to fulfil expiry and housekeeping rules communicated in-product, resolve disputes, and meet legal obligations. When you delete a link, we enqueue cleanup so associated storage objects cannot be downloaded thereafter, subject to replication lag. Backups may persist for a limited additional period.

Upload-time telemetry on link rows (salted hashed IP and approximate country when present) and related blocked-upload records are removed on a rolling basis—by default after roughly 90 days from the timestamps our systems use for housekeeping—while the underlying link file may remain until expiry or deletion under normal rules. The default is configurable for our operations team.

Link-view analytics. Event-level view records used for dashboards are generally kept while the link exists and are removed or rolled up when the link is deleted or expired, except where a longer period is needed for security or legal compliance.

Sessions. Refresh-token sessions for signed-in use ordinarily expire within approximately 30 days of issuance unless revoked earlier (for example through logout or “sign out everywhere”).

Unverified accounts may be removed automatically after the inactivity window described in-product or in our operations documentation.

Moderation and safety records. Abuse reports, enforcement decisions, bans (which may reference salted IP hashes or account identifiers), and audit entries may be retained longer than ordinary telemetry—for repeat-offender prevention, defending legal claims, and compliance. Some records may be kept until no longer necessary for those purposes or as required by law.

7. Payments and billing data

When you purchase a paid filxo Links plan, Razorpay (or another processor shown at checkout) collects and processes payment details under its terms and privacy policy. We typically receive billing status, order identifiers, plan tier, and limited payment metadata—but not your full payment card number on our own servers. See our Terms of Service for fees, renewals, and refunds.

8. Security

We use industry-standard measures including encryption in transit (HTTPS/TLS where applicable), hashed credentials, partitioned infrastructure accounts, least-privilege access for operators, and monitoring. See our Security page for vulnerability disclosure.

9. International transfers

filxo operates from the United States and may process data using providers globally. Where required by law (for example for transfers from the EEA, UK, or Switzerland to the United States or other countries), we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission (and the UK Addendum where applicable), together with technical and organizational measures. You may request more detail about transfers by contacting privacy@filxo.com.

10. Your choices and rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict certain processing, to object to processing, or to lodge a complaint with a supervisory authority. To exercise rights, contact privacy@filxo.com or use our contact form. Where technically feasible, you may request a copy of personal data you provided in a structured, commonly used format.

We do not use solely automated decision-making that produces legal or similarly significant effects about you within the meaning of GDPR Article 22 for the Service as described today. If that changes for a specific feature, we will disclose it before it applies.

If we send optional marketing and local law requires it, we will provide a way to unsubscribe; account, security, and receipt messages may continue.

11. U.S. state privacy (summary)

We do not sell your personal information for money. Depending on your U.S. state of residence and whether thresholds apply, you may have additional rights (for example access, deletion, or appeal). Contact privacy@filxo.com or use our contact form to exercise those rights. We will not discriminate against you for exercising rights granted by applicable state law.

12. Children

The Service is not directed at children under 13, or under 16 in the EEA/UK where a higher age of digital consent applies, and we do not knowingly collect their personal information. If you believe we have collected a child’s information, contact us and we will take appropriate steps.

13. Cookies and similar technologies

We use essential cookies and similar mechanisms for authentication (for example refresh semantics on API paths we control). filxo Links does not use third-party advertising cookies as part of this product today. For a short inventory, see our Cookie Policy.

14. Changes

We may update this policy periodically. Material changes may be surfaced in-product or by email before they take effect where required. The “Last updated” date at the top reflects the latest revision.

15. Relationship to corporate policies

For overarching company disclosures, refer to filxo.com/privacy. If there is a conflict about filxo Links, this Service-specific policy governs Links features only.