Everything you need to know about GDPR-compliant link tracking
Yes, Smoio was built from the ground up for GDPR compliance. We don't store IP addresses, don't set cookies, and host all data exclusively in Frankfurt, Germany. This eliminates Schrems II issues and data transfers to third countries.
No. Smoio doesn't set cookies and doesn't use JavaScript tracking. Tracking happens purely server-side during the redirect. Since no cookies are set, no cookie consent is required.
Yes, like any third-party service, you should mention Smoio in your privacy policy. We provide a ready-to-use text snippet that you can simply copy and paste.
Yes, when processing personal data on behalf of others, a DPA according to Art. 28 GDPR is required. The Business plan includes a signed DPA. For other plans, we provide a standard DPA.
All data is stored exclusively in Frankfurt, Germany. We don't use US cloud services like AWS, Google Cloud, or Azure. Our hosting partner is a German provider with ISO 27001 certification.
Yes, absolutely. Unlike US services like Bitly or Short.io, Smoio involves no data transfer to the USA. All data stays in the EU, eliminating Schrems II concerns.
We collect: Country (derived from IP, IP is not stored), device type (Mobile/Tablet/Desktop), browser, operating system, referrer domain, and timestamp. We DO NOT store IP addresses, set cookies, or create user profiles.
On click, the IP address is used once to determine the country (via MaxMind GeoLite2). After that, only the 2-letter country code (e.g., "DE") is stored. The IP address itself is never saved in the database.
No, and that's intentional. Smoio is designed for aggregate analytics, not individual user tracking. You see how many clicks came from which country - but not which individual user clicked.
No. We don't create browser fingerprints, device IDs, or any other persistent identifiers. Each click is treated as an independent event.
Google Analytics sets cookies, creates user profiles, and transfers data to the USA. Smoio does none of that. We only track clicks on your short links - anonymously, server-side, and without consent requirements.
Yes, starting from the Starter plan, you can use your own domains for short links (e.g., link.yourcompany.com instead of smo.io). You maintain full control over your branding.
Yes, Smoio offers a REST API for programmatic access. You can create, edit, delete links and retrieve analytics. API documentation is available for all paying customers.
Yes, you can generate a QR code for every short link. QR codes are customizable (colors, logo) and downloadable in various formats (PNG, SVG).
Yes, we offer integrations for Zapier, Make (Integromat), and n8n. This allows you to integrate link creation and analytics into your existing workflows.
Yes, the built-in UTM builder allows you to automatically append UTM parameters (source, medium, campaign, etc.) to your target URLs. This helps you keep track in Google Analytics.
Storage duration depends on your plan: Starter (30 days), Professional (1 year), Business (unlimited). After expiration, data is automatically deleted.
We offer a free 14-day trial. After that, plans start at €19/month. Special conditions are available for non-profits and open-source projects.
You'll receive notifications at 80% and 100% of your limit. Existing links continue to work, but you can't create new ones until you upgrade or the next month begins.
Yes, all plans are cancellable monthly. Upon cancellation, your account remains active until the end of the paid period. Your links continue to work, but you can't create new ones.
We accept credit cards (Visa, Mastercard, American Express), SEPA direct debit, and on request also invoicing (Business plan only).
Yes, all prices are exclusive of VAT. You'll receive a proper invoice with VAT shown separately, eligible for input tax deduction.
Smoio redirects have an average latency of under 50ms. We use an optimized stack with caching to ensure minimal delays.
We guarantee 99.9% uptime. In the unlikely event of an outage, we display an error page. Click data is not lost and will be captured retroactively.
Yes, you can export all your links and click data at any time as CSV or JSON. Upon contract termination, we provide a complete data export.
Yes, all short links are served over HTTPS. For custom domains, we automatically provision SSL certificates via Let's Encrypt.
We use rate limiting, malware scanning, and manual review. Links to phishing, malware, or illegal content are immediately blocked. You can report abuse to us at any time.
