Privacy Policy
Last updated: June 2026
1. Information We Collect
TWDxCleanLinks is a free, open-access service. When you submit a URL to be cleaned, it is processed at the edge and immediately discarded — we do not store your submitted URLs or any personal data. No account or sign-in is required to use the web cleaner, public API, or iOS Shortcut.
2. How We Use Your Information
URLs you submit are used solely to provide the cleaning result. No data is retained after the response is sent. We do not sell, rent, or share any information with third parties.
3. Rate Limiting
To prevent abuse, the cleaner enforces IP-based rate limits. Your IP address is used transiently for rate-limit counting only and is not stored permanently. Abuse protection is handled at the network layer by our infrastructure provider.
4. Cookies & Local Storage
We do not set any tracking, analytics, or marketing cookies. The only storage used is your browser's localStorage for your theme preference (light/dark), to cache the cleaning rules locally so the cleaner works without a server round-trip on every use, and to cache OG preview cards per cleaned URL for 7 days so repeat cleans of the same link do not contact the server again. No cross-site tracking of any kind is performed.
5. Advertising & Donations
TWDxCleanLinks does not serve any advertisements. This is a deliberate choice: advertising relies on tracking user behaviour — the very thing this service exists to prevent. Serving ads would be directly at odds with the project's privacy mission.
The Service is sustained by voluntary donations from users who find it useful. Donations are never required to access any feature. If infrastructure costs grow beyond what voluntary donations cover, we may need to explore other sustainable ways to keep the Service running — but we are committed to never monetising through advertising or selling user data.
6. About This Project
TWDxCleanLinks was built out of a genuine passion for privacy and a desire to make tracker-based surveillance harder to carry out at scale. The Service minimises your exposure to tracking but does not guarantee complete anonymity — your other data (browser fingerprint, account sessions, cookies, IP address, and the behaviour of other apps and services you use) may still be exposed by other means. TWDxCleanLinks addresses one specific privacy vector: tracking parameters in URLs. Use it as one layer of a broader privacy-conscious approach.
7. Third Parties & Data Processors
The site is hosted on infrastructure provided by Cloudflare, Inc., which acts as a data processor on our behalf under a Data Processing Agreement that includes EU Standard Contractual Clauses (SCCs) for any processing that may occur outside the European Economic Area. Cloudflare's EU data residency practices are documented at cloudflare.com/gdpr. Cloudflare may collect standard access logs per their own Privacy Policy. No advertising networks, analytics tools, or marketing services are used on this site.
8. Donations
TWDxCleanLinks accepts voluntary donations via Stripe and GitHub Sponsors. Donation transactions are processed entirely by those third-party platforms — we do not receive or store your payment card details. Donating is never required to access the Service.
9. Safety Screening
After cleaning a URL, your browser directly queries Cloudflare's Security DNS service at security.cloudflare-dns.com to check whether the destination domain is flagged for malware or phishing. This query goes from your device directly to Cloudflare — the TWDxCleanLinks servers never see, intercept, or log it. Only the domain name is queried (never your full URL, path, or query string). The result is an indication only — TWDxCleanLinks is not a dedicated security scanner and makes no guarantee of detection accuracy. Do not rely solely on this feature for security decisions.
10. Link Preview
When you clean a URL, the Cleaner page fetches a preview card (title, description, and thumbnail) from the page's metadata. This fetch is performed server-side by a Cloudflare Worker — your browser does not contact the destination website directly for metadata. The result is cached at the Cloudflare edge for up to one year per URL so subsequent previews of the same URL do not require a new fetch. Preview data is not linked to any user identity.
11. Reporting Issues
If you find a URL that was not cleaned correctly — for example, a tracking parameter that was missed — you can report it directly from the Cleaner page at /Cleaner/ using the "Report incorrect clean" button after running a clean. If you are using the API and encounter an issue, visit the Cleaner page, paste the original (un-cleaned) URL into the cleaner, run a clean, and then use the report button to submit the issue. Reports are reviewed and used to improve the cleaning rules.
12. Lawful Basis for Processing (GDPR Art. 6)
TWDxCleanLinks is based in Ireland and operates under EU GDPR 2016/679 and the Irish Data Protection Acts 1988–2018. Where personal data is processed, the lawful basis is as follows:
| Activity | Data Involved | Lawful Basis |
|---|---|---|
| URL cleaning (browser) | None — cleaning is local to your device | No personal data processed |
Rules download (/api/rules) | None | Art. 6(1)(f) — service provision |
| Safety screening (browser DoH) | Domain name queried directly to Cloudflare by your browser — we never see it | Not our processing |
Link preview (/api/preview) | Cleaned URL (not original) | Art. 6(1)(f) — service feature; cached result only |
URL reporting (reports table) | Reported URL + timestamp | Art. 6(1)(f) — legitimate interest in service quality; deleted within 72 hours |
| Abuse prevention (Cloudflare Turnstile) | IP address — transient, not stored by us | Art. 6(1)(f) — legitimate interest in preventing bot abuse |
| CLI session authentication | Token hash + authentication timestamp | Art. 6(1)(b) — performance of service |
| Flare AI assistant | No query text stored; semantic cache holds reply text only — not linked to any user | Art. 6(1)(f) — service feature; no personal data retained |
13. Data Retention
We minimise retention in line with the GDPR storage limitation principle (Art. 5(1)(e)):
| Data | Retention Period |
|---|---|
Reported URLs (reports D1 table) | Deleted within 72 hours as part of the maintenance routine |
| CF edge cache (clean results + previews) | Up to 1 year per Cloudflare datacenter; purged when a URL is reported; contains no personal data |
| Flare semantic cache (Vectorize) | 90 days; contains question-answer text pairs only — not linked to any user |
| localStorage (rules cache, theme preference, preview cache) | 24 hours for rules; 7 days for preview cards; indefinite for theme; entirely user-controlled and user-deletable |
| Flare session token (localStorage) | Session-scoped; cleared when the user clears browser data |
| IP addresses (Turnstile) | Not stored by us — Cloudflare receives transiently for bot detection; see Cloudflare's Privacy Policy |
14. Your Rights Under GDPR
We hold no personally identifiable data about you. There is no name, email, IP address, or account linked to your activity on this service. URL cleaning is local to your browser; the only non-anonymous data we hold is the URL text of voluntarily submitted reports, which is deleted within 72 hours.
Because we do not hold personal data about individual users, a Subject Access Request under Art. 15 GDPR would return no personal records. However, you have the following rights and we will respond to any enquiry within 30 days:
- Right of access (Art. 15) — to request confirmation of what personal data, if any, we hold about you
- Right to erasure (Art. 17) — to request deletion of any personal data we hold
- Right to rectification (Art. 16) — to request correction of inaccurate personal data
- Right to data portability (Art. 20) — where applicable
- Right to object (Art. 21) — to processing based on legitimate interests
- Right to restrict processing (Art. 18) — in certain circumstances
To exercise any right, contact us at the address in Section 16 below.
15. Supervisory Authority
If you believe your personal data has been processed in a manner inconsistent with GDPR, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC), the lead supervisory authority for this service:
- Website: www.dataprotection.ie
- Telephone: +353 57 868 4800
- Email: info@dataprotection.ie
16. Contact
For questions about this Privacy Policy or to exercise your data protection rights, please contact us at privacy@thewebdexter.com or visit the Help Centre.