🚀 FREE PRO

Apply Now

GDPR Compliance

General Data Protection Regulation

Last updated: November 13, 2025

1. Our Commitment to GDPR

Mobily is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This page explains how we comply with GDPR requirements and respect the rights of individuals in the European Economic Area (EEA).

While Mobily is a Canadian company, we recognize the importance of GDPR compliance for our European users and have implemented appropriate measures to ensure compliance.

2. Legal Basis for Processing

We process personal data under the following lawful bases:

Contractual Necessity

Processing is necessary to provide our link shortening service and fulfill our contract with you (e.g., creating short links, providing analytics).

Legitimate Interests

Processing is necessary for our legitimate interests in operating and improving our service, preventing fraud, and ensuring security.

Consent

For certain processing activities (e.g., marketing communications), we rely on your explicit consent, which you can withdraw at any time.

Legal Obligations

Processing is necessary to comply with legal obligations (e.g., tax laws, financial record-keeping requirements).

3. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of all personal data we hold about you.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You have the right to request that we limit how we use your personal data in certain situations.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your country of residence.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

Submit a GDPR Request

  • Email: privacy@mobily.ca

    Include "GDPR Request" in the subject line

  • Account Settings: Manage your data directly from your dashboard

    Access, update, or delete your information

Response Time: We will respond to your request within 30 days (as required by GDPR). We may extend this period by two additional months for complex requests.

5. Data Protection Measures

We implement appropriate technical and organizational measures to ensure data security:

Encryption

  • • SSL/TLS for data in transit
  • • Encrypted database storage
  • • Secure password hashing

Access Controls

  • • Role-based access control
  • • Multi-factor authentication
  • • Regular access audits

Data Minimization

  • • Collect only necessary data
  • • Automatic data deletion
  • • Retention period limits

Security Monitoring

  • • 24/7 security monitoring
  • • Intrusion detection systems
  • • Regular security audits

6. International Data Transfers

All data is stored on servers located in Canada. Canada is recognized by the European Commission as providing an adequate level of data protection under GDPR (Commission Decision 2002/2/EC).

We do not transfer personal data outside of Canada, except when using Stripe for payment processing. Stripe is GDPR-compliant and uses Standard Contractual Clauses (SCCs) for international data transfers.

7. Data Processing Activities

Activity Purpose Legal Basis Retention
Account Management Provide service access Contract Account lifetime
Link Analytics Track link performance Contract 30-365 days
Payment Processing Process subscriptions Contract 7 years
Security Monitoring Prevent fraud/abuse Legitimate Interest 90 days
Marketing Service updates Consent Until withdrawal

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the appropriate supervisory authority within 72 hours
  • Notify affected individuals without undue delay
  • Provide information about the nature of the breach and mitigation measures
  • Offer guidance on steps you can take to protect yourself

9. Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer:

Email: dpo@mobily.ca

Subject Line: GDPR Inquiry

10. Supervisory Authority

If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

Find your local supervisory authority: European Data Protection Board

Our Compliance

GDPR

Compliant

PIPEDA

Certified

SSL/TLS

Encrypted

Canada

Data Residency