Security
How alterlink keeps links safe for creators and visitors.
Google Safe Browsing
Every destination URL is checked against the Google Safe Browsing API before a redirect happens. If a link leads to malware, phishing, or unwanted software, the redirect is blocked and the visitor sees a warning page instead. Links that fail checks are also flagged in your dashboard so you can remove or update them.
Abuse detection
Our systems monitor for suspicious patterns: mass link creation from a single IP, URLs matching known phishing signatures, and redirects that change destination frequently. Accounts that violate our terms are suspended and their links deactivated. You can report abuse by emailing abuse@alterlink.app.
HTTPS everywhere
All alterlink short links are served over HTTPS. We do not support insecure HTTP redirects. This ensures that the click metadata and redirect path are encrypted in transit, protecting both you and your audience from tampering.
Account security
Authentication is handled via OAuth 2.0 through Google and GitHub. We never store passwords. Session tokens are signed, httpOnly, and scoped to the alterlink domain. You can revoke sessions by signing out or, in extreme cases, by disconnecting alterlink from your OAuth provider settings.
Data handling
Click data is retained until you delete the link or your account. IP addresses are hashed with a daily rotating salt, making long-term tracking of individual visitors impossible. We do not sell or share analytics data with third parties. For full details, see our Privacy Policy.