Legal

Terms of Service

Last updated: 10 May 2026

These terms govern your use of Attr.so, including the web application, the public REST API, and the optional Attr.so Chrome extension. By signing up, installing the extension, or calling the API, you agree to them. Please read them in full.

Your account

You must be at least 13 years old to create an account. You are responsible for keeping your login credentials secure and for all activity under your account, including any shortlinks created and any clicks attributed to those links.

Acceptable use

Attr.so is a link-management platform. The acceptable-use rules focus on the destination URLs you point your shortlinks at and how you use the service.

Do not mask malicious URLs. No phishing, no malware payloads, no drive-by downloads, no credential harvesting, no fake login pages, no exploit kits.
Do not use shortlinks to evade safe-browsing lists, ad-network policies, or platform terms. If a destination is banned from a major platform, do not use an Attr.so shortlink to reach around that ban.
Do not redirect to illegal content. No drug sales, no sexually explicit content involving minors, no hate speech / targeted harassment, no firearms sales in jurisdictions that prohibit them, no human-trafficking content.
Do not abuse the API or extension.No scraping other people's traffic, no using the redirect as an open-proxy, no bypassing rate limits, no reverse-engineering of internal endpoints.
Respect the rate limits of your plan. The public REST API allows 300 requests per minute by default (100 on FREE plan). We may throttle or suspend accounts that repeatedly exceed fair-use thresholds.

Prohibited destinations

We may suspend any shortlink (and the account that created it) if the destination URL falls into one of the categories above. Suspended links return an HTTP 451 status code to visitors. We do not pre-screen every URL, but we act quickly on reports and abuse signals.

To report abuse on an Attr.so shortlink, email abuse@attr.so with the full short URL and a short description of the issue.

Plans and billing

Free accounts include up to 3 shortlinks per month, real-time click analytics, and one custom domain. Paid plans (Pro, Growth, Expert) lift those limits and unlock features like extra custom domains, advanced fraud scoring, signed webhooks, and team seats. Paid plans are billed monthly or annually via Stripe. EU data residency on a dedicated Supabase project is on the roadmap for Expert and Enterprise plans - contact us for current status before signing up if it is a hard requirement.

Lifetime Deal (LTD) purchases, when offered, are one-time payments that grant the listed features for the lifetime of the product.

Refunds and cancellation

Monthly and yearly subscriptions:we do not issue refunds for monthly or yearly subscriptions, including unused time on an annual plan. You can cancel at any time from Settings › Billing - cancellation stops the next renewal, your access continues until the end of the period you have already paid for, and you will not be charged again after that. After the period ends your account reverts to the Free plan; existing shortlinks keep redirecting and your historical click data stays accessible.

Lifetime Deal purchases: we offer a 14-day refund window from the date of purchase. If a Lifetime Deal is not the right fit for you, email billing@attr.so within 14 days of purchase and we will issue a full refund. After the 14-day window, Lifetime Deal purchases are non-refundable.

Company and billing entity

Attr.so is operated by Apptimistic Pty Ltd, an Australian company. When you purchase a subscription or Lifetime Deal, the charge on your bank statement or card will appear as Apptimistic. This is expected - Apptimistic Pty Ltd is the legal entity behind Attr.so, and Stripe processes the payment on our behalf. If you have any billing questions, contact us at billing@attr.so.

Ownership of your data

You retain all rights to the URLs you shorten, the campaigns you create, the bio pages you publish, and the click data those links generate. We claim no ownership over your destinations or your analytics. You grant us a limited licence to operate the redirect, store your link metadata and click events, and surface them back to you in the dashboard and API.

Public REST API

The public REST API is rate-limited to 300 requests per minute per account by default and requires a signed API key. API keys are issued and revoked from Settings › Developers. Webhook payloads are signed; signatures are verifiable using the secret shown in the same settings page. Misuse of the API may result in throttling or termination.

Third-party services

Hosting runs on Vercel. Authentication and storage use Supabase. Payments run on Stripe. Transactional email is delivered through Resend. Edge protection uses Cloudflare. Rate limiting and short-window cache use Upstash. Each provider has its own terms; the complete subprocessor list is on the Security page.

Termination

We may suspend or terminate accounts that violate these terms. You can delete your account at any time from Settings. Account deletion permanently removes your links, click events, campaigns, bio pages, and account data.

Disclaimer

Attr.sois provided "as is". We aim for high availability of the redirect path but do not guarantee uninterrupted service. Click attribution depends on the visitor's browser sending the referrer header, which some browsers and privacy modes strip - we cannot attribute clicks where the referrer is missing.

Contact

Questions? Email support@attr.so or see our Privacy Policy.