Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
SniffURL is a US link analytics and URL shortening platform that tracks clicks on shortened links, sets behavioural identifiers and requires GDPR consent before any non essential cookie is set.
SniffURL is a US link analytics and URL shortening platform used by marketers, publishers and security researchers to create branded short links, track clicks and analyse the destination of suspicious URLs. It generates shortened URLs that route through a SniffURL domain, captures referral and device data on each click, and exposes dashboards or API endpoints to retrieve campaign performance. Because the redirect endpoint receives the visitor IP, user agent and referrer, and may set cookies for analytics, it falls under GDPR and ePrivacy.
At redirect time SniffURL receives the source URL, the visitor IP address, the user agent, the referrer, the timestamp and any UTM parameters appended to the link. When the optional analytics SDK is embedded on the destination website, additional cookies such as sniffurl_visitor (visitor identifier) and sniffurl_session (session correlation) are written. The platform aggregates data into click counts, geographic distribution, device breakdown and campaign attribution.
The redirect itself can run without consent, but any cookie set on the destination site for analytics or campaign attribution is non essential and falls under Article 5(3) of the ePrivacy Directive. The CNIL, BfDI, AEPD and ICO require prior, freely given, specific and informed consent before any such cookie is set or read. The legal basis under Article 6(1)(a) GDPR is consent for the analytics SDK; the redirect logging may rely on legitimate interest where it is limited to security and abuse prevention, with appropriate transparency.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
SniffURL is a US vendor processing click data on US cloud infrastructure. Transfers from the EEA require Standard Contractual Clauses and a transfer impact assessment, supplemented by EU US Data Privacy Framework certification of the entity when applicable. Document SniffURL as a processor and consider whether the IP address logging needs to be truncated before storage in the EU to limit the scope of the transfer.
Block the SniffURL analytics SDK in your CMP until consent is captured. Do not load any tracking pixel on the destination page before acceptance. For redirect logs, apply data minimisation, truncate IPs where possible, document the security or analytics legitimate interest, and align retention rules with your other analytics tools. Sign SCCs with the vendor, run a transfer impact assessment, and add SniffURL to your record of processing activities.
Websites using SniffURL must obtain user consent under GDPR regulations.
DPIA considerations
Medium risk. DPIA recommended when SniffURL is deployed at scale to track campaign performance combined with personal identifiers. Click tracking on outbound links should be evaluated against ePrivacy.
Sample consent text
We use SniffURL (link analytics and URL shortening, US vendor) which records clicks on shortened links and may set identifiers. Without your consent these identifiers are not set or read.
Third-party domains contacted
sniffurl.comcdn.sniffurl.comanalytics.sniffurl.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| sniffurl_visitor | first_party | 12 months | Visitor identifier set by the optional analytics SDK on the destination site to recognise returning users. |
| sniffurl_session | first_party | session | Session correlation identifier used to group click events within the current visit. |
SniffURL collects user analytics data — you legally need a consent banner. Try FlowConsent free.
SniffURL itself does not set cookies during the redirect, only logs the click server side. When the optional analytics SDK is embedded on the destination site, cookies such as sniffurl_visitor (visitor identifier) and sniffurl_session (session correlation) are stored on the publisher domain.
Consent is required for any non essential cookie set by the optional analytics SDK on the destination site, in line with Article 5(3) of the ePrivacy Directive. The redirect logging itself can be operated under legitimate interest where it is limited to security and abuse prevention.
Article 6(1)(a) GDPR (consent) is the appropriate basis for the analytics SDK and any campaign attribution cookie. Article 6(1)(f) (legitimate interest) may support redirect logs limited to security and abuse prevention with transparent privacy notices.
Yes. SniffURL processes click data on US cloud infrastructure. Transfers from the EEA rely on Standard Contractual Clauses and a transfer impact assessment, supplemented by EU US Data Privacy Framework certification when applicable.
A DPIA is recommended when SniffURL is used at scale to track campaigns or combined with personal identifiers. For purely security focused link analysis on a small footprint, a documented legitimate interest assessment may be sufficient.
Block the SniffURL analytics SDK in your CMP until consent. Apply data minimisation to redirect logs, truncate IP addresses where possible, sign SCCs with the vendor, run a transfer impact assessment, document SniffURL in your record of processing activities and align retention rules with your other analytics tools.
Privacy friendly link analytics alternatives with EU hosting include Bitly EU, Rebrandly, Short.io, Plausible link tracking, and self hosted YOURLS or Polr. Choose based on residency, vanity domain support and security analysis depth.
Disclose any SniffURL cookies set on the destination site (sniffurl_visitor, sniffurl_session), state the link analytics or security purpose, mention the data processed (IP, user agent, referrer, UTM parameters), name the SniffURL vendor as US processor, mention SCCs and link to the consent withdrawal mechanism.