I built a URL shortener on a weekend and it's making $500 MRR

B

bobby613

New member
I was free on a weekend and thought to test Cloudflare KV, D1 and Analytics as many of my projects are hosted in AWS. So I keep testing new cloud infrastructures to see what's new!

So the simplest I can think of is a URL shortener with analytics.

URL shortener

I open-sourced the main /links API to deploy on Worker if you want to deploy on your account. Later, the project was hosted on idm.in and I connected it my Stripe and AdSense account to monetize.

Just after two months, I realized it's now making over $500 MRR via Stripe (subscription) + Google Ads.

Ask me anything :)
 
@bobby613 It's an extremely serious point, you'll either need to block your service from EU, thus not intending to support them, or otherwise potentially consult a GDPR knowledgable lawyer for advice on what you're storing.

IANAL: If someone has a static IP address, or depending on the very specifics of the other stuff you're logging, this is potentially considered personal data and cannot be stored without consent and without giving the owners of that data the ability to: request all data stored without con and associated with their personal data and the ability to have their data deleted.
 
@bobby613 It could vary. You need to confirm with an actual legal representative, which I am not.

The IP on its own (even if static) may not necessarily make things non-compliant. But in combination with the exact specifics of the other things you’re storing, it could be. Similarly, even without the IP, you could still be non-compliant.

The only way to know for sure is by consulting an actual lawyer familiar with GDPR compliance.
 
@romeus85 In my (non-lawyer) experience, the answer to that is... it's complicated.

You should have a privacy policy explaining what data you store and for what purposes.

You shouldn't need consent to store an IP address as long as it's in order to properly maintain the service or keep it secure (and you're only storing it for a reasonable amount of time).

If you're storing and using it for business purposes, then you need to get end user consent.

This is assuming an IP address is still considered PII, and I'm happy to be corrected if anyone has anything to add.
 
@romeus85 Possibly not if you don’t have a privacy policy that details what information you collect and how long you retain it for. Some companies anonymize IP addresses before logging them, for example by removing the last octet for IPv4 addresses and the last 80 bits for IPv6 addresses.
 
@romeus85 I literally said in both of my posts, “might”, “may”, and “I am not a lawyer.”

I never once said they aren’t, I said it’s possible they aren’t. There’s a significant difference. I explicitly said that it depends on ALL of the data being stored along with the IP address, NOT JUST the IP address.

Additionally, another commenter literally just posted a link about Canada courts deciding that IP addresses should have reasonable privacy.
 
You must log in or register to reply here.
Back
Top