Solutions
By challenge
Domain consolidation & website mergers
Execute seamless domain consolidation & website mergers at scale
Protect SEO & brand
Keep your users on track and your SEO intact
Secure redirect infrastructure
Get unparalleled security, reliability and performance
Rebrands & website migrations
Handle rebrands and website migrations seamlessly at any scale
By team
IT & WebOps
Get effortless control over every URL on every one of your domains and websites.
Marketing & SEO
Protect every user journey and preserve your SEO link equity
Enterprise
Build connections at scale, protected by world-class security.
Enterprise
Build connections at scale
Deliver seamless customer experiences across all your websites and domains
Explore our enterprise service
Product
Features
Create redirects
Create and deploy all your redirects quickly and easily
Manage redirects
Manage all your redirects in one centralized platform
Analyze redirects
Gain powerful insights from your redirect traffic
Team management
Collaborate securely across your organization
Global scale
Deliver seamless customer experiences across your websites and domains
Security & privacy
Keep all your audiences and web properties safe
Developer resources
Streamline development with powerful integrations and automations
What’s new
Product updates
Featured resource
Introducing urllo: celebrating a new era in URL redirection
After 10 years of pioneering URL redirection, I’m thrilled to introduce urllo (UR-loh) — the evolution of EasyRedir.
Find out more about our rebrand
Resources
Resources
All resources
Get industry insights, customer stories and the inside track
Learn
Access expert resources so you can master URL redirection
Customer stories
Discover how businesses like yours are protecting their critical connections
Newsroom
Stay connected on our latest innovations and company milestones
Support
Help center
Get technical support content on-demand
Product updates
Explore the latest product updates
System status
Your connection to real-time system updates
API docs
Access API docs whenever you need them
What's new
Ministry Brands reimplemented their revenue application stack and automated workflows across a host of critical projects with urllo.
Read customer story
Pricing
Company

Urllo Security & Compliance Information

Information related to our security practices and compliance attestations.

Contents

Overview
Use of Encryption and Hashing
Use of Network Segmentation
Data Retention and Deletion
PCI Compliance
GDPR Compliance
ISO 27001 Compliance
SOC Compliance
Privacy Shield Compliance
HIPAA Compliance
Responsible Disclosure

Effective

Urllo security & compliance information.

Information related to our security practices and compliance attestations.

Overview

The following information aims to give you a better understanding of our security practices and compliance attestations.

Use of Encryption and Hashing

We have designed Urllo’s services and our third-party integrations to ensure the confidentiality of your information. One method we use to achieve this is through the use of encryption. The following points explain the specific steps we've taken:

Urllo’s services enforce encrypted connections by redirecting any unencrypted requests to the encrypted version of that resource. Also, our services use HSTS to ensure web browsers do not attempt to connect to unencrypted URLs.
Server instances use encrypted filesystems.
Systems that store personally identifiable information require encrypted connections and encrypt data at rest. Additionally, highly sensitive data (e.g. SSL private keys) are further encrypted with AES-256-GCM and the encryption keys are rotated regularly.
We only use TLS encrypted connections to transmit information to third-party vendors we work with, and only for the purposes of providing our service.
Bulk data (e.g. logs, analytics data, etc.) are encrypted during transmission and at rest. Encryption is automatically enforced using policies.
All passwords to access Urllo’s services are salted and peppered - we never store your actual password.

Use of Network Segmentation

We have engineered Urllo’s services to make use of network segmentation whereby we isolate components of our infrastructure from each other. Here are some specifics:

None of the infrastructure directly processing URL redirects or the Urllo redirector dashboard is directly accessible from the Internet.
Each type of component in our infrastructure lives within its own subnet, and those subnets are isolated from each other using network ACLs.
Each infrastructure component has a security group assigned to it ensuring it can only communicate with other systems as required.
All system logs are instantaneously shipped off-site to trusted third-party vendors ensuring auditability in the event of a breach.

Data Retention and Deletion

We understand that you own your data, and you should have ultimate control over it. Here are some specifics on what we do with your data when you cancel your account:

If you delete your organization account, we immediately remove your URL redirects, SSL certificates, and team membership records from our systems. We also delete your payment information from our billing systems.
If you delete your user account, we immediately remove your user account and all associations to any organizations you may belong to.
We will retain any communication we have had with you for legal and anti-fraud purposes.
We will retain all aggregated data we have assembled based on your usage of Urllo’s services. This will not include any personally identifiable data.
Our logging storage systems are configured with policies that automatically schedule for deletion any logs older than 6 months.
Our raw analytics storage systems (which may contain your IP address, or the IP addresses of visitors to websites you were redirecting through Urllo’s services) are configured with policies that automatically schedule for deletion any logs older than 30 days.

PCI Compliance

We are PCI compliant with PCI DSS v3.2, Rev 1.1 and have a PCI SAQ-A certification we can share with you if required. Get in touch at privacy@urllo.com.

We are GDPR compliant. Please see our Data Processing Addendum for further information.

ISO 27001 Compliance

Urllo is not specifically ISO 27001 compliant, but the data centers we use are. If you require attestation documentation for this, please get in touch. We can point you in the right direction to get these documents.

SOC Compliance

Urllo is not specifically SOC compliant, but the data centers we use are. If you require attestation documentation for this, please get in touch. We can point you in the right direction to get these documents.

Privacy Shield Compliance

We are not a member of the Privacy Shield framework, but we are considering self-certification. Please let us know if this is important to you by emailing us at privacy@urllo.com.

HIPAA Compliance

Urllo is not subject to HIPAA compliance because we do not create, use, store or transmit Protected Health Information, nor do we enable our customers to do so.

Responsible Disclosure

We are truly thankful when white-hat security professionals responsibly disclose security vulnerabilities they find to us. If you would like to report a vulnerability, please email us at security@urllo.com. Although we do not have a formal bug bounty program, depending on the nature of the vulnerability, we may consider sending a small "thank you".

Build connections at scale

Introducing urllo: celebrating a new era in URL redirection

Ministry Brands reimplemented their revenue application stack and automated workflows across a host of critical projects with urllo.