FAQ
Questions, answered plainly.
No marketing fluff. If something is missing, email hello@orphl.ink.
How is OrphLink different from bit.ly or dub.co?
Proxy mode is the wedge. We can serve the destination through orphl.ink with your branding and cloaking rules applied — visitors never leave your domain. Every other shortener stops at a 301 redirect. Past that, we name real features (GDPR consent flow, click-fraud detection, audit log with diffs) rather than slap "AI-powered enterprise" on a hero.
What is proxy mode?
On a per-link basis you can choose direct redirect, branded interstitial, or full proxy. In proxy mode OrphLink fetches the destination and serves it through orphl.ink, applying your workspace branding and cloaking rules (regex find/replace) to the response. The visitor stays on your domain for the whole session.
Can I use my own domain?
Not yet. All short links currently live on orphl.ink. Per-workspace custom domains are on the roadmap but unscheduled — branded interstitials and proxy mode are the current way to remove visible third-party branding.
What is a branded interstitial?
A transfer page rendered on orphl.ink with your workspace logo, colours, and tagline — no Orphnet chrome. Visitors see your brand for a configurable delay before being forwarded to the destination. The same branding applies to password, expired, blocked, and consent pages.
Can I A/B-test destinations?
Yes. Add weighted variants to a single short link — weights must sum to 100 — and OrphLink splits incoming traffic accordingly. Per-variant click counts let you pick a winner from real traffic rather than guesswork.
Can I target by geo or device?
One short link can fan out to different destinations by country (resolved from cf-ipcountry at the edge) or by device class (iOS, Android, desktop, with a fallback). Geo wins over device; device wins over default. Split-variant links bypass targeting entirely — variants take priority.
Do you have link-in-bio pages?
Yes — every workspace gets orphl.ink/@your-slug as a public landing page with featured links, branded. Toggle the page on or off and choose which links appear.
What are the API rate limits?
Unauthenticated requests get 60 per minute per IP, per route prefix. Authenticated requests (JWT or API key) get 300 per minute. Counters use a sliding window keyed by cf-connecting-ip — that header is set by Cloudflare and cannot be spoofed.
Do you have webhooks?
Yes. Subscribe an endpoint to link.created, link.clicked, link.threshold_reached, link.health_failed, link.expired, link.moderation_complete, or link.imported. Payloads are HMAC-signed in the X-OrphLink-Signature header. Failed deliveries retry with exponential backoff (30s, 120s, 480s) up to three attempts.
Can I bulk-import links via CSV?
Drag a CSV into the dashboard with a destination_url column (slug, title, tags optional). Each row goes through the standard creation pipeline including content moderation, so imports may finish "pending" before reaching active. Cap is 500 rows per upload. Export anytime as CSV or JSON — no lock-in.
Is there an audit log?
Every workspace mutation — links created, edited, deleted; members invited or removed; API keys minted or revoked; branding changed — is recorded with actor, timestamp, IP, and a before/after diff of the affected fields. Retention runs 30 days on Free, 90 days on Pro, 1 year on Team.
Do you have SDKs?
Not officially yet — the API is straightforward REST with OpenAPI 3.1, browsable via Scalar UI at api.orphl.ink/docs. An official TypeScript SDK is on the roadmap; community wrappers are welcome in the meantime.
Is there a free tier?
Yes — 50 active links, real-time analytics, one workspace, one member, and 7-day audit log retention. No expiry, no nag. See the full breakdown on the pricing page.
Do I need a credit card to sign up?
No. The free tier needs only an email and password. A card is only required when you choose to upgrade to Pro or Team.
How do you count clicks?
Only non-suspicious clicks count. Every click runs through fraud detection (rolling-window IP hashing); anything that trips the threshold is logged with a suspicious flag and excluded from your KV counters, dashboard totals, and webhook thresholds. The visitor still reaches the destination — only your numbers stay clean.
Where does my data live?
Cloudflare's UK data plane — D1 for relational data, KV for ephemeral counters and rate limits, R2 for workspace logos and favicons, Analytics Engine for telemetry. The whole platform runs on Cloudflare Workers at the edge.
Do you scan destination URLs?
Yes. Every new link's destination is fetched and classified by a Workers AI model before the redirect goes live. Rejected destinations never resolve — visitors see a branded blocked page. A daily cron re-scans links older than 30 days so a destination cannot be quietly repurposed for malware after launch.
Is proxy mode legal to use?
You are responsible for the destinations you proxy. Proxy mode is a tool, not permission — you need the legal right (ownership, licence, or fair use) to serve the destination content through your domain. We block known malicious destinations via moderation, but copyright and ToS compliance is on the workspace owner.
How do you handle GDPR?
Two layers. The marketing site collects no PII and sets no tracking cookies. On short links, workspaces can enable a branded consent prompt — visitors who decline still reach the destination, but only an anonymous counter increments. Visitor IPs are never stored long-term; the fraud detector hashes them into a 1-hour rolling window.
Still stuck? Drop us a line — we read every email.