Aller au contenu principal
SLNK
Compliance & Sovereignty

Your data stays in Morocco.
Period.

SLNK is built from day one to meet the regulatory requirements of Moroccan banking and insurance sectors.

The sovereign alternative to American URL shorteners. No raw IP stored — compliant by design.

Local Hosting

Physical infrastructure located exclusively on Moroccan territory. No routine data transfer outside borders.

Morocco Datacenter — your data stays on Moroccan territory

CNDP Compliance

Personal data processing strictly aligned with Law 09-08. Processing registers available for your compliance audits.

Non-compliance: fines from 10,000 to 600,000 MAD

Decree 2-24-921

Architecture aligned with Decree 2-24-921 on the security of sensitive information systems in Morocco.

100% of your data under Moroccan jurisdiction

Why data sovereignty?

American URL shorteners store your data in the United States, subject to the CLOUD Act and the Patriot Act. With SLNK, your data remains under Moroccan law — exclusively.

Criteria
SLNK
BitlyRebrandlyTinyURL
Data storage
Morocco
USA
USA / Ireland
USA
Applicable jurisdiction
Law 09-08 (CNDP)
CLOUD Act / Patriot Act
CLOUD Act / GDPR
CLOUD Act / Patriot Act
Raw IP storage
By design (SHA-256 + salt)
Yes
Yes
Yes
CNDP compliance
Native
Not applicable
Not applicable
Not applicable
Data ownership
100% client
Usage license
Usage license
Usage license
Foreign government access
Not subject to CLOUD Act — Moroccan jurisdiction only
Possible (CLOUD Act)
Possible (CLOUD Act)
Possible (CLOUD Act)
0
Raw IPs stored — no, by design
0
International personal data transfers
100%
Data ownership — no third-party license

Regulatory reminder — Law 09-08

Transferring personal data to a country that does not have an adequate level of protection is punishable by fines of 10,000 to 600,000 MAD and imprisonment of 3 months to 2 years (articles 51 and following). SLNK natively protects you against this risk.

Security Architecture

Beyond compliance, we apply offensive and defensive security to protect your critical redirects (OTP, Validation, Payment).

TLS 1.3 encryption in transit

Forced HTTPS (HSTS) with TLS 1.3 on all links, including custom domains.

Strong Authentication

JWT RS256 support for API calls. Fine-grained API key management with rotation.

Signed Links (HMAC)

HMAC-SHA256 signature to guarantee link integrity against tampering.

Anti-Abuse Protection

Rate limiting by IP, strict URL validation (anti-SSRF), malicious pattern detection.

Digital sovereignty — 100% of your data stays in Morocco

Stop leaving your link and analytics data in the hands of services subject to the CLOUD Act. Talk to our team for a deployment that fits your regulatory constraints.

Your data stays in Morocco. - SLNK