Last Updated on

Mar 5, 2026

Terms of Service

These Terms of Service govern access to and use of the Refport platform. By accessing the Platform or using the Services, you agree to be bound by these Terms. Please read them carefully.

Version 1.0 — March 5, 2026

These Terms of Service (hereinafter the "Terms" or "ToS") govern access to and use of the Refport platform, accessible at https://refport.co and its subdomains (hereinafter the "Platform"), published by Promesia (hereinafter "Promesia", "we", "us" or "our").

By accessing the Platform or using the Services, you (hereinafter the "User", "you" or "your") agree to be bound by these Terms. If you do not accept these Terms, you must immediately cease all use of the Platform.

If you are acting on behalf of a legal entity (company, association, etc.), you represent and warrant that you have the necessary authority to bind such entity to these Terms.

These Terms are governed by French law. An official French-language version of this document is available upon request and shall prevail in case of any discrepancy between the French and English versions.

Article 1 — Legal Notices

In accordance with the provisions of Article 6-III of French Law No. 2004-575 of June 21, 2004, on Confidence in the Digital Economy (LCEN):

Publisher: Promesia, a sole-shareholder simplified joint-stock company (SASU) with share capital of 300 euros, registered with the Trade and Companies Register of Dijon under number 932 526 932 0001, with its registered office at 11 rue Jehan de Marville, Dijon, France.

Publication Director: Cédric THIERRY

EU VAT Number: FR25932526932

Contact: contact@refport.co

Hosting Provider: Vercel Inc. (https://vercel.com)

Database Subprocessor: Neon Inc. (serverless PostgreSQL) (https://neon.tech)

Article 2 — Definitions

The terms below, when used with an initial capital letter in these Terms, shall have the following meanings:

  • Platform: all services accessible via the sites refport.co, app.refport.co, partners.refport.co and custom domains configured by Users.

  • Services: the link shortening, click tracking, referral and affiliate program management, QR code generation, embeddable portal, analytics and payment services offered by the Platform.

  • User / Client: any natural or legal person who creates an Account and uses the Services, whether free of charge or on a paid basis.

  • Organization: the entity (company, association, etc.) created by a User within the Platform to manage its links, programs and partners.

  • Partner / Affiliate: any natural or legal person enrolled in a Referral Program as a promoter, earning commissions on generated conversions.

  • Referral Program: the affiliate program configured by a Client within the Platform, defining commission rules (percentage, fixed amount or recurring).

  • Short Link: a shortened URL generated by the Platform redirecting to a destination URL defined by the User.

  • Click: a redirect event recorded when a visitor accesses a Short Link.

  • Conversion / Sale: a transactional event (purchase, sign-up, etc.) attributed to a Click through the Platform's tracking system.

  • Commission: the compensation paid to a Partner for a validated Conversion.

  • Payout: the actual transfer of funds from the Client to a Partner, processed via Stripe Connect.

  • Account: the User's personal space, protected by authentication credentials.

  • API: the application programming interface enabling programmatic access to the Services.

  • Embedded Portal: the embeddable widget allowing Partners to access their referral dashboard from a third-party website.

  • Personal Data: any information relating to an identified or identifiable natural person within the meaning of Regulation (EU) 2016/679 (GDPR).

Article 3 — Description of Services

3.1 Core Services

The Refport Platform provides the following services:

  • Link shortening: creation of short links with custom domains or the default refport.co domain, including geographic targeting, device targeting (mobile, desktop, tablet), A/B testing, password protection, expiration dates and click limits.

  • Tracking and analytics: recording and analysis of clicks including geolocation data (country, city, region), device and browser information, traffic sources, bot detection and conversion attribution.

  • Referral programs: creation and management of affiliate programs with commission configuration (percentage, fixed, recurring), partner management, partner groups, configurable rewards and customer discounts.

  • Payments and payouts: commission management, automatic calculation of amounts due and payouts to partners via Stripe Connect, including holding period management.

  • QR Codes: generation of customizable QR codes (colors, logo, size, error correction) linked to Short Links.

  • Embeddable portals: provision of embeddable widgets allowing partners to access their statistics and referral links from a third-party site, with theming and visibility configuration.

  • API and Webhooks: programmatic access to the Services via API keys (prefixed refp_) and real-time event notifications via configurable webhooks.

  • Fraud detection: configurable anti-fraud rule system including customer email duplicate detection, suspicious domain monitoring, banned traffic source blocking and cross-program exclusions.

  • Third-party integrations: connection with third-party services (including Stripe and Shopify) for sales event ingestion.

3.2 Plans and Limits

The Services are offered under different subscription tiers:

  • Free: 100 links, 5,000 clicks/month, 1 domain. Basic features only (short links, basic analytics, QR codes with Refport branding).

  • Starter (€25/month or €250/year): 1,000 links, 50,000 clicks/month, 3 domains, 1 partner group, 1 webhook. Includes embedded portal, partner onboarding, manual payouts and Stripe integration.

  • Pro (€75/month or €750/year): 10,000 links, 500,000 clicks/month, 10 domains, 5 partner groups, 10 webhooks. Includes groups/rewards/discounts, fraud rules, advanced routing and enriched analytics.

  • Business (€250/month or €2,500/year): 100,000 links, 5,000,000 clicks/month, 50 domains, 25 partner groups, 10 webhooks. Includes white-label portal and advanced organization controls.

  • Enterprise (custom pricing): custom limits, SSO/SAML, SLA, dedicated onboarding and bespoke contract.

Promesia reserves the right to modify plans, features and pricing at any time, subject to providing Users with at least thirty (30) days' prior notice for material changes affecting current subscriptions.

Article 4 — Registration and User Account

4.1 Account Creation

Access to the Services requires the creation of an Account. Registration may be carried out via email (magic link), a Google, GitHub or Microsoft account, or via SSO/SAML single sign-on for Enterprise clients.

The User undertakes to provide accurate, complete and up-to-date information during registration and to keep such information current throughout the use of the Services.

4.2 Account Security

The User is solely responsible for the confidentiality of their login credentials and for all activity carried out under their Account. The User undertakes to immediately notify Promesia of any unauthorized use of their Account or any security breach at: contact@refport.co.

API keys generated by the User are under their sole responsibility. Promesia disclaims all liability in the event of leakage or misuse of API keys.

4.3 Organizations

Users may create Organizations enabling multi-user collaboration. The owner of an Organization is responsible for managing members, roles and permissions within it.

Article 5 — User Obligations

5.1 Lawful Use

The User undertakes to use the Services in compliance with applicable laws and regulations, these Terms and prevailing good practices. In particular, the User shall not:

  • Use Short Links to redirect to unlawful, fraudulent, defamatory, discriminatory, violent content or content infringing third-party rights.

  • Distribute malware, viruses, phishing or any content intended to cause harm.

  • Artificially generate clicks, conversions or commissions (click fraud, self-referral, etc.).

  • Circumvent subscription limits, security mechanisms or anti-fraud systems of the Platform.

  • Use the Platform to collect personal data of third parties without a legal basis.

  • Access or attempt to access unauthorized parts of the Services, systems or networks of Promesia.

  • Perform scraping, reverse engineering or mass automated ingestion of the Services.

5.2 User Content

The User is solely responsible for the content to which their Short Links redirect, for the information entered on the Platform (titles, descriptions, OG tags, images) and for the legality of their Referral Programs. Promesia does not exercise any prior editorial control over User content.

5.3 Specific Obligations for Referral Programs

The Client creating a Referral Program undertakes to:

  • Comply with applicable laws regarding commercial practices, consumer protection and anti-pyramid scheme regulations.

  • Configure fair and transparent commissions for Partners.

  • Honor validated commissions and process payouts within reasonable timeframes.

  • Comply with minimum payout thresholds configured in their programs.

  • Inform Partners of program rules, attribution cookie durations and holding periods.

Article 6 — Financial Terms

6.1 Pricing

The applicable prices are those displayed on the Platform at the time of subscription. Prices are shown exclusive of tax (HT). Applicable VAT will be added at the time of payment in accordance with current legislation. Automatic tax collection is enabled via Stripe Tax.

6.2 Payment and Billing

Subscription payments are made by credit card via Stripe. The User authorizes recurring charges according to the chosen billing period (monthly or annual). Invoices are available from the account management interface. A billing address is required and EU VAT number collection is offered.

6.3 Promotional Codes

Promotional codes may be used at checkout. The terms of use for each code are defined by Promesia and may be modified or withdrawn at any time.

6.4 Payment Default

In the event of payment default, Promesia reserves the right to suspend access to the Services within fifteen (15) days following the sending of a formal notice that has remained without effect. The User's data will be retained for a period of sixty (60) days following suspension, after which it may be deleted.

6.5 Right of Withdrawal (Consumer Users)

In accordance with Articles L.221-18 et seq. of the French Consumer Code, consumer Users (natural persons acting outside their professional activity) have a period of fourteen (14) days from the date of subscription to exercise their right of withdrawal, without penalty and without stating reasons.

However, in accordance with Article L.221-28 of the French Consumer Code, the right of withdrawal cannot be exercised if the User has begun using the Service before the expiry of the withdrawal period and has given their express consent to the immediate provision of the Service.

Article 7 — Partner Payments (Stripe Connect)

7.1 How Payouts Work

Payouts to Partners are made by Clients via Stripe Connect. Promesia acts as a technical intermediary facilitating transactions between Clients and Partners. Promesia is not a party to the financial transactions between the Client and their Partners.

7.2 Payout Conditions

Payouts are subject to the following conditions:

  • The Partner must have connected a valid Stripe Connect account.

  • Commissions must have been validated (status "confirmed") and not flagged as fraudulent.

  • The cumulative commission amount must reach the minimum payout threshold defined in the Program.

  • The configured holding period must have expired.

7.3 Tax Responsibility

Each Partner is solely responsible for their tax obligations and reporting duties relating to commissions received. Promesia does not provide tax advice and does not perform any withholding at source. Partners are advised to consult a professional regarding their tax obligations.

7.4 Stripe Terms

Use of Stripe Connect is subject to the Stripe Terms of Service (https://stripe.com/legal). The User and Partners also agree to the Stripe Connected Account Agreement.

Article 8 — Personal Data Protection

8.1 Data Controller

Promesia acts as data controller for data collected in the context of managing User Accounts (name, email, login data). For click tracking and conversion data, Promesia acts as data processor on behalf of Clients, in accordance with Article 28 of the GDPR.

8.2 Data Collected

In the course of providing the Services, the following data may be collected:

Account Data

  • Name, email address, profile picture (via OAuth providers: Google, GitHub, Microsoft).

  • Billing data (address, VAT number) collected via Stripe.

  • API keys generated by the User.

Click Tracking Data

  • IP address (anonymized where applicable).

  • Derived geolocation data (country, city, region) — estimated from IP address, not from GPS.

  • Device type (mobile, desktop, tablet), operating system, browser.

  • Browser user-agent.

  • Referring URL (referer).

  • Digital fingerprint for bot detection.

Conversion Data

  • Transaction amount, currency, payment status.

  • Stripe identifiers (payment intent, customer ID) where applicable.

  • End customer email and name (collection initiated by the User).

Partner Data

  • Name, email, country, biography, photo.

  • Stripe Connect identifier.

  • Performance data (clicks, sales, commissions, conversion rate).

8.3 Legal Bases for Processing

Personal data processing is based on:

  • Performance of the contract (Article 6(1)(b) GDPR) for Account management and provision of Services.

  • Legitimate interest (Article 6(1)(f) GDPR) for fraud detection, security and improvement of Services.

  • Consent (Article 6(1)(a) GDPR) for non-essential cookies and marketing communications.

  • Legal obligation (Article 6(1)(c) GDPR) for retention of billing data.

8.4 Retention Periods

Account data is retained for the duration of the contractual relationship and for a period of three (3) years after Account deletion. Click tracking data is retained for twenty-four (24) months. Billing data is retained for ten (10) years in accordance with French accounting obligations. Activity logs (audit logs) are retained for twelve (12) months.

8.5 International Transfers

Certain data may be transferred outside the European Economic Area (EEA), in particular to the United States, in connection with the use of the following subprocessors:

  • Vercel Inc. (hosting) — EU-US Data Privacy Framework.

  • Neon Inc. (PostgreSQL database) — EU-US Data Privacy Framework.

  • Stripe Inc. (payments) — EU-US Data Privacy Framework.

  • Upstash Inc. (Redis cache) — EU-US Data Privacy Framework.

  • Amazon Web Services (S3 storage) — Standard Contractual Clauses (SCCs) and EU-US Data Privacy Framework.

Promesia ensures that such transfers are governed by appropriate safeguards within the meaning of Articles 44 to 49 of the GDPR (adequacy decision, standard contractual clauses or Privacy Framework).

8.6 Data Subject Rights

In accordance with the GDPR and the amended French Data Protection Act (Loi Informatique et Libertés), you have the following rights:

  • Right of access (Article 15 GDPR): obtain a copy of your personal data.

  • Right to rectification (Article 16 GDPR): correct inaccurate or incomplete data.

  • Right to erasure (Article 17 GDPR): request deletion of your data.

  • Right to restriction of processing (Article 18 GDPR).

  • Right to data portability (Article 20 GDPR): receive your data in a structured format.

  • Right to object (Article 21 GDPR): object to processing based on legitimate interest.

  • Right to withdraw your consent at any time.

  • Right to define directives regarding the fate of your data after your death (Article 85 of the French Data Protection Act).

To exercise your rights, contact us at: contact@refport.co. We undertake to respond within one (1) month. In the event of a complaint, you may also contact the French Data Protection Authority (CNIL): https://www.cnil.fr.

8.7 Cookies

The Platform uses technical cookies necessary for the operation of the service (authentication, sessions, preferences). Attribution cookies are used in connection with referral program tracking, with a duration configured by the Client (default 30 days). The Platform complies with CNIL recommendations regarding cookie consent. Strictly necessary cookies are exempt from consent in accordance with CNIL guidelines.

8.8 Data Processing Agreement (DPA)

When Promesia processes personal data on behalf of the Client (click tracking, conversions, Partner data), the parties are bound by a Data Processing Agreement in accordance with Article 28 of the GDPR, available upon request. Promesia undertakes to process data only on the Client's instructions, to ensure confidentiality, to implement appropriate technical and organizational measures and to assist the Client in fulfilling data subject rights.

Article 9 — Intellectual Property

9.1 Promesia's Rights

All elements comprising the Platform (source code, algorithms, interfaces, design, text, logos, trademarks, databases) are the exclusive property of Promesia or its licensors. Any reproduction, representation, modification, distribution or exploitation, in whole or in part, is prohibited without prior written authorization from Promesia, in accordance with Articles L.335-2 et seq. of the French Intellectual Property Code.

9.2 License of Use

Promesia grants the User a non-exclusive, non-transferable and non-assignable right to use the Platform for the duration of the contractual relationship, limited to the use of the Services as described in these Terms.

9.3 User Content

The User retains all intellectual property rights over the content they integrate into the Platform (logos, images, brand text, portal configurations). The User grants Promesia a limited, non-exclusive license to host, display and distribute such content strictly within the scope of providing the Services.

Article 10 — Availability and Maintenance

Promesia endeavors to ensure the availability of the Platform 24 hours a day, 7 days a week, without however guaranteeing permanent availability. The Platform may be temporarily unavailable for maintenance, updates or in the event of force majeure.

Promesia will inform Users, where possible, of any scheduled interruption. Service Level Agreements (SLA) apply only to Enterprise clients with a specific contract.

Article 11 — Liability

11.1 Promesia's Liability

Promesia implements reasonable means to provide a quality service. Promesia's liability is an obligation of means (obligation de moyens), not of result. Under no circumstances shall Promesia be held liable for:

  • Content to which Short Links created by Users redirect.

  • Indirect damages, loss of revenue, loss of data, commercial harm or reputational damage.

  • Malfunctions related to third-party services (Stripe, Shopify, OAuth providers).

  • Fraudulent use of API keys by third parties.

  • Contractual relationships between Clients and their Partners.

  • Accuracy of geolocation data derived from IP addresses.

11.2 Limitation of Liability

Promesia's total liability under these Terms is limited to the amounts actually paid by the User during the twelve (12) months preceding the event giving rise to liability. This limitation does not apply in cases of willful misconduct (dol) or gross negligence by Promesia, nor in cases of bodily injury, in accordance with Article 1170 of the French Civil Code.

11.3 Force Majeure

Promesia shall not be held liable for non-performance of its obligations in the event of force majeure as defined in Article 1218 of the French Civil Code (an event beyond the debtor's control, unforeseeable and irresistible), including but not limited to natural disasters, internet network failures, major cyberattacks or government decisions restricting activity.

Article 12 — Term, Termination and Portability

12.1 Term

These Terms take effect on the date of Account creation and remain applicable for the duration of use of the Services. Paid subscriptions are taken out for the chosen period (monthly or annual) and renew automatically, unless terminated.

12.2 Termination by the User

The User may terminate their subscription at any time from their account management interface. Termination takes effect at the end of the current subscription period. No pro rata refund will be made for the remaining period, except where the right of withdrawal is exercised under the conditions of Article 6.5.

12.3 Termination by Promesia

Promesia reserves the right to suspend or terminate a User's Account in the event of breach of these Terms, proven fraud, unlawful activity or persistent payment default, after formal notice that has remained without effect for fifteen (15) days (except in urgent cases justifying immediate suspension).

12.4 Data Portability

In accordance with the French SREN Law and the European Data Act, the User has a right to data portability. Upon request made before Account deletion, Promesia will provide an export of the User's data in a structured, commonly used and machine-readable format (CSV or JSON) within a reasonable period not exceeding thirty (30) days. This export is provided free of charge.

12.5 Effects of Termination

After termination, Short Links will cease to function (unless otherwise provided in an Enterprise contract). Account data will be retained for sixty (60) days and then permanently deleted. Unpaid commissions owed to Partners remain due and must be settled by the Client before or during the transition period.

Article 13 — Custom Domains

The User may configure one or more custom domains for their Short Links. The User is solely responsible for the ownership, renewal and DNS configuration of their domains. Promesia shall not be held liable for the loss, expiration or hijacking of a custom domain.

Domain verification is performed via Vercel. The User acknowledges that technical configuration requires the addition of specific DNS records.

Article 14 — API Usage

Access to the Platform API is subject to the following conditions:

  • Access is via personal API keys prefixed "refp_", generated from the dashboard.

  • The User undertakes not to exceed the usage limits of their subscription.

  • API keys must not be shared, published in public source code or exposed client-side.

  • Promesia reserves the right to implement rate limiting to protect infrastructure.

  • The API is provided "as is". Promesia does not guarantee backward compatibility and will inform Users of major changes within a reasonable timeframe.

Article 15 — Fraud Prevention

The Platform integrates an automatic and configurable fraud detection system. The Client may define anti-fraud rules including customer email duplicate detection, suspicious domain monitoring, traffic source blocking and cross-program exclusions.

Promesia reserves the right to suspend payouts, freeze commissions or ban a Partner in the event of proven fraud suspicion. Automated decisions may be appealed to support, and a human review will be conducted upon request.

Data processing for fraud detection purposes is based on legitimate interest (Article 6(1)(f) GDPR) and does not constitute fully automated decision-making within the meaning of Article 22 of the GDPR, as human intervention is always possible.

Article 16 — Security

Promesia implements appropriate technical and organizational measures to ensure data security, including:

  • Encryption of data in transit (HTTPS/TLS) and at rest.

  • Secure authentication (OAuth 2.0, magic links, SSO/SAML).

  • Role-based access control within Organizations (owner, member).

  • Activity logging (audit logs) for traceability.

  • Webhook security via secret key signing.

  • Abuse protection via rate limiting (Upstash Redis).

In the event of a data breach, Promesia will notify the CNIL within 72 hours and affected data subjects without undue delay, in accordance with Articles 33 and 34 of the GDPR.

Article 17 — Amendments to the Terms

Promesia reserves the right to amend these Terms at any time. Material changes will be notified to Users by email or via the Platform at least thirty (30) days before they take effect. Continued use of the Services after notification constitutes acceptance of the amended Terms.

If the User refuses the amendments, they may terminate their Account under the conditions of Article 12.2, without penalty.

Article 18 — Governing Law and Jurisdiction

These Terms are governed by French law.

In the event of a dispute, the parties undertake to seek an amicable solution within thirty (30) days from notification of the disagreement. Failing amicable resolution, any dispute relating to the interpretation, performance or termination of these Terms shall be submitted to the exclusive jurisdiction of the courts having competence over the registered office of Promesia.

For consumer Users residing in the European Union, in accordance with Articles L.611-1 et seq. of the French Consumer Code, in the event of an unresolved dispute, you may have recourse to a consumer mediator. You may also access the European Commission's Online Dispute Resolution platform: https://ec.europa.eu/consumers/odr.

Article 19 — Miscellaneous Provisions

19.1 Severability

If one or more provisions of these Terms are held to be invalid or declared as such pursuant to any law, regulation or final decision of a competent court, the remaining provisions shall retain their full force and effect.

19.2 Entire Agreement

These Terms constitute the entire agreement between the parties with respect to their subject matter and supersede any prior agreement, whether written or oral, relating to the same subject matter.

19.3 Non-Waiver

The failure of Promesia to exercise any provision of these Terms at any given time shall not constitute a waiver of the right to exercise such provision at a later date.

19.4 Assignment

The User may not assign the rights and obligations arising from these Terms without the prior written consent of Promesia. Promesia may freely assign all or part of its rights and obligations, subject to informing the User.

19.5 Good Faith

In accordance with Article 1104 of the French Civil Code, these Terms must be negotiated, formed and performed in good faith.

19.6 Language

These Terms have been drafted in French and translated into English for convenience. In the event of any inconsistency or ambiguity between the French and English versions, the French version shall prevail.

Article 20 — Contact

For any questions regarding these Terms, you may contact Promesia:

By email: contact@refport.co

Website: https://refport.co

Last updated: March 5, 2026 — Version 1.0

Left Abstract
Right Abstract
Top Abstract
Top Patch
Bottom Patch

Ready to turn every click into revenue?

Join hundreds of SaaS founders who already use Refport to track referrals, reward partners, and grow faster.

Get Started Free

Get a demo

Top Abstract
Top Patch
Bottom Patch

Ready to turn every click into revenue?

Join thousands of professionals who've already transformed their email workflow.

Get Started Free

Get a demo

Left Abstract
Right Abstract
Top Abstract
Top Patch
Bottom Patch

Ready to turn every click into revenue?

Join hundreds of SaaS founders who already use Refport to track referrals, reward partners, and grow faster.

Get Started Free

Get a demo