SOC 2 Type II certified, ISO 27001 compliant, and GDPR-ready — audited annually by independent third parties
View our security trust centerInformation Security Management
Independently certified information security management, covering everything from access control to incident response
Trust Service Criteria
Third-party audited each year across all five trust service criteria. Reports available under NDA on request
Enterprise Authentication
Connect your existing identity provider — Okta, Azure AD, Auth0, and others — so your team logs in with credentials they already use
EU Data Protection
California Privacy
Healthcare Security
Payment Card Security
Infrastructure specs and real-world response times across all regions
* Shanghai tested via shortio.cn
API limits, analytics retention, security controls, and everything else your engineering team will ask about
15+ endpoints covering link creation, management, analytics, and bulk operations. Full reference docs at developers.short.io
Pull click data, device breakdowns, and geographic stats — filtered by any date range, exposed via REST
Automated daily export of all your data to AWS S3 bucket
Create, update, or delete thousands of links in a single API call. Useful for campaign setup, domain migrations, and link audits
What we guarantee in writing — uptime, response times, and what happens if we fall short
Last month: 1 minute downtime • Last year: 18 minutes total
Service credits automatically issued for downtime exceeding SLA
A small team who knows your account, not a rotating tier-1 queue
Weekday response under 3 minutes for critical issues. We track resolution, not just first reply
We get alerted before you do. 24/7 automated monitoring catches issues before they affect your links
Quarterly check-ins to review your usage, flag underused features, and plan for upcoming campaigns
Short.io handles link management for teams ranging from 10 to 10,000 users — with the same setup, the same pricing model, and support that responds in minutes when something goes wrong.
No credit card required • SOC 2 Type II certified • Cancel anytime
Common questions from enterprise buyers
We support flexible payment options including invoice billing with NET 30/60/90 terms, ACH transfers (US), wire transfers (International), SEPA direct debit (EU), credit card, and monthly or annual prepayment.
Yes, we regularly work with enterprise procurement teams. We can register as a vendor, complete W-9 forms, provide certificates of insurance, meet specific invoicing requirements, and support PO-based purchasing.
Yes, we provide tiered volume discounts based on number of links created, team members, contract length, and redirect volume.
Yes, we can review and sign your standard MSA. We also have our own enterprise MSA template that has been reviewed by legal teams at Fortune 500 companies. Our legal team typically responds within 48 hours.
Yes, we provide standard DPA documents that comply with GDPR, CCPA, Standard Contractual Clauses (SCCs), UK GDPR, and custom data processing requirements.
Yes, we can execute BAAs for healthcare organizations. Our infrastructure supports HIPAA requirements including data encryption, access controls, audit logs, and incident response procedures.
We maintain ISO 27001:2013, SOC 2 Type II, GDPR compliance, CCPA compliance, and PCI SAQ compliant infrastructure. Annual VAPT testing is conducted by third-party auditors. You can review our full security posture and live compliance status at trust.short.io.
Yes, you can use unlimited custom domains including root domains, subdomains, and multiple domains per account, with automatic or custom SSL certificates.
Yes, we provide a comprehensive RESTful API with full CRUD operations, bulk operations, and analytics. SDKs are available for Node.js, JavaScript, iOS, and Android. We also provide code snippets for other programming languages and frameworks.
Yes, we support SAML 2.0 SSO with Microsoft AD/Azure AD, Okta, Auth0, OneLogin, Google Workspace, and custom SAML providers.
Enterprise customers receive 24/5 priority support with ultra-fast weekday response (under 5 minutes), SLA-backed response times for weekends/holidays, quarterly business reviews, custom training, direct engineering support, and a dedicated success team.
No, we do not offer custom development, but you can request feature enhancements or bug fixes through our support channels.
Training is self-serve: recorded walkthroughs, written docs, and chat support for follow-up questions. For larger teams, we can schedule a live onboarding call.
Primary data (links, settings) is stored in AWS Virginia. Statistics data is automatically stored based on visitor location: US/Americas visitors in Virginia, EU/EMEA visitors in Frankfurt. Edge caching in Sydney for Asia-Pacific. Custom region selection available.
We maintain real-time replication, daily backups (30-day retention), weekly backups (90-day retention), monthly backups (1-year retention), and point-in-time recovery.
Yes, you have full data ownership with export via Analytics API, daily automated export to AWS S3, scheduled exports (daily/weekly/monthly), and multiple formats (CSV, JSON, XML).
Nothing, your links will still work. You won't be able to create new links or update existing ones, statistics collection will be limited to 50,000 clicks per month (free tier), and only one user will be able to access your account. But redirects will continue to work.