Legal

Privacy Policy

Last updated: April 2026

Short version first: we don't log your IP, don't store anything about you, don't use cookies, and we have literally nothing to sell. Keep reading if you want the full picture.

So what actually happens when you load this site?

Your browser sends an HTTP request to our server. That request contains your IP address because that is just how the internet works. No IP, no response. It is not something we asked for or set up. It shows up by default in every web request ever sent since 1991.

We take that IP, pass it to ip-api.com, get back some geolocation data (city, country, ISP, timezone, coordinates), and send the whole thing to your browser. You see it displayed on screen. Then it's over.

We don't write your IP to a log file. We don't INSERT it into a database table. There is no cron job that archives it. No cold storage copy. No backup that gets sold if we ever shut down. The request comes in, the lookup happens in memory, the result goes out, the memory gets cleared. That's the whole thing.

Think of it like asking someone on the street what time it is. They tell you, you walk away. They don't write down that you asked. They don't remember you were ever there. That's basically how this works.

๐Ÿ’ฌ
Plain talkYour IP comes in, we look it up, we show you the result. Then it's gone. Nobody's writing it down anywhere.

The tools and what they do with your data

Each tool on this site is a bit different. Some need to call external APIs. Some do everything in your browser without touching our servers at all. Here is the full breakdown.

IP Lookup, WHOIS, DNS Lookup, SSL Checker, Port Scanner, Reverse DNS

These call external APIs to do their thing. We pass your query (the IP or domain you typed) to ip-api.com, rdap.org, dns.google, crt.sh, or our own port scanner backend. We don't log what you searched. We never see it again after the response. The third-party APIs do receive your query though so their privacy policies apply.

VPN Leak Test, DNS Leak Test

These check your connection from your browser. The VPN leak test uses WebRTC and STUN servers (Google's stun.l.google.com:19302) to discover IPs. The DNS leak test checks which DNS resolvers your system is using. We call /api/me to get your current IP, but same rule applies: nothing gets logged.

Password Generator, Subnet Calculator

These run entirely in your browser. Zero server contact. Your password never leaves your device. The subnet math happens in JavaScript on your machine. We genuinely could not see this data even if we wanted to.

Browser Intelligence, HTTP Headers, IPv6 Test

Browser Intelligence reads your navigator, screen, and WebRTC data client-side and shows it to you. The HTTP Headers viewer calls /api/http-headers which reads your request headers and returns them. IPv6 test calls api6.ipify.org directly from your browser. Again, nothing stored server-side.

Email Header Analyzer, Ping Test, Blacklist Check

Email headers are parsed entirely in your browser using JavaScript regex. Nothing gets sent to us. The ping test measures RTT to our edge server using fetch() timing but doesn't log the results. The blacklist check runs a simulated scan using known database names without real-time DNSBL queries.

๐Ÿ’ฌ
Plain talkSome tools call external APIs (we pass your query, get a result, return it). Some run entirely in your browser. None of them log anything on our end.

Third-party services we use

We don't build everything ourselves. We use some external APIs and services to make the tools work. Here's who they are and what they see when you use this site.

ip-api.com

Geolocation lookups

They see: The IP address you look up (including your own on the homepage)

Their privacy policy โ†’

rdap.org

WHOIS and RDAP data

They see: The domain or IP you enter in the WHOIS tool

dns.google

DNS record queries

They see: The domain you look up in the DNS Lookup tool

Their privacy policy โ†’

crt.sh (Sectigo)

SSL certificate lookups via Certificate Transparency logs

They see: The domain you check in the SSL Checker tool

api6.ipify.org

IPv6 detection

They see: Your IPv6 address if you have one

Their privacy policy โ†’

Google STUN (stun.l.google.com)

WebRTC IP leak detection

They see: Your IP during the VPN and browser intel checks

Vercel

Hosting and edge deployment

They see: Traffic logs, error logs. Standard hosting stuff.

Their privacy policy โ†’
๐Ÿ’ฌ
Plain talkWe route your queries through these services to actually do the lookups. They see what you search for. We don't control their policies but we've linked to them above.

Cookies. The answer is no.

We don't use cookies. Not the tracking kind, not the functional kind, not the "necessary for the site to work" kind. Zero cookies. We have no user accounts so there is nothing to remember about you between visits. You can turn cookies off in your browser and this site will work exactly the same.

We don't run Google Analytics. We don't use the Meta Pixel. No Mixpanel, no Hotjar, no anything. There is no behavioral tracking on this site. We have no idea how many people visited yesterday, which tools are most popular, or how long anyone spent reading this page.

Some people think "no analytics" means the site is run blindly. Maybe. But we built this to actually be private, not just say it is. So we accepted the tradeoff.

The only thing Vercel might collect is aggregate traffic metrics at the infrastructure level. Not per-user. Not tied to any identifier. Standard web server stuff.

๐Ÿ’ฌ
Plain talkNo cookies. No tracking. No analytics. Nothing. You're basically invisible here.

The free API

The /api/me endpoint is public. Anyone can call it. It reads your IP from the request headers, looks it up, and returns JSON. Same process as the homepage, same zero-logging policy.

If you build something with our API and your users call it, their IPs go through the same flow: looked up, returned, not logged. We don't know who your users are. We can't correlate API calls to individuals. Each request is stateless and isolated.

CORS is open so you can call it from any origin. Reasonable use is unlimited. If someone sends 50,000 requests per minute from a single IP we reserve the right to block it, but we don't log the data from those requests either.

๐Ÿ’ฌ
Plain talkThe API works the same way as the homepage. Your IP in, data out, nothing saved. Use it in your projects freely.

Your IP address and what it actually reveals

Since this whole site is about IP addresses, it feels right to be honest about what an IP address actually reveals. This is the same info we show you on the homepage, just written out plainly.

Your IP address reveals your approximate location (usually city-level, sometimes just region or country), your ISP, your ASN (autonomous system number), and whether your connection is mobile, residential, or a datacenter. It does NOT reveal your exact street address, your name, your email, or your browsing history.

Geolocation accuracy varies wildly. Mobile networks can show the wrong city entirely. Some ISPs register IP blocks in one city and route traffic from another. VPNs and proxies obviously show the wrong location. We display what ip-api.com returns and we make no claims about accuracy.

If you're worried about what your IP reveals, use a VPN, check for WebRTC leaks using our VPN Leak Test, and consider that most of the personal data websites collect comes from cookies and JavaScript tracking, not IP addresses.

๐Ÿ’ฌ
Plain talkYour IP tells websites roughly where you are and who your ISP is. Not your house, not your name. Think city-level at best.

Data breaches and what there is to breach

Since we don't store user data, a data breach on our side would mean someone got access to our code, our server configuration, or our Vercel deployment. There is no user database to dump. There are no email addresses to steal. There is no list of who looked up what IP.

The worst case breach scenario is someone defaces the homepage or takes down the site. Which would be annoying but not a privacy disaster for users because there is nothing about users to expose.

This is actually one of the core design principles here. By not collecting data, we can't lose data. That's not an accident.

๐Ÿ’ฌ
Plain talkNothing to breach. No user data stored means no user data to steal. Pretty simple math.

Children and age restrictions

This site has no age restrictions. It's a network tools site. You can look up your IP, check what ports are open, or calculate subnets whether you're 12 or 82. We don't collect any information, so there's nothing different about how we handle data for younger users compared to adults.

We don't knowingly collect personal information from anyone, children included, because we don't collect personal information from anyone at all.

๐Ÿ’ฌ
Plain talkNo age gate. No COPPA concerns. Because no data collection. Simple.

GDPR, CCPA, and other privacy laws

The GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) are laws about how companies process personal data. Since we don't process or store personal data, most of those rules don't apply to us in any practical sense.

That said, if you're in the EU and want to ask us something about your data rights, go ahead. The answer will be "we have nothing on file for you" but we're happy to confirm that in writing.

We have no "right to access" requests to fulfill because there's nothing to access. No "right to deletion" to process because there's nothing to delete. No "data portability" to provide because we didn't collect your data in the first place.

IP addresses are technically personal data under GDPR. Ours are processed in memory for the duration of a request and not retained. Under GDPR, this is "processing" but the legal basis is "legitimate interest" (you asked for your IP to be looked up, so we looked it up) and the retention period is effectively zero.

๐Ÿ’ฌ
Plain talkGDPR technically applies to IP lookups. But since we process your IP in memory and delete it immediately, there's nothing to worry about here.

Changes to this policy

If we ever start collecting data, we'll update this page and change the date at the top. We'd also probably feel bad about it, so we're motivated not to go that route.

The only scenario where this policy would change significantly is if we added user accounts, a paid tier, or some feature that genuinely requires storing data. We have no current plans for any of that. The whole point is to stay simple and private.

Hosting changes (like moving from Vercel to a different provider) might update the infrastructure section but won't change the core "we don't store your data" promise.

๐Ÿ’ฌ
Plain talkThis policy changes only if we start collecting data. We don't plan to. Check the date at the top if you want to know when it was last touched.

Contact

Questions about this policy? Think we missed something? Found a bug that might affect privacy? Email us: [email protected]

We read every email. Response time is honest but not lightning fast.

Looking for the Terms of Service? Read them here. Also fairly human-readable.