Privacy Policy

1 What we don't collect

To keep this policy simple, here is the exhaustive list of things we never collect or store:

• Any account, name, email address or password (we don't have a sign-up flow at all).
• Cross-site tracking pixels, analytics platforms (Google Analytics, Hotjar, Mixpanel, Sentry, etc.).
• Browser fingerprints, behavioral profiles or marketing identifiers.
• The IP, domain, MAC address or any other value you type into a tool — these are processed in real time and discarded with the response.
• The results of any test (DNS leak verdict, blacklist hits, port scan output, etc.).

2 What is processed transiently

Like every website, our server receives standard HTTP request metadata that your browser sends automatically: your public IP, User-Agent, Referer, language headers, and request time. This is used only to render the page or API response and to operate our abuse-prevention rate limiter. It is not aggregated into a profile.

Two operational details worth mentioning explicitly:

• DNS Leak Test — when you start a test, our database stores a random token together with the IPs of the DNS resolvers that contacted our authoritative server (those are your DNS server's IPs, not yours). The rows are auto-deleted within 30 minutes of the next test, and a cron job sweeps anything older than 1 hour anyway.
• Rate limiter — when an IP hits our request limits, that 429 event is logged to a temporary file on the server (IP + User-Agent + endpoint) for a short period, then rotated out. This exists purely to deter scraping; it is never used for analytics or shared.
• Apache access logs — standard HTTP server logs are retained for at most 30 days for security and debugging, then deleted.

3 Cookies & Local Storage

We don't set any first-party cookies from PHP. The only client-side storage we use is your browser's localStorage, which never reaches our servers:

Third-party cookies may be set by Google AdSense if advertising is enabled (see §5 below).

4 Third-party services

To deliver results quickly, some tools call public APIs and CDNs directly from your browser — we don't relay or store those requests. Each provider runs under its own privacy policy:

• IP geolocation & ASN lookup — ipwho.is, ipapi.co, ipify.org
• DNS & latency tests — Cloudflare (1.1.1.1)
• Map tiles — OpenStreetMap
• Web fonts & icons — Bunny Fonts (GDPR-safe, no logs), cdnjs
• Email blacklist (DNSBL) queries — only made server-side to free, anonymous-friendly zones (SpamCop, PSBL, Mailspike, UCEPROTECT and similar). Your IP is not sent to these operators.

5 Advertising

We may display advertisements via Google AdSense to keep these tools free. Google and its partners may use cookies to serve ads based on your visits to this and other sites. You can opt out of personalized advertising at Google Ads Settings, aboutads.info, or youronlinechoices.eu (EEA).

6 Your rights

Under the GDPR (EU/EEA), the UK GDPR, the CCPA/CPRA (California), Brazil's LGPD, Turkey's KVKK and similar privacy laws, you have the right to:

• Access any personal data we hold about you;
• Correct inaccurate data;
• Delete your data ("right to be forgotten" / GDPR Art 17);
• Restrict or object to processing;
• Receive a copy of your data in a portable format;
• Withdraw consent at any time where processing is based on consent;
• Lodge a complaint with your local data-protection authority.

To exercise any of the above, email us at the address in §7 with a short description of your request and (for verification) the public IP address you were using when you accessed our site. We aim to respond within 30 days. Because we don't maintain user accounts or long-term storage of identifiers, in most cases there will simply be nothing to retrieve — we'll tell you so.

7 Changes & Contact

If we update this policy, the "Last Updated" date at the top will change and material changes will be flagged on the homepage. For any privacy or legal question — including any request relating to your rights under §6 — please reach us at: