Iploc

Privacy Policy

Last updated: March 1, 2026

Iploc ("we", "us", "our") operates the Iploc IP Geolocation API and associated tools at iploc.ai. This privacy policy explains how we collect, use, and protect your data.

1. Data We Collect

Account Data

When you create an account, we collect your email address and, optionally, your name. If you sign up via OAuth (Google or GitHub), we receive your email and display name from the provider. Passwords are hashed with BCrypt and never stored in plaintext.

Billing Data

Payment processing is handled entirely by Stripe. We store your Stripe customer ID and subscription status but never have access to your credit card number, expiration date, or CVC. Stripe's privacy policy applies to all payment data.

API Usage Data

We log API request counts per API key for billing and rate limiting. We do not log the IP addresses you look up through the API. Request metadata (timestamp, API key used, endpoint) is retained for billing accuracy and abuse prevention.

Public Tool Pages

Our free tool pages (IP Lookup, DNS Lookup, etc.) do not require authentication. We rate-limit these by visitor IP address, which is stored temporarily in memory and reset daily. We do not use cookies, tracking pixels, or third-party analytics on tool pages.

Server Logs

Standard server logs may include IP addresses, user agents, and request URLs. These are retained for up to 30 days for security and debugging purposes, then deleted.

2. How We Use Your Data

  • Provide and maintain the API service
  • Authenticate requests and enforce rate limits
  • Process billing and manage subscriptions
  • Prevent abuse and detect unauthorized access
  • Respond to support requests
  • Send critical service notifications (outages, security, billing)

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as required for service operation (Stripe for payments) or legal compliance.

3. IP Addresses as Personal Data

Under GDPR, IP addresses are personal data (Breyer v. Germany, CJEU C-582/14, 2016). Our lawful basis for processing IP addresses through the geolocation API is legitimate interest: providing the geolocation service that customers have explicitly requested. The IP addresses queried through the API are processed transiently and not stored in our databases.

4. Data Retention

  • Account data: Retained until you delete your account
  • Usage statistics: Aggregated monthly counts retained for 12 months
  • Server logs: Deleted after 30 days
  • Rate limit counters: In-memory only, reset daily

5. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing of your data
  • Data portability — receive your data in a structured format
  • Object to processing based on legitimate interest

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

6. Cookies

The Iploc dashboard uses a single authentication token stored in localStorage (not a cookie) for session management. Public tool pages use no cookies, no localStorage, and no tracking technologies. We do not use any third-party cookies.

7. Data Security

All data is transmitted over HTTPS/TLS. Passwords are hashed with BCrypt. API keys are generated using cryptographically secure random number generators. Our infrastructure is protected by Cloudflare's DDoS protection and WAF. Database backups are encrypted at rest.

8. International Transfers

Our servers are located in Europe (Hetzner, Germany). If you access the service from outside the EU, your data may traverse international networks but is processed and stored within the EU.

9. Children

Iploc is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes

We may update this policy from time to time. Material changes will be communicated via email to registered users. The "last updated" date at the top indicates the most recent revision.

11. Contact

For privacy-related inquiries, contact us at [email protected].

Want this data in your app?

Get a free API key and make 1,000 requests per day. All geolocation fields included, no credit card required.