Privacy Policy

GeoIPHub (“we”, “us”, “our”) operates the website geoiphub.com, the API at api.geoiphub.com, and the customer dashboard at app.geoiphub.com (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect personal information.

For privacy-related inquiries, contact us at privacy@geoiphub.com.

Account information. When you sign up, we collect your name and email address (via Google or GitHub OAuth, or directly). We do not store passwords — authentication is handled by your OAuth provider.

Billing information. Payments are processed by a third-party payment processor. We do not store credit-card numbers; the processor shares with us only your customer ID, subscription status, billing country, and the last four digits of your card for invoice display.

Usage data. We log each API request you make: timestamp, IP address queried, your account ID, the API key used, response status, and country code of the result. Logs are retained according to your plan's retention setting (7 to 365 days).

Technical data. When you use our website, we record standard server logs (your IP address, user-agent, referrer, requested URL) for security and abuse prevention.

• To provide, operate, and improve the Service.
• To enforce rate limits, prevent abuse, and detect fraud.
• To bill you, send invoices, and respond to support requests.
• To send transactional email (account confirmations, billing receipts, security alerts) — never marketing without consent.
• To meet legal, tax, and accounting obligations (typically a 7-year retention requirement for financial records).

When you make an API request, we receive the IP address you want classified. This IP is processed solely to return classification data. We log the queried IP for usage tracking and anti-abuse, tied to your account.

We do not associate queried IPs with any specific end-user identity, and we do not sell or share queried IPs with third parties.

The classification data the Service returns (geolocation, ASN, VPN/proxy detection, blocklist membership, WHOIS, PTR records) is aggregated from public sources including RIR delegation files, RFC 8805 geofeeds, public DNS, public WHOIS, and openly published threat-intelligence blocklists. We do not aggregate personal data about individuals.

We share data only with the third-party services strictly necessary to operate the platform:

• Payment processor — subscription billing, invoicing, and tax handling.
• DigitalOcean (US) — managed PostgreSQL database hosting.
• Microsoft Azure (US/EU) — virtual machine hosting for the API.
• Cloudflare (US) — CDN, DDoS protection, DNS.
• Netlify (US) — static site hosting for the marketing website and dashboard.
• Leapcell — managed Redis for rate limiting and caching.
• Google Workspace, Resend — transactional email delivery.

Each sub-processor is bound by a written data-processing agreement that requires equivalent safeguards.

Account data is retained while your account is active. Upon account deletion, account data is removed within 30 days, except records required for tax or legal compliance (typically 7 years).

Request logs are retained per your plan's log-retention setting and rolled off automatically.

If you are a resident of the European Economic Area, the United Kingdom, California, or another jurisdiction with similar privacy laws, you have the right to:

• Access the personal data we hold about you.
• Request correction or deletion.
• Object to or restrict processing.
• Receive a portable copy of your data.
• Lodge a complaint with your local data-protection authority.

To exercise these rights, email privacy@geoiphub.com. We respond within 30 days.

We use industry-standard safeguards: TLS 1.2+ for all transport, bcrypt for API-key hashing, encrypted databases at rest, OAuth for authentication, and least-privilege access controls. We do not store payment card details on our infrastructure.

No method of transmission or storage is 100% secure. If you suspect a security issue, email security@geoiphub.com.

The marketing website uses minimal cookies for session management and anonymous analytics (page views, referrer). We do not use third-party advertising or behavioural-tracking cookies.

GeoIPHub operates from Pakistan with infrastructure in the United States and European Union. By using the Service, you acknowledge that your data may be processed in these jurisdictions. Where required, we rely on Standard Contractual Clauses approved by the European Commission.

The Service is not intended for individuals under 16. We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. The “Last updated” date above reflects the most recent revision. Material changes will be communicated by email at least 30 days before taking effect.

GeoIPHub
Email: privacy@geoiphub.com
Support: support@geoiphub.com