Privacy Policy
This policy explains what information IP-Atlas collects, how we use it, and what rights you have. IP-Atlas is operated by Trellis Digital Services LLC ("Company", "we", "us").
Our core principle: we store only what we need to operate the Service. We do not log the content of your API requests, we do not sell data, and we do not use your usage patterns for marketing or analytics.
What we collect
| Data | Purpose | Source |
|---|---|---|
| Email address | Account identity, key delivery, billing receipts, service notices | You, at signup |
| Bcrypt hash of your password | Authenticate sign-in (we never see the plaintext after it leaves your browser) | You, at signup or password change |
| SHA-256 hash of each API key + first-eight-character display prefix | Authenticate requests (hash) and let you identify a key in the dashboard (prefix). The plaintext secret is shown to you once at issuance and never stored. | Generated at key issuance |
| Per-key request counts (daily and monthly) | Quota enforcement, billing accuracy, operational metrics | Incremented on each authenticated request |
| Stripe customer identifier | Subscription lifecycle, billing portal, webhooks, overage invoicing | Stripe, when you authorise a card at signup |
| Session records | Keep you signed in. Each session stores: SHA-256 hash of the cookie, the first two octets of your IPv4 (e.g. 203.0 — a /16 prefix; for IPv6, the first three groups — a /48), and a SHA-256 hash of your browser's user-agent string. The cookie is HttpOnly+Secure+SameSite=Strict. | Server, at sign-in |
| Account security audit log | Records authentication events (sign-in success/failure, password change, email change, 2FA enroll/disable). Each row stores the event type, an event-data JSON blob, the same /16 IP prefix, and the same user-agent hash. Lets you and us spot suspicious activity. Retained 90 days. | Server, on each event |
| Two-factor authentication state (only if you enroll) | TOTP: AES-256-GCM-encrypted seed. WebAuthn: credential ID, public key, sign-counter, transports list, optional nickname. Backup codes: bcrypt hashes only. | Generated when you enroll a second factor |
| Server access logs | Debugging, abuse detection. Retained ≤30 days. Do not contain the request body, query string, or response body. | Reverse proxy |
What we do NOT collect
- The IP addresses you look up via
/json/{ip}or/v1/batch. These are not logged. Once a response is rendered, the query IP is gone. - Your payment details (card number, CVV, expiry). These are collected and stored by Stripe under PCI DSS scope and never touch our servers.
- Your full IP address. We store only a coarse prefix (/16 for IPv4, /48 for IPv6) — enough to spot abuse patterns, not enough to identify a household.
- Your browser's raw user-agent string. We store only a SHA-256 hash so we can spot session reuse, not enough to fingerprint you.
- Cross-site tracking cookies, marketing analytics, or third-party advertising trackers.
How we use your data
- To authenticate requests and enforce plan quotas;
- To bill you correctly, including overage, and send receipts;
- To send you service notices (80% and 95% usage warnings, outage notifications, material changes to these policies);
- To investigate abuse or security incidents.
We do not sell your data, rent it, or share it with advertising networks. We will disclose data only when legally compelled (subpoena, court order, or similar), and only to the extent required.
Data retention
- Account email + password hash + API key hashes: retained while the account is active, plus 6 months after deletion for fraud and audit purposes, then permanently removed.
- Per-key request counts: rolling 13-month retention for historical billing inquiries, then aggregated and per-key detail deleted.
- Sessions: deleted when the session expires (7 days idle), the user signs out, or the user explicitly revokes all sessions.
- Account security audit log: 90 days.
- 2FA secrets / WebAuthn credentials / backup codes: retained for as long as 2FA is enrolled. Removed immediately when the user disables 2FA or deletes the account.
- Server access logs: ≤30 days.
- Billing records: retained 7 years for US tax compliance.
- Stripe data: retained by Stripe per their own policies; we only store the opaque customer and subscription identifiers.
Your rights
Regardless of where you live, you can:
- Request a copy of the data we hold associated with your email address;
- Request correction of inaccurate data (most fields are already self-serve in the dashboard);
- Request deletion of your account (we delete your email, key, and usage history subject to the retention limits above).
Residents of California (CCPA/CPRA), the EEA/UK (GDPR), and other US states with comprehensive consumer-privacy laws have additional statutory rights. We do not sell personal information, so no opt-out is required; but if you have a specific request, email support@ip-atlas.io.
International transfers
IP-Atlas is hosted in the United States. If you access the Service from outside the United States you consent to your data being processed in the United States. We rely on Standard Contractual Clauses with our subprocessors where applicable.
Children
The Service is not directed to children under 16 and we do not knowingly collect data from children.
Security
API keys are stored as SHA-256 hashes — even a full database compromise does not expose plaintext keys. Transport is TLS 1.2+. Stripe handles all card data.
If you discover a vulnerability, please email support@ip-atlas.io. We will acknowledge within 72 hours.
Changes
We may update this policy from time to time. Material changes will be announced by email to active subscribers at least 30 days before taking effect.