Privacy Policy

Last updated: March 13, 2026

1. Information We Collect

Account Information. When you create an account, we collect your name and email address. Your password is securely hashed and never stored in plaintext.

API Usage Data. When you make API requests, we log the IP address being looked up (not your IP address), the timestamp, and which API key was used. This data is used for rate limiting and abuse prevention.

IP Geolocation Data. NetLoc8 resolves IP addresses to approximate geographic locations using geolocation databases. Individual lookup results may be cached temporarily to improve performance.

Automatically Collected Data. When requests are made to our services, we may automatically collect and store technical metadata including truncated IP address prefixes, approximate geolocation signals (such as country, region, city, and timezone), network identifiers, and timestamps. This data is aggregated and anonymized—it is not linked to your account, API keys, or any personally identifiable information. We use this data to improve service accuracy, monitor system health, and enhance the quality of our geolocation data.

2. How We Use Your Information

  • To authenticate your identity and manage your account.
  • To send transactional emails, such as email verification.
  • To enforce rate limits and prevent abuse of the API.
  • To improve the reliability, accuracy, and performance of the service.
  • To develop and enhance our geolocation data and algorithms.

3. Data Storage & Security

All data is stored in an encrypted database. API keys are stored as one-way hashes—raw keys are shown once at creation and never stored. Passwords are securely hashed with a random salt. All connections are encrypted via HTTPS.

4. Third-Party Services

We use trusted service providers for email delivery and IP geolocation data. These providers only receive the minimum information necessary to perform their function (e.g., your email address for transactional emails). No additional user data is shared.

5. Data Retention

Account data is retained as long as your account is active. Cached API responses are stored in memory for a short TTL. Aggregated, anonymized technical metadata (such as truncated IP prefixes and geolocation signals) may be retained indefinitely for service improvement purposes, as this data cannot be used to identify individual users. You may request deletion of your account and associated personal data by contacting us.

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us at the email address below.

7. Contact

For privacy-related inquiries, contact us at [email protected].