Privacy Policy

1. Introduction

CloakProbe is a privacy-first, security-focused IP information service. This Privacy Policy explains how we collect, process, and handle your data when you use our service.

Data Controller: CloakProbe is an open-source project. For privacy inquiries, please contact us through GitHub Issues.

Legal Basis: We process your data based on legitimate interest to provide the IP information service you request. We do not use your data for marketing, advertising, or any purpose beyond providing the requested service.

2. Data We Collect

When you access CloakProbe, we process the following information from your HTTP request:

2.1 IP Address

We read your IP address from HTTP headers (specifically CF-Connecting-IP when behind Cloudflare) to:

• Display your IP address back to you
• Perform ASN (Autonomous System Number) lookups using local databases
• Determine network information (prefix, RIR, country code)

2.2 HTTP Headers

We process the following HTTP headers:

• User-Agent: Browser/client identification
• Accept-Language: Language preferences
• Accept-Encoding: Compression support
• Sec-CH-UA / Sec-CH-UA-Platform: Client hints for browser/platform information

2.3 Cloudflare Worker Headers

If your request passes through a Cloudflare Worker that adds custom headers, we may process:

• Geo Location: Country, city, region, continent, latitude, longitude, postal code, timezone
• Network: ASN, AS organization, datacenter/colo information
• Connection: HTTP protocol version, TLS version, TLS cipher
• Security: Trust score, bot score, verified bot status
• Proxy Headers: X-Forwarded-For, X-Real-IP, X-Forwarded-Proto

2.4 What We Do NOT Collect

• No cookies - We do not set or read cookies
• No tracking - We do not use analytics, tracking pixels, or fingerprinting
• No third-party requests - All resources are served from the same origin
• No external API calls - ASN and organization lookups use local databases
• No automatic external requests - The page does not send any external requests automatically, neither client-side nor server-side. Any external requests (such as reverse DNS lookups) only occur when you explicitly interact with the page (e.g., clicking a button)

3. How We Process Data

3.1 Data Processing

All data processing happens in memory only. We do not write any data to disk on the origin server. Data is:

• Read from HTTP headers
• Processed to generate the response
• Discarded immediately after the response is sent

3.2 Data Storage

No disk storage: The origin server does not store any data on disk. All processing is ephemeral and happens in memory.

No logging: Logging is disabled on the origin server. Your IP address and request data are not logged.

3.3 Data Sanitization

All header values are sanitized before being displayed to prevent XSS (Cross-Site Scripting) attacks. HTML special characters are escaped, and control characters are removed.

3.4 Local Database Lookups

We use local, read-only databases for ASN and organization lookups:

• IP-to-ASN Database: From iptoasn.com (Public Domain/PDDL)
• RIPE Organization Database: From RIPE NCC dumps

These databases are downloaded during installation and updated via cron jobs. Lookups happen entirely in memory using memory-mapped files. No external API calls are made.

3.5 Reverse DNS Lookup (Optional Feature)

CloakProbe includes an optional reverse DNS lookup feature that allows you to query the hostname (PTR record) associated with your IP address. This feature:

• Only works on user interaction: The reverse DNS lookup is performed only when you explicitly click the "Lookup Reverse DNS" button. The page does not perform any DNS queries automatically.
• Client-side only: The lookup happens entirely in your browser using Cloudflare's DNS over HTTPS (DoH) service at cloudflare-dns.com. No data is sent to the CloakProbe server.
• No automatic requests: The page does not send any external requests automatically, neither client-side nor server-side. External requests only occur when you explicitly interact with the page.
• Privacy-focused: Cloudflare's DoH service is privacy-focused and does not log queries. Your DNS query is sent directly from your browser to Cloudflare's DNS service.
• No data storage: The reverse DNS lookup result is displayed only in your browser and is not stored or logged by CloakProbe.

Important: If you do not click the reverse DNS lookup button, no DNS queries are made and no external requests are sent. The page operates entirely passively until you interact with it.

4. Cloudflare Services

CloakProbe is hosted behind Cloudflare, a content delivery network (CDN) and security service. This means your requests pass through Cloudflare's network before reaching our origin server.

4.1 Cloudflare's Data Processing

Cloudflare processes certain data according to their Privacy Policy. This includes:

• CDN caching and content delivery
• DDoS protection and security filtering
• SSL/TLS termination
• Request routing and optimization

Cloudflare is compliant with various standards including SOC 2, ISO 27001, and others. For details about Cloudflare's data processing practices, please refer to their Privacy Policy.

4.2 Origin Server vs. Cloudflare

It is important to distinguish between:

• Cloudflare's data processing: Happens on Cloudflare's network (CDN, security, caching)
• Origin server (CloakProbe) data processing: Happens on our server (in-memory only, no storage, no logging)

The origin server (CloakProbe) does not store or log any data. All data processing on the origin server is ephemeral and happens in memory only.

5. Data Retention

No data retention: Since we do not store any data on disk and logging is disabled, we do not retain any personal data. Data is processed in memory and discarded immediately after the response is sent.

The only persistent data is:

• Local ASN and RIPE databases (which contain IP range mappings, not personal data)
• These databases are updated periodically but do not contain any user-specific information

6. Your Rights

6.1 GDPR Rights (EU Users)

If you are located in the European Union, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access: You can request information about what data we process about you
• Right to Rectification: You can request correction of inaccurate data
• Right to Erasure: You can request deletion of your data (note: we don't store data, so there's nothing to delete)
• Right to Restriction: You can request restriction of processing
• Right to Data Portability: You can request your data in a structured format
• Right to Object: You can object to processing based on legitimate interest
• Right to Lodge a Complaint: You can file a complaint with your local supervisory authority

To exercise these rights, please contact us through GitHub Issues.

6.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about what personal information we collect, use, and share
• Right to Delete: You can request deletion of your personal information (note: we don't store data, so there's nothing to delete)
• Right to Opt-Out: You can opt-out of the sale of personal information (we do not sell personal information)
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, please contact us through GitHub Issues.

7. Security

We implement various security measures to protect your data:

• Input Sanitization: All header values are sanitized to prevent XSS attacks
• Security Headers: We set comprehensive security headers (CSP, HSTS, X-Frame-Options, etc.)
• No External Dependencies: All resources are served from the same origin
• Read-Only Operations: We only respond to GET requests, no data modification
• Memory-Mapped Databases: Local databases are read-only and memory-mapped
• Cloudflare Protection: DDoS protection and security filtering via Cloudflare

8. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically.

If we make material changes to this policy, we will update the "Last updated" date and, if possible, provide notice through our service.

9. Contact

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

• GitHub Issues: https://github.com/drmckay/cloakprobe/issues
• Project Repository: https://github.com/drmckay/cloakprobe
• Main Website: https://cloakprobe.dev