Skip to content

Privacy Policy

IPWHO PRIVACY POLICY (v2.2)

Last Updated: 2025-11-02

1. DATA WE COLLECT

We collect the following information:

  • Account details (name, email, company)
  • API usage metadata
  • End-user IPs submitted by customers
  • Billing information processed by third-party providers

2. PURPOSES

We use this data to:

  • Deliver and operate the API
  • Prevent fraud and abuse
  • Support and diagnostics
  • Improve performance
  • Legal compliance

3. WE DO NOT SELL PERSONAL DATA

We do not sell, rent, or trade personal data.

4. DATA MINIMISATION

We store only the minimum IP metadata necessary to deliver the Service.

5. GDPR LAWFUL BASES

Our lawful bases for processing are:

  • Contract
  • Legitimate interests
  • Consent where required
  • Legal obligations

6. RIGHTS

Depending on your location, you have the following rights:

  • EU/UK: access, deletion, correction, portability, objection.
  • US (CCPA/CPRA): access, deletion, correction.
  • AU: access & correction.

7. TRANSFERS

We use Standard Contractual Clauses where required.

8. RETENTION

  • Logs: Retained 30–90 days.
  • Account/billing data: Retained as required by law.

9. SECURITY

We employ the following security measures:

  • TLS encryption
  • Access controls
  • Monitoring
  • Structured retention

10. CONTACT

privacy@ipwho.org