Your data, your rules — privacy policy

Last updated: 2026-05-15

IPFerret is built privacy-first. This policy describes exactly what happens when you load the site or call the API. Replace this template with your own legal review before going to production.

What we don't do

• We don't require an account, sign-up, or login.
• We don't store your IP address in a database we operate.
• We don't set first-party tracking cookies. Theme preference is stored client-side in localStorage only.
• We don't fingerprint your browser or device for our own purposes.
• We don't aggregate, sell, or share your data with third-party data brokers.

What we do

When you load the home page, the server reads your IP from the inbound request headers in order to display it back to you. To enrich it with location and ASN information, the server makes a single outbound call to our configured geo provider (currently ipinfo.io). That call sends your IP — the same IP that provider would see if you hit it directly — and nothing else.

Logs

Our hosting provider may keep short-lived access logs for abuse-prevention. We do not aggregate, sell, or share those logs. We also run a first-party pageview counter that records the URL path, a salted+truncated IP hash (not the IP itself), and an approximate timestamp. The salt rotates daily, so the same visitor can't be tracked across days.

Third-party services

• IP geolocation provider — IPFerret currently uses ipinfo.io for ASN and approximate location lookups. See their privacy policy.
• DNS-over-HTTPS resolver — when you use the DNS lookup tool we forward the query you submit to Cloudflare's 1.1.1.1 resolver. Cloudflare publishes its retention practices in their DNS privacy notice.
• RIR registries (ARIN / RIPE / APNIC / LACNIC / AFRINIC) — WHOIS / RDAP lookups are forwarded to whichever Regional Internet Registry owns the address block. We send only the queried IP / ASN.
• MAC vendor lookup — MAC OUI prefixes are resolved via the public macvendors.com API. We send only the 24-bit OUI prefix.
• Google AdSense — to keep the site free we serve display ads via Google AdSense. AdSense loads its loader script (adsbygoogle.js) on every page and uses cookies and similar technologies to select and measure ads per Google's "How Google uses information from sites" and cookie policies. You can opt out of personalised advertising at google.com/settings/ads or use the EEA / UK / Swiss consent dialog described below.
• Google Consent Management Platform (CMP) — visitors from the European Economic Area, the UK, and Switzerland see a one-time dialog with three choices: Consent, Do not consent, and Manage options. Your choice is stored client-side by Google's CMP and is the legal basis on which ads are shown to you.
• ads.txt — we publish /ads.txt per the IAB Tech Lab specification. This is a public, static file declaring which advertising vendors are authorised to sell our inventory; it does not collect any data from visitors.
• Analytics — there is currently no third-party analytics product loaded on the site. If we add one in the future, we'll pick a privacy-respecting option (e.g. self-hosted Plausible) and update this policy before turning it on. We will never use cross-site profiling analytics.

Cookies set on this site

• First-party — none. Theme preference uses localStorage (not a cookie) and never leaves your browser.
• Google AdSense — sets cookies under googleads.g.doubleclick.net and similar domains for ad selection, frequency capping, and click measurement. Full list and purposes: business.safety.google/adscookies.
• Google CMP — stores your consent choice in a cookie / localStorage entry so the dialog doesn't reappear on every page load.

Your rights

If you're in the EU/EEA, UK, or Switzerland you have the right under GDPR / UK GDPR / FADP to access, correct, delete, or export any personal data we hold about you, and to object to processing or withdraw consent. Because we don't operate user accounts or store your IP in a database, in practice the data we hold about an individual visitor is limited to the salted-hash pageview record. To exercise any right, email privacy@ipferret.com and we'll respond within 30 days.

California residents have analogous rights under the CCPA / CPRA. We do not sell personal information.

Children

IPFerret is not directed at children under 13 (or the equivalent age in your jurisdiction). We do not knowingly collect data from children. If you believe we have, contact privacy@ipferret.com and we will delete it.

Changes to this policy

Material changes are reflected in the "Last updated" date at the top of this page. For substantial changes (e.g. adding a new data processor), we will additionally publish a note on the about page.

Contact

Privacy questions: privacy@ipferret.com.