Privacy Policy

IPAuth (ipauth.net) is operated by netsec-ops. This policy explains what we collect, why, and the choices you have. We keep the data we hold to the minimum the service needs to work.

Information we collect

• Account information. Your email address and, if you sign in with Google or GitHub, the stable account identifier they provide. We do not store passwords.
• Authentication data. Your two-factor (TOTP) secret, encrypted at rest, and your backup codes, stored only as hashes.
• Service data you create. The IP addresses you register for allowlisting (this is the core function of the product), and the pairs, groups, and access apps you configure.
• Access-session data. When a browser is authorized through the access gate, we store a session identifier, its expiry, and the source IP last seen, so you can review and revoke devices.
• Logs. Standard web/request logs and an account audit log (sign-ins and configuration changes), kept for security and troubleshooting and rotated on a short schedule.
• Payments. We do not store card details. If and when paid plans apply, payment is handled by our processor (Stripe) under its own policy.

How we use information

• To provide and operate the service, including authenticating you and delivering the allowlisting and access-gate features you configure.
• To secure the service, prevent abuse, and investigate suspected misuse.
• To respond to support requests and send service and security notices.

Cookies

We use only the cookies the service needs: a session cookie when you are signed in, and the short-lived access cookie the gate sets for an authorized browser. We do not use advertising or cross-site tracking cookies.

How we share information

We do not sell personal information. We share it only with service providers that help us run IPAuth (such as hosting and email delivery), and only as needed to operate the service; when required by law or to protect the service and its users; and in connection with a merger, acquisition, or reorganization of the business.

Retention and deletion

You can delete your account at any time; we remove your account data after a short grace period, and dependent records (pairs, groups, sessions) are removed with it. Logs are kept only as long as needed for security and operations.

Security

Sensitive values are encrypted at rest, traffic is encrypted in transit (TLS), and access to systems is restricted. No system is perfectly secure, but we design for least data and least access.

Your rights

You can access, correct, export, or delete your information. Most of this is available in your account; for anything else, contact us and we will help. Depending on where you live, you may have additional rights under local law.

Changes

We will update this policy as the product grows and will note the effective date above when we make material changes.

Contact

Questions about privacy: contact us or email privacy@netsec-ops.com. IPAuth is a product of netsec-ops.

Terms of Service →