EU Data Protection & GDPR

When you use our services you entrust us with your valuable information. We have made it a priority to protect your data and to provide you with choices about controlling it. We understand that there are particular concerns from companies in the EU about how we use and protect your data, so we put this page together as a guide to answer some of the most common questions you may have.

• Our Privacy Policy explains how we collect, use, and protect your data.
• Our Data Processing Agreement provides details of our data processing practices, and is incorporated into our Terms of Service.
• Our List of Service Providers page provides a list of our sub-processors under GDPR.
• Our Security and Privacy section, below, provides an overview of our data center and app security, as well as our data retention policy.

Security and Privacy

Data centers and security measures

Data centers

IPLocate’s primary data and servers are hosted by Hetzner, OVH, and Amazon Web Services (AWS) in Europe, the United States, Singapore, Australia.

All of our data centers and service providers put strong safeguards in place to help protect customer privacy. For a detailed overview of all security and privacy measures, see:

• AWS’s Cloud Security page, and their Compliance Programs page
• Hetzner’s Data protection page
• OVH’s Security and Certifications page

Additional security measures

• Data center security: The data centers we use demonstrate ongoing compliance with rigorous international standards, such as ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2, and SOC 3, PCI DSS Level 1, and more.
• Access control: We restrict access to personal data only to our employees, contractors, and agents who need to know this information in order to operate, develop, or improve our service. Only a select few have access to the servers where data is stored. We go to great lengths to ensure the right balance between support and secure infrastructure. Employees can only access accounts if they have explicit permission from an account owner or the account is in review for compliance with the IPLocate Terms of Service.
• Confidentiality agreements: Employees, contractors, and agents are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution if they fail to meet these obligations.
• App security: All access to the IPLocate interface is secured over SSL (HTTPS), ensuring the information is encrypted. Our SSL configurations are regularly and automatically scanned to ensure we can quickly remediate any vulnerabilities discovered, such as Heartbleed. Additionally, we provide both TLS and HTTPS connections to the IPLocate API services, ensuring data sent to and from the service is encrypted. Account passwords are encrypted in the IPLocate database, preventing even our own staff from viewing them.
• Fully redundant servers for the API and Web interface.
• Secure protocols (SSL / TLS) across the web, and API.
• Separately hosted API system, Public site, and account dashboard.
• 256-bit SSL encryption on the web app and payment processing.
• All passwords are stored using one-way cryptographic hashing functions.
• We run a dedicated environment behind redundant firewalls and switches.
• Hardened, patched OS with frequent security updates.
• External monitoring and audits by highly respected security firms.

Data retention

We don’t store any IP addresses looked up via our API except when requested to help diagnose technical issues. In such cases, we only store the IP addresses until the support request is resolved.