Privacy Policy

This privacy notice discloses the privacy practices for ip2geo.org. This privacy notice applies solely to information collected by this website. It will notify you of the following:

  1. What personally identifiable information is collected from you through the website, how it is used and with whom it may be shared.
  2. The security procedures in place to protect the misuse of your information.

Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email, direct contact, or use of site features. We will not sell or rent this information to anyone.

IP lookups on the main tool are not logged and any data used is transient. Visitor analytics are collected via Umami, an open-source, privacy-friendly analytics platform that does not use cookies or share data with third parties.

Free Threat Reports

When you generate a free Threat Report, the IP addresses you submit and the resulting report are stored temporarily and linked to your unique report token. Free reports expire after 7 days — after that date the link stops working. Your data is permanently deleted within 14 days of the report expiry date. No email address is required or collected for free reports. This data is accessible only via your unique report token.

When viewing a free Threat Report, a short-lived session cookie linked to your report token (not your identity) is set on your device and expires after 30 minutes. This is used to measure how visitors engage with the report. The URL of the page that referred you to this site may also be stored with your submission for attribution purposes. Both are subject to the same 14-day deletion schedule as the rest of your report data.

Paid Threat Reports

When you purchase a Threat Report, the IP addresses you submit and the resulting report are stored securely and linked to your unique report token. Paid reports are permalinked — they do not expire automatically. If you provide an email address to receive your report, that address is stored alongside your report. You may request deletion of your report at any time by contacting us with your report token; all associated data, including your email address, will be removed promptly. This data is accessible only via your unique report token.

To generate your report, the top IP addresses by frequency are checked against AbuseIPDB, a third-party IP reputation service. This sends a subset of your submitted IPs to AbuseIPDB solely to retrieve abuse confidence scores. AbuseIPDB's use of this data is governed by their Privacy Policy.

Payment is processed by Stripe. We do not collect or store your payment card details. Stripe may collect your name, email address, card details, and billing information in accordance with their Privacy Policy.

Community Threat Intelligence

When you opt in on your report page, anonymized data from your Threat Report may contribute to ip2geo's community threat feed. Specifically: CIDR network ranges and individual IP addresses classified as scanning or VPN/proxy infrastructure. Residential IP addresses are never collected.

No individual report data, tokens, email addresses, or personally identifiable information is included in the aggregate. The aggregate tables contain only network ranges, IP addresses, and counts — with no link back to the contributing report.

Consent is opt-in only, requested on your report page after generation. Each report is an independent purchase with its own consent decision — there is no account or cross-purchase tracking. Because contributed data is immediately aggregated with no user identifier retained, individual contributions cannot be separated from the aggregate after the fact. If you wish to mark a specific report as opted-out (contact support@ip2geo.org with your report token), we will update the record to prevent re-ingestion if community data is re-processed in future. However, data already in the aggregate cannot be removed. This is consistent with GDPR Recital 26: truly anonymized data is not subject to erasure requirements.

Contact

Questions about this policy or your data can be directed to support@ip2geo.org. If you would like your report data deleted, contact us with your report token and we will remove it promptly.

Security

All data is transmitted over HTTPS. You can verify this by looking for a lock icon in the address bar and "https" at the beginning of the page address.