Privacy policy
YourTrace is a tool about your privacy, so we hold our own to a high bar. Here is exactly what we process, why, for how long, and the rights you have under the GDPR and similar laws.
Data controller
YourTrace (“we”, “us”) operates the website at yourtrace.net and the lookup API. We are the data controller for the limited personal data described below. Questions or requests: [email protected].
What we process
- ›Your IP address — the single piece of personal data that is intrinsic to an IP-lookup service.
- ›Request metadata your browser sends with each HTTP request: User-Agent, Accept-Language, and client-hint headers (e.g. platform, mobile flag). Used only to render the result you asked for.
- ›Any IP addresses or hostnames you type into the lookup box, and any IPs you query via the API.
- ›Aggregate, cookieless usage analytics (page-view counts only) — no cross-site tracking, no advertising identifiers, no device fingerprint stored.
Lawful basis & why we process it
We process your IP and request metadata under legitimate interest (GDPR Art. 6(1)(f)): you have asked us to look up an IP, and we have a legitimate interest in delivering that result and in keeping the service secure and abuse-free. We balance this against your rights, which is why we collect the minimum needed, set no tracking cookies, build no profiles, and retain nothing for long.
We do not rely on consent for analytics because our analytics are cookieless and aggregate — see the cookies section below. We never process this data for advertising or automated decision-making with legal effects.
The exposure check never leaves your browser
The fingerprint and leak probes (canvas, audio, fonts, WebRTC, timezone and the exposure score) run entirely client-side. Those values are computed and shown in your browser and are never transmitted to us, logged, or stored. You can verify this in your browser's devtools network tab.
Retention
Operational request logs that contain a raw IP are truncated or anonymised within ~30 days. After that we keep no record that links a raw visitor IP to a request. Aggregate analytics counts carry no IP and are kept only as totals. We keep no long-term store of raw visitor IPs.
Cookies & tracking — none
YourTrace sets no tracking, advertising, or cross-site cookies, and runs no consent wall or cookie banner — because there is nothing to consent to. Analytics are privacy-respecting and cookieless. The only browser storage we may use is strictly-necessary, first-party state (e.g. remembering the monthly/annual pricing toggle), which is exempt from consent requirements. Full detail is in our cookies statement.
Sharing & sub-processors
We do not sell your data and do not share it with advertisers. We rely on a small set of infrastructure sub-processors (CDN/edge hosting, IP-geolocation data providers listed in our attribution page) strictly to deliver the service. Any transfer outside the EEA relies on Standard Contractual Clauses or an adequacy decision.
What we never do
- ›Sell your data, or build advertising profiles of you.
- ›Attempt to identify you as a named person — IP geolocation is network-level, not personal identification.
- ›Set tracking cookies or run a consent-wall; analytics are privacy-respecting and cookieless.
Your rights (GDPR / DSAR)
If you are in the EEA, UK, or a comparable jurisdiction you have the right to access, rectify, erase, restrict, or object to our processing of your personal data, and to data portability. To exercise any of these — including erasure of an IP from our logs — email [email protected]. We respond within 30 days and free of charge. You also have the right to lodge a complaint with your local data protection authority.
EU representative
Where required under GDPR Art. 27, our EU representative for data-protection matters can be reached at [email protected]. Use this address if you are in the EU and prefer to contact a representative within the Union rather than us directly.