Privacy Policy

No ads, no trackersNo advertising or analytics cookies — ever. We don't profile you and we don't sell data.

Cards never touch usPayments run entirely through Paddle. We never see or store your card details.

Hosted in the EUThe website and the tool relay run on EU servers (Germany & EU data centres).

Delete anytimeOne email removes your account and the data attached to it.

01Controller

The data controller is Majid Nassir, Bunsenstr. 34, 66123 Saarbrücken, Germany — support@abr.cloud. Provider details are in the Impressum.

02What we collect

In short: your email if you make an account, a short abuse-prevention log when you run networked tools — and very little else.

Account data — your email address and a securely hashed password (never stored in plain text), plus your plan/entitlement status.
Tool usage — when you run a networked tool through the relay: the target you entered (IP or domain), the tool, your account or IP, and a timestamp. This is a short audit log kept for abuse prevention.
Technical data — standard request data our servers see (IP address, browser type), and a login token stored in your browser.
Payment data — handled entirely by Paddle as merchant of record. We receive only your subscription status, never card details.
Support email — if you write to us, we keep the correspondence as long as needed to help you.
Profile (optional) — a display name and any company / role / "how you found us" details you choose to add in your profile. With Google sign-in, your name and avatar URL come from Google; you can change or remove them anytime. We also record when you accepted our terms (version + timestamp).
Newsletter (opt-in) — only if you subscribe and confirm by email (double opt-in) do we store that consent for sending occasional product news. Unsubscribe anytime from your profile.

Offline utilities (subnet calculator, hash, password tools, …) run entirely in your browser or on your device — their inputs are never sent to us.

03Why we process it & legal basis (GDPR Art. 6)

Providing the Service and your account — performance of a contract, Art. 6(1)(b).
Abuse prevention, relay security, rate limiting — legitimate interests, Art. 6(1)(f): keeping a shared diagnostic relay from being misused against third parties.
Verification and account email — performance of a contract, Art. 6(1)(b); we send no marketing email without consent.
Newsletter — consent, Art. 6(1)(a), given via double opt-in and revocable at any time.
Legal obligations — Art. 6(1)(c), e.g. retention rules applying to billing records held by Paddle.

04Where your data lives & transfers

In short: core data stays in the EU; payments and optional AI analysis involve providers outside it, with safeguards.

The website and email run on Hostinger (EU data centres); the tool relay runs on IONOS in Germany. Cloudflare provides DNS, CDN, and bot protection in front of our sites, which means requests pass through its global network.

Paddle (UK) processes payments. If you use AI analysis, the content you submit is processed by AI providers in the United States (see section 5). Where personal data leaves the EU/EEA, transfers rely on an adequacy decision or standard contractual clauses.

05AI features & your data

AI analysis is strictly opt-in per use: nothing is sent to an AI provider unless you press the analyse button. When you do, the tool output you selected is sent to Anthropic and/or OpenAI to generate the explanation, and processed under their API terms — which do not permit using your content to train their models. We don't store the analysis content beyond showing it to you.

Don't include passwords or other secrets in content you submit for analysis.

06Retention

Account data is kept while your account exists and deleted when you close it. Usage/audit logs are kept only as long as needed for abuse prevention, then deleted or anonymised. Support correspondence is kept as long as needed to resolve your request. Billing records are retained by Paddle under its own statutory retention obligations.

07Processors & recipients

Paddle (UK) — merchant of record: payments, invoicing, subscription management.
Hostinger (EU) — web hosting and transactional email.
IONOS (Germany) — the cloud relay that runs networked tools.
Cloudflare (global) — DNS, CDN, and bot protection (Turnstile).
Anthropic / OpenAI (US) — AI analysis, only when you request it.

We share data with these providers only as needed to run the Service, and with authorities only where legally required.

08Your rights

Under the GDPR you can request access to your data (Art. 15), correction (Art. 16), deletion (Art. 17), restriction of processing (Art. 18), and data portability (Art. 20), and you can object to processing based on legitimate interests (Art. 21). Email support@abr.cloud — we'll respond within the statutory one-month period. You also have the right to complain to a data-protection supervisory authority.

09Cookies & local storage

In short: only what's needed to keep you signed in and keep bots out — nothing for advertising.

We use no advertising or third-party analytics cookies. The web app stores a login token in your browser so you stay signed in, and Cloudflare Turnstile may set a token to verify you're human. Both are strictly necessary for the Service, so no consent banner is required.

10Security

All traffic is encrypted in transit (TLS). Passwords are stored only as salted hashes using a modern key-derivation function. The relay enforces per-user rate limits, runs with least privilege, and keeps a minimal audit log. Access to production systems is key-based and restricted. No system is perfectly secure, but we treat security as a product feature — it's what we build tools for.

11Children

The Service is not directed at children and is intended for users aged 16 or older. We do not knowingly collect data from children; if you believe a child has created an account, contact us and we'll delete it.

12Changes

We'll post updates to this policy here with a new "last updated" date, and notify account holders by email of material changes.