IPrating
Context EngineTraffic FilteringLogistics Context
Website CustomizationE-commerceFraud PreventioniGaming & CasinosFinance & ComplianceAdvertising & Marketing
SDK DownloadsDocumentationContact UsStatus Page
Legal Document

Privacy Policy

Last Updated: March 10, 2026

1. Introduction

Virtunio Ltd., operating the IPrating.net service ("we," "our," or "us"), is a Cyprus-based company operating within the European Union. We are committed to protecting your privacy and complying with all applicable data protection laws, including the General Data Protection Regulation (GDPR).

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website and services.

Our Role: IPrating.net operates as a data aggregator and processor. We collect IP information from your customers (request based), aggregate this data, and enrich it with our proprietary algorithms for cybersecurity and e-commerce intelligence. IPrating.net is not a high-accuracy IP geo-location service, but an IP address analysis and intelligence service designed to help businesses make the right decisions about their incoming traffic and offer a superior user experience to their customers.

By using IPrating.net, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

Account Information: When you register for an account, we collect:

  • Name and email address
  • Company name and business information
  • Billing and payment information
  • Password (encrypted)

Communications: When you contact us, we collect:

  • Email correspondence
  • Support tickets and inquiries
  • Feedback and survey responses

2.2 Information Automatically Collected

Usage Data: We automatically collect:

  • IP addresses (for security and analytics)
  • Browser type and version
  • Device information
  • Pages visited and time spent
  • Referring URLs
  • API usage statistics and logs

Cookies and Tracking: We use necessary cookies and similar browser storage for core functionality. Optional Google Analytics cookies, optional Apollo.io and RB2B marketing technologies, and optional interface-preference cookies are enabled only when you opt in through our consent controls. See our Cookie Policy for details.

2.3 Information from Third Parties

We may receive information from:

  • Payment processors (transaction details)
  • Authentication providers (OAuth data)
  • Analytics services (aggregated usage data)

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

  • Providing and maintaining our IP intelligence services
  • Processing API requests and delivering geolocation data
  • Managing your account and subscriptions
  • Processing payments and billing

Support Widget

We provide an AI agent-powered support widget to assist users with questions about our services and configuration. This widget:

  • Is a mandatory service component for customer support
  • Loads automatically for all visitors
  • Can be disabled by registered users in their Profile Settings (/dashboard/profile)
  • Conversations are processed by our AI system to provide relevant support responses
  • Anonymized telemetry and conversation data may be stored for service improvement purposes

The support widget configuration is stored locally in your browser and resets when you clear your browser data.

3.2 Communication

  • Sending service-related notifications
  • Responding to inquiries and support requests
  • Sending marketing communications (with consent)
  • Providing updates about our services

3.3 Improvement and Analytics

  • Analyzing usage patterns and trends
  • Improving our services and user experience
  • Developing new features and products
  • Conducting research and analytics

3.4 Security and Compliance

  • Detecting and preventing fraud and abuse
  • Ensuring security and integrity of our services
  • Complying with legal obligations
  • Enforcing our Terms of Service

4. Legal Basis for Processing (GDPR)

As an EU-based company (Cyprus), we process your personal data in accordance with GDPR based on:

  • Contract Performance: Processing necessary to provide our services (Article 6(1)(b) GDPR)
  • Legitimate Interests: Improving our services, security, and fraud prevention (Article 6(1)(f) GDPR)
  • Consent: Marketing communications and optional cookies (Article 6(1)(a) GDPR)
  • Legal Obligations: Compliance with applicable laws and regulations (Article 6(1)(c) GDPR)

4A. Data Processing and Privacy-by-Design

4A.1 Our Role as Data Processor

When you use our API services, we act as a data processor on your behalf. You remain the data controller for any personal data (IP addresses) you submit to our API.

4A.2 Privacy-Respecting Geolocation

We are committed to privacy-respecting IP intelligence:

What We DO NOT Provide:

  • ZIP codes, postal codes, or street addresses
  • Precise coordinates that could identify households
  • Data more granular than city level
  • Any information that could identify specific individuals or households

Our Privacy Commitments:

  • Maximum geolocation accuracy: City level (~98% accuracy)
  • We consider more precise location tracking a breach of privacy
  • We do not store associations between your API queries and end-user identities
  • We do not create profiles of individuals based on IP addresses
  • We do not track individuals across websites or services

4A.3 IP Address Processing

When you submit IP addresses or other user fingerprints to our API:

  • We process them in real-time to return intelligence data
  • We do not store associations between your queries and end-user identities
  • API logs are retained for 90 days for security and debugging purposes only
  • Logs contain request metadata but not end-user personal information
  • We do not use IP addresses from your queries for any purpose other than providing our service

4A.4 Data Sources and Aggregation

Our IP intelligence data comes from:

How We Obtain IP Data:

Generally, IP information is obtained by triangulating and calculating latency on the network. Common methods include analyzing ping latency across a network, checking databases of IP address blocks, and for mobile devices, using GPS or cell tower triangulation. The accuracy varies greatly; database lookups may point to the ISP's main office, while advanced ping analysis can pinpoint a user's location with more precision.

This is why we aggregate and consolidate multiple data sources before merging everything into our database service.

Location Data Sources:

  • Global infrastructure providers: Cloudflare, Google Analytics, Vercel (used as data sources only, not infrastructure dependencies) - Services used by billions of devices daily. IP location is triangulated based on network latency
  • Regional Internet Registries (RIRs): Official organizations that assign IP addresses. This is how we know when an ISP buys 50,000 addresses for a specific country - this information is public
  • Public databases: REST Countries API (official country information), IANA Timezone Database (official timezone data), Wikipedia (general geographic information)
  • Network analysis: Latency-based triangulation from servers in known locations

Security Data Sources:

  • Public proxy lists: Known VPN and proxy server IP addresses
  • Threat intelligence feeds: Information about malicious IPs
  • Proprietary algorithms: Our own cybersecurity and e-commerce intelligence

Data Updates: We combine all these sources and update our database weekly to keep it current.

We aggregate and enrich this data to provide comprehensive IP intelligence while maintaining privacy standards.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

5.1 Service Providers

We share data with trusted service providers who process data on our behalf:

  • Cloud hosting: Hetzner bare metal infrastructure (EU data centers)
  • Database: Supabase (GDPR-compliant, EU-hosted)
  • Payment processing: Stripe, Revolut (GDPR-compliant)
  • Analytics: Google Analytics (anonymized IPs, only when you opt in to analytics cookies), ClickHouse (self-hosted, EU)
  • Optional marketing measurement: Apollo.io and RB2B (only when you opt in to marketing cookies)
  • Email services: Resend (for transactional and marketing emails)
  • Data sources: Cloudflare, Google Analytics, Vercel (used as data sources only for network triangulation), Regional Internet Registries, public threat intelligence feeds (for IP intelligence data aggregation)

All service providers are contractually obligated to protect your data and comply with GDPR.

5.2 Legal Requirements

We may disclose your information if required to:

  • Comply with legal obligations or court orders
  • Protect our rights, property, or safety
  • Prevent fraud or security threats
  • Enforce our Terms of Service

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Specific Retention Periods:

  • Account data: Duration of account + 30 days after deletion
  • API logs: 90 days
  • Billing records: 7 years (legal requirement)
  • Analytics data: 26 months
  • Support tickets: 3 years
  • Consent preference record stored in your browser: until you change your choice or clear browser data

7. Your Rights and Choices

7.1 Access and Portability

You have the right to:

  • Access your personal information
  • Request a copy of your data in a portable format
  • Review and update your account information

7.2 Correction and Deletion

You can:

  • Correct inaccurate information through your account settings
  • Request deletion of your account and personal data
  • Object to processing of your personal information

7.3 Marketing Communications

You can:

  • Opt out of marketing emails via unsubscribe links
  • Manage email preferences in your account settings
  • Contact us to update your communication preferences

7.4 Cookie Management

You can manage cookies through:

  • Our cookie preference controls when shown and, where available, from the site footer
  • Your browser cookie and site-data settings
  • Third-party opt-out tools
  • Clearing browser local storage if you want to remove the locally stored consent record on your device

7.5 GDPR Rights (All Users)

As an EU-based company, we extend GDPR rights to all users worldwide:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate data
  • Right to erasure ("right to be forgotten"): Request deletion of your data
  • Right to restriction: Limit how we process your data
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time
  • Right to lodge a complaint: File a complaint with a supervisory authority

To exercise your rights, contact our Data Protection Officer at dpo@iprating.net. We will respond within 30 days as required by GDPR.

8. Data Protection Officer

As required by GDPR Article 37, we have appointed a Data Protection Officer (DPO) to oversee our data protection practices.

Contact our DPO:

The DPO handles:

  • Data subject rights requests (access, deletion, portability, etc.)
  • Data protection inquiries and complaints
  • Data Processing Agreement (DPA) requests
  • Privacy impact assessments
  • Data breach notifications
  • GDPR compliance matters

9. Data Security

We implement industry-standard security measures to protect your information:

Technical Measures:

  • Encryption in transit (TLS 1.3)
  • Encryption at rest for sensitive data
  • Secure authentication and access controls
  • Regular security audits and penetration testing
  • Intrusion detection and prevention systems
  • Regular security monitoring and logging

Organizational Measures:

  • Employee training on data protection and GDPR
  • Access controls and least privilege principles
  • Incident response procedures
  • Regular security assessments
  • Background checks for employees with data access
  • Confidentiality agreements

Data Breach Notification: In the event of a data breach affecting your personal data, we will:

  • Notify you within 72 hours (as required by GDPR Article 33)
  • Notify the relevant supervisory authority
  • Provide details of the breach and remediation steps
  • Offer assistance to mitigate potential harm

However, no system is completely secure. We cannot guarantee absolute security of your information.

10. International Data Transfers

Our primary operations are based in the European Union (Cyprus). However, some of our service providers may process data outside the EEA.

We ensure appropriate safeguards for international transfers in accordance with GDPR Chapter V:

  • Standard Contractual Clauses (SCCs): EU-approved contracts for data transfers
  • Adequacy decisions: Transfers to countries deemed adequate by the European Commission
  • Data Processing Agreements: Contractual obligations with all processors
  • Privacy Shield (where applicable): For US-based service providers

Data Locations:

  • Primary hosting: EU data centers (preferred)
  • Backup hosting: Digital Ocean (EU regions)
  • Analytics: ClickHouse (self-hosted, EU)
  • Payment processing: Stripe (GDPR-compliant, global)

11. Children's Privacy

Our services are not intended for children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at legal@iprating.net.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting a notice on our website
  • Sending an email to registered users
  • Updating the "Last Updated" date

Your continued use of our services after changes constitutes acceptance of the updated policy.

14. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about data we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise these rights, contact us at legal@iprating.net.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Virtunio Ltd. (IPrating.net) Registration: Cyprus (EU) Website: https://www.iprating.net

Data Protection Officer: Email: dpo@iprating.net Response time: Within 30 days (GDPR requirement)

General Privacy Inquiries: Contact Form: https://iprating.net/contact

16. Supervisory Authority

As a Cyprus-based company, our lead supervisory authority is:

Office of the Commissioner for Personal Data Protection (Cyprus) Website: http://www.dataprotection.gov.cy Email: commissioner@dataprotection.gov.cy Phone: +357 22 818 456

If you are located in another EU member state, you have the right to lodge a complaint with your local data protection authority. You can find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en

For information about cookies, please see our Cookie Policy.
For our terms of service, please see our Terms of Service.

Related Documents

Terms of ServiceCookie Policy

Questions?

Contact us