Privacy Policy
Last updated: March 7, 2026
1. Introduction
Welcome to SecTools ("we," "our," or "us"), operated at sectools.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website. Please read this policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.
2. Information We Collect
2.1 Automatically Collected Information
We minimize data collection. The only information processed automatically is:
- IP Address — Used temporarily for rate limiting only. Stored as a hashed value in temporary files that are auto-deleted within 1 hour. We do not log or retain IP addresses in our application.
- Analytics Data — If you accept cookies, we use Google Analytics to understand website usage patterns (pages visited, session duration, general location, device type). This data is aggregated and not linked to your tool inputs. See Section 5 for details.
- Cookies & Similar Technologies — As described in Section 5 below.
2.2 Information You Provide
Some of our tools require you to input data (such as domain names, IP addresses, URLs, email headers, or text) to function. We take a zero-logging approach to your input:
- Processed in real-time on our servers to produce tool results.
- Never stored in any database, file, or log.
- Never associated with your IP address or any identifier.
- Discarded from memory immediately after the response is sent.
- Never shared with any third party (except when a tool explicitly calls an external API to function, such as DNS resolvers or geolocation services).
We have no database — there is nowhere for your data to be stored even if we wanted to.
Important: Do not submit sensitive personal information (passwords, private keys, financial data) into our tools. While we do not store this data, it is transmitted over the network.
2.3 Contact Information
If you contact us via email, we collect your name, email address, and message content to respond to your inquiry.
3. How We Use Your Information
We use the minimal information we process to:
- Provide, operate, and maintain our security tools.
- Prevent abuse through temporary rate limiting.
- Display advertisements if you consent (see Section 4).
- Comply with legal obligations.
We do not use your information for profiling or personalization. Analytics data is used solely to understand overall traffic patterns and improve the website.
4. Advertising
We use Google AdSense to display advertisements on our website. Google AdSense uses cookies and similar technologies to serve ads based on your prior visits to our website and other websites on the Internet.
4.1 Google AdSense & Personalized Ads
- Google uses the DoubleClick cookie to serve ads based on your browsing history.
- You may opt out of personalized advertising by visiting Google Ads Settings.
- You may also opt out of third-party cookies by visiting the Network Advertising Initiative opt-out page.
4.2 Third-Party Ad Networks
Third-party ad networks may use cookies, web beacons, and similar technologies to collect information about your browsing activity across websites. This information may be used to provide targeted advertisements. We do not control these third-party tracking technologies.
5. Cookies
Our website uses the following types of cookies:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | CSRF token (session cookie), cookie consent preference (localStorage) | Session / Permanent |
| Functional | Dark mode preference, favorites, recently used tools (all localStorage, no cookies) | Permanent (local only) |
| Analytics | Google Analytics cookies to understand traffic and usage patterns — only loaded if you click "Accept" | Up to 2 years |
| Advertising | Google AdSense cookies for serving relevant ads — only loaded if you click "Accept" | Varies |
You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.
6. Third-Party Services
Our tools may interact with external APIs to provide results. These include:
- ip-api.com — For IP geolocation lookups.
- crt.sh — For Certificate Transparency log searches.
- Have I Been Pwned (HIBP) — For breach checking (passwords are never sent in full; we use the k-anonymity model).
- WHOIS servers — For domain registration lookups.
- Public DNS resolvers — For DNS propagation checks.
Each third-party service has its own privacy policy. We encourage you to review their policies.
7. Data Security
We implement appropriate technical and organizational measures to protect the information we process, including:
- HTTPS encryption for all data in transit.
- Rate limiting to prevent abuse.
- Input validation and sanitization.
- No permanent storage of user-submitted tool data.
However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
8. Children's Privacy
Our website is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.
9. Your Rights
Depending on your location, you may have the following rights:
- Access — Request a copy of the data we hold about you.
- Deletion — Request deletion of your data (note: we do not store tool input data).
- Opt-out — Opt out of personalized advertising.
- Cookie Control — Manage cookie preferences via the consent banner or browser settings.
9.1 For EU/EEA Residents (GDPR)
Under the General Data Protection Regulation, you have additional rights including the right to access, rectify, erase, restrict processing, data portability, and object to processing. Our legal basis for processing is legitimate interest (providing our tools) and consent (for advertising cookies).
9.2 For California Residents (CCPA)
Under the California Consumer Privacy Act, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.
10. Data Retention
- Tool input data: Never stored. Processed in memory and discarded immediately after the response.
- Rate limiting data: Hashed IP timestamps in temporary files, auto-deleted within 1 hour.
- API cache: External API responses (not user input) may be cached for up to 24 hours to reduce API calls.
- Cookie consent & preferences: Stored in your browser's localStorage (never sent to our servers).
- Server logs: Standard web server access logs are managed by the hosting provider. We do not add any application-level logging.
10.1 What We Don't Store
To be completely transparent, here is what we do not collect or store:
- No user accounts or profiles
- No database of any kind
- No analytics tied to your tool inputs (Google Analytics tracks page views only, not what you submit)
- No search history or tool usage logs
- No user input from any tool
- No IP address logs (only temporary hashed rate-limit files)
- No browser fingerprints or device identifiers
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this page periodically.
12. Contact Us
If you have any questions about this Privacy Policy, please contact us:
- Email: admin@sectools.io
- Website: sectools.io