host.tools
Legal

Privacy policy

Last updated: May 9, 2026 · GDPR & CCPA compliant

We collect
Inputs, results (cached), IP for rate limits, errors
We DON'T
Sell or share with ad networks. Build cross-site profiles. Read other tabs.
You can
Export, delete, opt out of analytics. Email us anytime.

1. Who we are

host.tools is operated by host.com, Inc., 1209 Orange Street, Wilmington DE 19801, USA. EU representative on request.

2. What we collect

  • Tool inputs (e.g. domains, IPs, URLs you submit). Cached for up to 1 hour to speed up repeat queries.
  • Output payloads from those queries.
  • Your IP address for rate-limit buckets, fraud and abuse detection. Stored hashed, rotated daily.
  • User-agent + Accept-Language for browser stats; aggregated only.
  • Account data (Pro+) — email, hashed password, billing info via Stripe (we never see card numbers).
  • Cookies — only essential session + theme preference. No tracking cookies on free tier.

3. What we do with it

  • Run the tool you asked for and return the result.
  • Cache the result so a second identical request is sub-50ms.
  • Enforce rate limits to protect the Service.
  • Detect abuse (sustained scanning, password-stuffing) and notify upstream where relevant.
  • For Pro+: deliver subscriber features (history, monitors, alerts).

4. What we DON'T do

  • Sell your data. Ever.
  • Share with advertising networks. Sponsorship slots are CMS-driven, not behavioural.
  • Build cross-site profiles or fingerprint you for tracking.
  • Email you marketing without explicit opt-in.

5. Retention

  • Cached query results: up to 1 hour, then evicted.
  • Rate-limit buckets: rolling 1-hour window.
  • Server access logs: 30 days.
  • Account data: until you delete your account, then 30 days for billing reconciliation.

6. Your rights (GDPR / CCPA / equivalents)

You may at any time:

  • Request a copy of personal data we hold on you.
  • Correct or delete it.
  • Object to processing or withdraw consent.
  • Lodge a complaint with a supervisory authority.

Email [email protected] — we respond within 30 days.

7. Subprocessors

We use a small list of vetted vendors:

  • Stripe — billing
  • Cloudflare — CDN, DDoS, WAF
  • SendGrid — transactional email
  • checkhost.com — multi-region probe execution
  • hostinfo.com — GeoIP / ASN data

8. International transfers

Our infrastructure spans US, EU and APAC. Cross-border transfers use Standard Contractual Clauses where required.

9. Cookies

We set two cookies on the free site: hosttools_sess (session, HttpOnly, SameSite=Lax) and theme (light/dark, localStorage). Pro accounts also set a CSRF token cookie. No third-party tracking cookies are set on the free tier.

10. Children

The Service is not directed to children under 16. We don't knowingly collect data from them.

11. Changes

We post material changes here and notify Pro+ subscribers by email 14 days in advance.

12. Contact

Privacy questions: [email protected].
Legal: [email protected].