Privacy Policy

Last updated: May 11, 2025

1. Information We Collect

Account information

When you create an account, we collect your email address and, if you sign in through a third-party provider (GitHub, Google, GitLab), the profile information they share (name and email).

Usage data

We log tunnel connection metadata (timestamps, subdomain, duration) for service operation and abuse prevention. We do not inspect, store, or log the content of HTTP requests or responses passing through your tunnels.

Payment information

Payments are processed by Polar (polar.sh). We do not store credit card numbers or payment method details. We receive a customer identifier from Polar to associate your subscription with your account.

2. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To authenticate you and manage your account.
  • To process payments and manage subscriptions.
  • To detect and prevent abuse, fraud, and violations of our Terms of Service.
  • To communicate with you about your account or service changes.

3. Data Sharing

We do not sell your personal information. We share data only with:

  • Payment processor — Polar receives your email to process subscriptions.
  • Authentication providers — GitHub, Google, or GitLab, only when you use OAuth sign-in.
  • Law enforcement — if required by law or to protect our rights.

4. Tunnel Traffic

HTTP requests and responses relayed through the Service pass through our servers in transit but are not stored, logged, or inspected. The request inspector feature operates entirely on your local machine within the CLI tool.

5. Data Retention

Account data is retained while your account is active. If you delete your account, we remove your personal information within 30 days. Connection metadata may be retained in anonymized form for analytics.

6. Security

We use industry-standard measures to protect your data, including encrypted connections (TLS), hashed API keys, and restricted database access. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. Cookies

We use session cookies for authentication. We do not use tracking cookies or third-party analytics.

8. Your Rights

You may request access to, correction of, or deletion of your personal data by contacting us. If you are in the EU, you have additional rights under the GDPR including data portability and the right to object to processing.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or through the Service.

10. Contact

For privacy-related questions, contact us at [email protected].