Privacy Policy

1. Who we are

Ping64 ("we", "our", "us") operates the infrastructure diagnostics platform available at ping64.io. We are the data controller for personal data collected through this service. Our infrastructure is hosted in the European Union (Scaleway, Paris — fr-par), and we are committed to complying with the General Data Protection Regulation (GDPR).

Contact: privacy@ping64.io

2. Data we collect

Account data

When you create an account: email address, display name (optional), profile picture (optional), hashed password (for email/password accounts). OAuth accounts (GitHub, Google) provide these details directly from your OAuth provider.

Subscription data

If you subscribe to a paid plan: your Stripe customer ID, subscription ID, and plan details. Payment card data is processed and stored exclusively by Stripe — we never see or store your card number.

Tool usage history

For authenticated users, we store the inputs and outputs of tool queries (e.g. DNS lookups, WHOIS, SSL checks) to provide history and analytics features. This data is retained for 90 days then automatically deleted. Anonymous tool usage is not stored.

Technical data

Session tokens (stored as HttpOnly cookies), CSRF tokens. We do not log or store IP addresses beyond what is required by our infrastructure provider for security purposes.

3. Legal basis for processing

Contract performance (Art. 6(1)(b)) — providing the service you signed up for, including authentication and tool access.
Legitimate interest (Art. 6(1)(f)) — security, fraud prevention, and service improvement.
Consent (Art. 6(1)(a)) — where you have explicitly agreed (e.g. marketing communications, if applicable).
Legal obligation (Art. 6(1)(c)) — compliance with applicable law (e.g. tax records for paid subscriptions).

4. Third-party data processors

We share your data with the following sub-processors. All transfers outside the EU are covered by Standard Contractual Clauses (SCCs) or an EU adequacy decision.

Processor	Purpose	Location
Scaleway	Infrastructure & database hosting	EU (Paris, fr-par)
Stripe	Payment processing	US (SCCs)
GitHub (OAuth)	Optional authentication	US (SCCs)
Google (OAuth)	Optional authentication	US (SCCs)

5. Data retention

Account data — retained until you delete your account.
Tool history — automatically deleted after 90 days.
Payment records — retained for 10 years as required by tax law.
Session tokens — expire after 24 hours of inactivity.

6. Your rights (GDPR)

Under GDPR you have the following rights, exercisable at any time:

Access (Art. 15) — request a copy of all data we hold about you.
Rectification (Art. 16) — correct inaccurate or incomplete data.
Erasure (Art. 17) — delete your account and all associated data via Settings → Delete account.
Portability (Art. 20) — export your data as JSON via Settings → Export data.
Restriction (Art. 18) — request we limit processing of your data.
Object (Art. 21) — object to processing based on legitimate interest.

To exercise these rights, use the self-service options in your account settings or contact privacy@ping64.io. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

7. Cookies

We use only strictly necessary cookies — no tracking or advertising cookies.

Cookie	Purpose	Expiry
authjs.session-token	Authentication session	24 hours
authjs.csrf-token	CSRF protection	Session

8. Security

Passwords are hashed using bcrypt (12 rounds). All data is transmitted over TLS/HTTPS. Database connections require SSL. Session tokens are stored in HttpOnly, Secure, SameSite=Lax cookies. We perform regular security reviews and promptly address vulnerabilities.

9. Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. We will notify you by email or in-app notice at least 30 days before material changes take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions or data subject requests:
privacy@ping64.io