Privacy Policy
Summary: InfiniUm Tools is built privacy-first. We collect only what's necessary to run the service. We never sell your data. Tool inputs are processed in real time and not stored. You can delete your account and all associated data at any time.
1. Who We Are
InfiniUm Tools operates the website infinium.tools, a suite of free developer, DevOps, and SEO tools. We are an independent service provider based in Europe.
For privacy-related matters, contact us at: contact@infinium.tools
2. Data We Collect
2.1 Tool Usage Data
When you use our tools (DNS lookup, SSL checker, WHOIS, etc.), you submit URLs, domain names, or other inputs. This data is:
- Processed in real time on our servers
- Not stored after the response is returned
- Never associated with your identity for anonymous users
- Counted (not stored) for rate limiting purposes using an anonymized IP hash
AI Tools: Inputs submitted to AI-powered tools (Log Detective, Config Reviewer, SEO Analyzer, Cron Builder) are sent to Anthropic's Claude API for processing. These inputs are subject to Anthropic's Privacy Policy. We do not store AI tool inputs after processing.
AI Prompt Privacy Checker: This tool operates entirely client-side in your browser. No data leaves your device.
2.2 Account Data
If you create an account, we collect:
| Data | Purpose | Stored |
|---|---|---|
| Email address | Account identification, login | Until account deletion |
| Name | Personalisation | Until account deletion |
| Password | Authentication | Bcrypt hash only — never plain text |
| OAuth token | Google login | Session duration only |
| Usage count | Rate limiting | Rolling 24-hour window |
| Plan / billing status | Feature access | Until account deletion |
2.3 Server Logs
Our web server automatically records: IP address, request path, HTTP status code, user agent, and timestamp. These logs are retained for a maximum of 7 days for security and debugging purposes, then automatically purged.
2.4 Analytics
We use self-hosted Umami Analytics — a privacy-preserving, open-source alternative to Google Analytics. Umami does not use cookies, does not fingerprint visitors, and does not track individuals across sites. All analytics data is anonymised and aggregated.
3. How We Use Your Data
- To provide tool functionality — processing your submitted URLs, domains, or code
- To enforce rate limits — using anonymised IP hashes, not raw IPs
- To manage your account — authentication, plan management, usage tracking
- To improve the service — aggregated, anonymised usage statistics only
- To send transactional emails — account verification, password reset (no marketing without explicit consent)
- To process payments — via Stripe (Pro/Team plans)
We do not use your data for advertising, profiling, or any purpose not listed above.
4. Data Sharing & Third Parties
We never sell, rent, or trade your personal data. We share data only with the following sub-processors:
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| Anthropic | AI tool processing | Tool inputs only | USA |
| Stripe | Payment processing | Email, billing info | USA/EU |
| Google OAuth | Optional login method | Email, name | USA |
| DigitalOcean | Server hosting | All server data | EU (Frankfurt) |
| Zoho Mail | Transactional email | Your email address | EU |
All sub-processors are contractually bound to process data only as instructed and maintain appropriate security standards.
5. Data Retention
| Data type | Retention period |
|---|---|
| Tool inputs (anonymous) | Not stored — discarded immediately after response |
| Server logs | 7 days maximum |
| Rate limit counters (IP hash) | 24 hours rolling |
| Account data | Until account deletion or 3 years of inactivity |
| Usage statistics (aggregated) | Indefinitely — no personal data |
| Payment records | 7 years (legal requirement) |
6. Cookies & Local Storage
We use minimal cookies and browser storage:
| Name | Type | Purpose | Expires |
|---|---|---|---|
| better-auth.session_token | Essential | Authentication session | 30 days |
| theme | Functional | Dark/light mode preference | Persistent (localStorage) |
We do not use advertising cookies, third-party tracking cookies, or cookie-based analytics. See our full Cookie Policy.
7. Security
- All data in transit is encrypted with TLS 1.3
- Passwords are hashed with bcrypt (never stored in plain text)
- API keys are stored as SHA-256 hashes
- Server access is restricted by firewall — no public SSH access
- We follow OWASP Top 10 security guidelines
- Regular dependency audits and security updates
Despite these measures, no system is completely secure. If you discover a security vulnerability, please report it responsibly to contact@infinium.tools.
8. GDPR Rights (EU/EEA Users)
Under the General Data Protection Regulation (EU 2016/679), you have the following rights:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure — request deletion of your personal data ("right to be forgotten")
- Right to restrict processing — limit how we use your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — withdraw consent at any time without affecting past processing
To exercise any of these rights, email contact@infinium.tools. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
Our lawful bases for processing are: contract performance (account services), legitimate interests (security, analytics), legal obligation (payment records), and consent (marketing emails).
9. CCPA Rights (California Users)
Under the California Consumer Privacy Act (CCPA), California residents have the right to:
- Know — what personal information we collect, use, disclose, and sell
- Delete — request deletion of personal information we have collected
- Opt-out — we do not sell personal information. There is nothing to opt out of.
- Non-discrimination — we will not discriminate against you for exercising CCPA rights
To submit a CCPA request, email contact@infinium.tools with subject line "CCPA Request".
10. Children's Privacy
InfiniUm Tools is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page reflects when the policy was last revised. Continued use of the service after changes constitutes acceptance of the updated policy.
12. Contact Us
InfiniUm Tools
We aim to respond to all privacy-related inquiries within 5 business days.