netz.tools

Privacy Policy

Last updated: June 2026

Controller

Email: dominic@quaiser.dev

Overview

netz.tools is a connection and browser audit tool. It shows you what your IP, HTTP headers, and browser reveal. The service is operated privately and non-commercially on a Raspberry Pi in Germany. I have designed it to collect as little data as necessary.

No third-party scripts, analytics, advertising, or CDNs are embedded. All resources — including fonts and GeoIP databases — are served directly from my server. No data is transferred to any third party during normal use.

Data I process

IP address and connection data

When you visit this site, your IP address is received by my server. I use it to display it to you (the primary purpose of this service), to look up approximate geographic location and ASN using locally installed MaxMind GeoLite2 databases (no data is sent to MaxMind), and to perform a reverse DNS lookup. Your IP address is not stored — it is discarded after your request is handled. Access logging is disabled by default.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in operating the service.

HTTP headers

Your browser's HTTP headers are displayed to you and are not stored.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in operating the service.

DNS leak test

If you run the DNS leak test, your browser resolves a unique one-time hostname. My authoritative DNS server records the resolver's IP address (the DNS server that handled the query, not your browser's IP), the EDNS Client Subnet (ECS) prefix — if provided by the resolver and rounded to /24 for IPv4, /48 for IPv6 — and a timestamp. These records are automatically deleted after 10 minutes.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in providing the DNS leak test.

IPv6 leak test

If the IPv6 leak test is enabled, your browser fetches two sub-resources — one forced over IPv4, one over IPv6. These requests go to first-party subdomains of this site and are subject to the same IP processing described above: displayed to you, not stored.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in providing the IPv6 leak test.

Anonymous fingerprint statistics

Once per month per browser, your browser submits an anonymous set of fingerprint trait values and a combined hash to my server. Only aggregate counters are stored — there is no per-visitor row, no IP address, and no timestamp associated with these records. The counts are used to derive a measured rarity estimate shown on the main page.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in improving rarity estimates.

Browser storage (localStorage)

I store one entry in your browser's localStorage: the date of your last anonymous stats submission. This prevents redundant submissions. No personal data is stored in localStorage. This is a strictly functional use and does not track you across sites. No server-set cookies are used.

Data retention

Your rights

Under GDPR you have the following rights regarding your personal data:

• Access (Art. 15): request information about data I hold about you.
• Rectification (Art. 16): have inaccurate data corrected.
• Erasure (Art. 17): request deletion of your data ("right to be forgotten").
• Restriction of processing (Art. 18): restrict how I process your data.
• Objection (Art. 21): object to processing based on legitimate interest.
• Data portability (Art. 20): receive your data in a structured, machine-readable format.

To exercise your rights, contact: dominic@quaiser.dev

Note: because I do not store per-visitor records (IP addresses are discarded immediately), I may be unable to locate data associated with a specific individual.

Supervisory authority

If you believe your data has been processed unlawfully, you have the right to lodge a complaint with the competent supervisory authority for Saxony: