Overview
ipdrop.io is a privacy-focused tool suite that helps you understand your network footprint.
Data We Process
Our tools process certain data in real time to display results to you. Here is what each tool accesses:
IP Lookup
When you visit the site, we detect your public IP address via a server-side function hosted on Supabase and look up associated geolocation data including: country, region, city, postal code, approximate coordinates, timezone, ISP/organization, and ASN. Your IP address is sent to the server to perform this lookup but is not logged or stored.
Browser Fingerprint
The fingerprint tool collects browser-level signals such as: user agent, screen resolution, installed plugins, timezone, language, hardware concurrency, device memory, WebGL renderer, canvas fingerprint, and audio context data. This data is processed entirely in your browser and is not sent to any server.
DNS Leak Test
This tool makes DNS requests to third-party services (ipify.org, icanhazip.com) to determine which DNS resolvers your connection uses and detect your public IP address. The results are displayed locally and help you verify whether your DNS traffic is being routed through your VPN.
WebRTC Leak Test
This tool uses your browser's WebRTC API to detect local and public IP addresses that may be exposed through WebRTC. It contacts Google's STUN servers (stun.l.google.com) to discover public-facing IPs. All processing happens client-side in your browser.
IPv6 Leak Test
This tool detects whether your IPv6 address is exposed when using a VPN. It contacts external services (ipify.org) to detect your public IPv4 and IPv6 addresses. Results are displayed locally in your browser and are not stored.
VPN Detection
This tool checks whether your connection appears to be using a VPN by analyzing your IP address metadata. It uses the same server-side IP lookup as the IP Lookup tool. No additional data is collected or stored.
Privacy Test
This composite tool runs multiple privacy checks (DNS leak, WebRTC leak, IPv6 leak, fingerprint analysis) in a single session. Each sub-test follows the same data handling described in its individual section above. No additional data is collected.
Speed Test
The speed test measures your internet connection's download and upload speeds by transferring data to and from a test server. Your IP address is visible to the test server during the measurement but is not stored by us.
Contact Form
When you submit the contact form, we collect your name, email address, subject, and message. This data is sent to our server hosted on Supabase and used solely to respond to your inquiry. We also temporarily store your IP address in a rate-limiting table to prevent abuse; these rate-limit records are ephemeral and not used for any other purpose.
Bug / Issue Reporting
When you report an issue using the Report Issue button, we collect: your issue description, the current page URL, your browser's user agent, screen dimensions, language setting, and IP address. This data is stored on our Supabase database to help us diagnose and fix issues. Your IP address is also used for rate limiting (max 5 reports per minute).
Client-Side Error Reporting
To detect JavaScript errors that break the site in your browser, a small script captures uncaught errors and unhandled promise rejections and sends them to our server (the /api/report-runtime-error endpoint). Each report includes the error type and message, the first line of the stack trace, and the page path — but NOT the querystring or fragment, which are stripped before storage. We do NOT store your IP address: it is hashed with SHA-256 (one-way) purely to group related reports. Your browser's user agent is reduced to a coarse category (for example 'desktop-chromium' or 'mobile-ios') rather than stored verbatim. Reports are sampled (every error in the first 24 hours after a page loads, then roughly one in ten) and automatically deleted after 30 days. This data is used only to find and fix bugs; it is never used for advertising, profiling, or sold to third parties.
Site Search Telemetry
When you use the in-site search bar (at the top of every page), we record the search query, the page language, your country (looked up server-side from your IP and then immediately discarded), a coarse device class (mobile, tablet, or desktop), and what you did with the result (selected a link, found no results, or dismissed it). We do NOT store your IP address, user agent, or any persistent identifier — we keep only a salted, truncated SHA-256 hash of (IP + user agent + day), used solely to enforce a per-visitor rate limit (max 60 logs per hour). We use this purely to improve the website — to understand which tools and articles people look for so we can fill content gaps; it is never used for advertising or profiling, nor sold to third parties. We retain these search logs for at most 90 days, after which they are automatically and permanently deleted.
Tool Usage Telemetry
When you run one of our privacy tools (IP lookup, fingerprint, DNS leak, WebRTC leak, speed test, VPN check, IPv6 leak, privacy test), we record only that the tool was used: the tool name, whether it succeeded or failed, the duration, the language of the page, your country (looked up server-side from your IP and then immediately discarded), and a coarse device class (mobile, tablet, or desktop). We do NOT store the diagnostic results themselves (no IPs you looked up, no fingerprint data, no leak details), your IP address, your user agent, or any persistent identifier — instead, we keep a salted, truncated SHA-256 hash of (IP + user agent + day) used only to enforce a per-visitor rate limit (max 200 events per hour). The purpose is to understand which tools are useful so we can prioritize improvements; it is never used for advertising, profiling, or sold to third parties.
Analytics
We use Plausible Analytics, a privacy-friendly, open-source analytics tool that we self-host on our own server in the European Union — your visit data is never sent to a third-party analytics provider. It is cookieless and collects only aggregate, anonymous metrics: page views, the referring site, entry and exit pages, the country a request comes from, and broad browser, operating-system, and device-type categories. No cookies are set and no personal data is stored. An IP address is used only in memory to derive a country and a daily-rotating, salted hash that lets us count unique visitors without identifying them; the raw IP is never written to disk and the salt is discarded every 24 hours, so visitors cannot be tracked across days, sites, or devices. We also record a single anonymous "Tool Completed" event noting which tool was run (never the results of that tool). Because no personal data is collected, our analytics need no cookie-consent banner. We use this data only to understand which tools are useful and to improve the site; it is never used for advertising or profiling, and is never sold or shared.
Data Storage
We do not store, log, or persist any of the diagnostic data processed by our privacy tools (IP lookup results, fingerprint data, DNS/WebRTC leak results, speed test results). There are no user accounts, and no diagnostic data is shared with third parties. All tool results are ephemeral and exist only during your browser session. Contact form submissions are stored securely on Supabase to allow us to respond to your message.
Cookies & Local Storage
We use a minimal set of cookies and local storage:
- Theme preference — A local storage entry to remember your light/dark mode choice.
- Cookie consent — A local storage entry to remember your cookie preference (accepted or rejected).
- Sidebar state — A cookie to remember your sidebar collapsed/expanded preference.
- Service worker cache — A service worker caches static assets (HTML, images, icons) on your device for faster page loads and basic offline support. You can clear this cache via your browser's developer tools or site settings.
- Tool completion state — A local storage entry that tracks which privacy tools you have run during your session, used to show completion checkmarks in the navigation.
We do not use third-party tracking cookies unless you explicitly accept them via the cookie consent banner.
Third-Party Services & Data Processors
We use the following third-party services to operate ipdrop.io:
- Supabase — Hosts our server-side functions (IP geolocation lookup, contact form processing, rate limiting). Supabase acts as a data processor on our behalf. Their privacy policy is available at supabase.com/privacy.
- IP geolocation API — An external service used to resolve IP address information (location, ISP, ASN). Only your IP address is sent to this service.
- DNS leak test services — Third-party services (ipify.org, icanhazip.com) contacted during DNS and IPv6 leak tests. Only DNS queries and IP detection requests are sent; no personally identifiable information beyond your IP address is transmitted.
- Google STUN servers — The WebRTC leak test contacts Google's STUN servers (stun.l.google.com) to discover public IP addresses exposed via WebRTC. No data beyond network-level IP visibility is involved.
Affiliate Links
This site contains affiliate links to privacy services including Proton VPN, NordVPN, Proton Pass, and Proton Drive. When you click an affiliate link and make a purchase, we may earn a commission at no extra cost to you. Affiliate partnerships do not influence our editorial content or tool results.
Your Rights
Since we don't maintain user accounts or store diagnostic data, there is generally nothing to delete or export for privacy tool usage. For contact form submissions, you may request deletion of your message by contacting us. You can clear your local storage, cookies, and service worker cache at any time through your browser settings.
Contact
If you have questions about this privacy policy, feel free to get in touch. Contact us here →