Privacy Policy

This is a placeholder. Generate a Privacy Policy at Termly (free tier) using the questionnaire and paste the output here.

What you should declare in the Termly questionnaire

• Personal data collected: email address, GitHub user ID and username, tunnel access logs (subdomain, timestamp, source IP), payment details (handled by Stripe).
• Subprocessors: Stripe (payments), GitHub (OAuth identity), MongoDB Atlas (data storage), Fly.io (hosting), Resend (transactional email), Sentry (error reporting), Cloudflare (DNS), Vercel (landing host).
• Data retention: tunnel access logs auto-expire after 7 days; usage statistics after 30 days; deleted accounts are hard-deleted 30 days after the user requests deletion.
• User rights: account deletion via DELETE /api/me, data export via GET /api/me/export.
• Contact: hello@justtunnel.dev (or your contact address).

Abuse detection

JustTunnel inspects HTTP headers and request metadata of tunneled traffic to detect phishing, malware delivery, and credential harvesting. We do not store the contents of request or response bodies. For specific detectors that examine POST request bodies, we record only field names (e.g. that a password field was present) and never the values themselves. Detection events are retained as part of our internal abuse-moderation records.

Until this is generated

If you signed up before this page was finalized: we collect the data listed above, we do not sell it, and you can delete your account at any time from the dashboard.