Privacy Policy
Summary: InfiniUm Tools is built privacy-first. We collect only what's necessary to run the service. We never sell your data. Tool inputs are processed in real time and not stored. You can delete your account and all associated data at any time.
1. Who We Are
InfiniUm Tools operates the website infinium.tools, a suite of free developer, DevOps, and SEO tools. We are an independent service provider based in Europe.
For privacy-related matters, contact us at: contact@infinium.tools
2. Data We Collect
2.1 Tool Usage Data
When you use our tools (DNS lookup, SSL checker, WHOIS, etc.), you submit URLs, domain names, or other inputs. This data is:
- Processed in real time on our servers
- Not stored after the response is returned
- Never associated with your identity for anonymous users
- Counted (not stored) for rate limiting purposes using an anonymized IP hash
AI Tools: Inputs submitted to AI-powered tools (Log Detective, Config Reviewer, SEO Analyzer, Cron Builder) are sent to Anthropic's Claude API for processing. These inputs are subject to Anthropic's Privacy Policy. We do not store AI tool inputs after processing.
AI Prompt Privacy Checker: This tool operates entirely client-side in your browser. No data leaves your device.
InfiniUm Shield Browser Extension
InfiniUm Shield is a browser extension available for Chrome, Firefox, and Edge. Its sole purpose is to detect and mask sensitive data in prompts before they are submitted to AI tools (ChatGPT, Claude, Gemini). The following describes exactly what data is and is not collected:
Free Tier — No data collected or transmitted:
- All prompt scanning and masking happens entirely inside your browser tab
- No prompt content, masked values, or personal data is ever transmitted to InfiniUm Tools or any third party
- Extension settings (on/off toggle, per-site preferences) are stored locally in
chrome.storage.localon your device only - Detection statistics (total items masked, categories) are stored locally on your device only
- No account is required. No cookies. No analytics from the extension itself.
Pro Tier — Metadata only:
- When a user subscribes to Shield Pro, an API key is generated and stored locally in
chrome.storage.local - The extension sends an audit log entry to InfiniUm servers after each masked prompt. This entry contains: which AI platform was used (e.g. "claude"), how many items were masked (e.g. 3), and which categories were found (e.g. ["EMAIL", "API_KEY"])
- The actual content of prompts is never transmitted, never logged, and never stored on InfiniUm servers under any circumstances
- Custom masking rules (words or phrases the user adds) are synced to InfiniUm servers to enable cross-device synchronisation. These are plain text terms added explicitly by the user.
- Subscription verification is performed by calling the InfiniUm API with the user's Shield API key once daily
InfiniUm Shield does not collect browsing history, does not read web page content outside of AI chat input fields on supported platforms, and does not perform any activity unrelated to its single purpose of protecting AI prompts.
2.2 Account Data
If you create an account, we collect:
| Data | Purpose | Stored |
|---|---|---|
| Email address | Account identification, login | Until account deletion |
| Name | Personalisation | Until account deletion |
| Password | Authentication | Bcrypt hash only — never plain text |
| OAuth token | Google login | Session duration only |
| Usage count | Rate limiting | Rolling 24-hour window |
| Plan / billing status | Feature access | Until account deletion |
2.3 Server Logs
Our web server automatically records: IP address, request path, HTTP status code, user agent, and timestamp. These logs are retained for a maximum of 7 days for security and debugging purposes, then automatically purged.
2.4 Analytics
We use self-hosted Umami Analytics — a privacy-preserving, open-source alternative to Google Analytics. Umami does not use cookies, does not fingerprint visitors, and does not track individuals across sites. All analytics data is anonymised and aggregated.
3. How We Use Your Data
- To provide tool functionality — processing your submitted URLs, domains, or code
- To enforce rate limits — using anonymised IP hashes, not raw IPs
- To manage your account — authentication, plan management, usage tracking
- To improve the service — aggregated, anonymised usage statistics only
- To send transactional emails — account verification, password reset (no marketing without explicit consent)
- To process payments — via Stripe (Pro/Team plans)
We do not use your data for advertising, profiling, or any purpose not listed above.
4. Data Sharing & Third Parties
We never sell, rent, or trade your personal data. We share data only with the following sub-processors:
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| Anthropic | AI tool processing | Tool inputs only | USA |
| Stripe | Payment processing | Email, billing info | USA/EU |
| Google OAuth | Optional login method | Email, name | USA |
| DigitalOcean | Server hosting | All server data | EU (Frankfurt) |
| Zoho Mail | Transactional email | Your email address | EU |
All sub-processors are contractually bound to process data only as instructed and maintain appropriate security standards.
5. Data Retention
| Data type | Retention period |
|---|---|
| Tool inputs (anonymous) | Not stored — discarded immediately after response |
| Server logs | 7 days maximum |
| Rate limit counters (IP hash) | 24 hours rolling |
| Account data | Until account deletion or 3 years of inactivity |
| Usage statistics (aggregated) | Indefinitely — no personal data |
| Payment records | 7 years (legal requirement) |
6. Cookies & Local Storage
We use minimal cookies and browser storage:
| Name | Type | Purpose | Expires |
|---|---|---|---|
| better-auth.session_token | Essential | Authentication session | 30 days |
| theme | Functional | Dark/light mode preference | Persistent (localStorage) |
We do not use advertising cookies, third-party tracking cookies, or cookie-based analytics. See our full Cookie Policy.
7. Security
- All data in transit is encrypted with TLS 1.3
- Passwords are hashed with bcrypt (never stored in plain text)
- API keys are stored as SHA-256 hashes
- Server access is restricted by firewall — no public SSH access
- We follow OWASP Top 10 security guidelines
- Regular dependency audits and security updates
Despite these measures, no system is completely secure. If you discover a security vulnerability, please report it responsibly to contact@infinium.tools.
8. GDPR Rights (EU/EEA Users)
Under the General Data Protection Regulation (EU 2016/679), you have the following rights:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure — request deletion of your personal data ("right to be forgotten")
- Right to restrict processing — limit how we use your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — withdraw consent at any time without affecting past processing
To exercise any of these rights, email contact@infinium.tools. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
Our lawful bases for processing are: contract performance (account services), legitimate interests (security, analytics), legal obligation (payment records), and consent (marketing emails).
9. CCPA Rights (California Users)
Under the California Consumer Privacy Act (CCPA), California residents have the right to:
- Know — what personal information we collect, use, disclose, and sell
- Delete — request deletion of personal information we have collected
- Opt-out — we do not sell personal information. There is nothing to opt out of.
- Non-discrimination — we will not discriminate against you for exercising CCPA rights
To submit a CCPA request, email contact@infinium.tools with subject line "CCPA Request".
10. Children's Privacy
InfiniUm Tools is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page reflects when the policy was last revised. Continued use of the service after changes constitutes acceptance of the updated policy.
12. Contact Us
InfiniUm Tools
We aim to respond to all privacy-related inquiries within 5 business days.