PRIVACY NOTICE
This Privacy Notice for LikeFury Ltd, doing business as GetPublicIP ("Company," "we," "us," "our"), describes how and why we access, collect, store, use, and share ("process") your personal information when you use our services ("Services"), including when you visit our website getpublicip.com.
This Privacy Notice is issued as a privacy statement under the New Zealand Privacy Act 2020, as the transparency information required by Articles 13 and 14 of the EU General Data Protection Regulation and the UK General Data Protection Regulation, and as an openly-available privacy policy for the purposes of Australian Privacy Principle 1.
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services.
SUMMARY OF KEY POINTS
This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
Do we process any sensitive personal information? Some of the information may be considered "special" or "sensitive" in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. We do not process sensitive personal information.
Do we collect any information from third parties? We receive payment metadata from Stripe and may receive abuse reports about your assigned IP from third parties. We do not buy marketing data, do not use data brokers, and do not collect information from social networks.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.
In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties.
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.
Want to learn more about what we do with any information we collect? Review the Privacy Notice in full.
TABLE OF CONTENTS
- WHAT INFORMATION DO WE COLLECT?
- HOW DO WE PROCESS YOUR INFORMATION AND WHY?
- WHO DO WE SHARE YOUR INFORMATION WITH?
- DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
- HOW DO WE HANDLE YOUR SOCIAL LOGINS?
- WHERE WE SEND YOUR INFORMATION
- HOW LONG DO WE KEEP YOUR INFORMATION?
- WHAT HAPPENS IF THERE IS A PRIVACY BREACH?
- DO WE COLLECT INFORMATION FROM MINORS?
- YOUR PRIVACY RIGHTS
- DO-NOT-TRACK AND GLOBAL PRIVACY CONTROL
- DO WE MAKE UPDATES TO THIS NOTICE?
- HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
- HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
1. WHAT INFORMATION DO WE COLLECT?
Information you provide to us
In Short: We collect the information you give us when you create an account, buy a subscription, and contact us.
When you use GetPublicIP we collect:
- Account information: email address, password (stored as a secure hash, never in plain text), and any name or company name you choose to provide.
- Billing information: we use Stripe for payment processing. When you add a card, Stripe collects your card details directly — we do not see or store your full card number. Stripe provides us with a customer reference, your billing address (if you provide one), and metadata about the payment method (card brand, last four digits, expiry).
- Service configuration: the regions, names, reverse DNS entries, port forwarding rules, and similar configuration you set for your IP addresses.
- Support communications: the content of emails, support tickets, and any files you send us when contacting us.
Information we collect automatically
In Short: We collect technical information needed to deliver, secure, and bill the Service.
- The public IP you connect from when you sign in or use the dashboard. This is collected from the HTTP request and is used for session integrity, fraud prevention, and security logging. It is not linked to your tunnel traffic.
- WireGuard metadata for each assigned IP: the public key, the encrypted private key, the last handshake timestamp, and bandwidth counters. This is required to deliver the Service.
- Server-side request logs containing request metadata (timestamps, paths, status codes, user-agents, IP) for application security and debugging.
- Aggregate website analytics via our self-hosted Plausible instance. See section 4 for details — this is cookieless and does not identify you.
Information we collect from third parties
We do not buy marketing data, do not source lists from data brokers, and do not collect information from social networks. The only third-party-sourced information we use is:
- Payment metadata from Stripe (described above).
- IP geolocation via the MaxMind GeoIP2 database, which we query locally from the IP address that connects to our dashboard to display the rough region of your connection. We do not upload your IP to MaxMind; the database is processed entirely on our servers.
- Abuse reports about your assigned IP address, received from third parties who have observed activity they consider abusive.
Sensitive information
We do not ask for, and do not want to process, sensitive personal information of the kind defined in Article 9 GDPR (health, political opinions, religion, sexual orientation, biometric data, etc.). If you send us such information in a support ticket we will delete it as soon as the ticket is resolved.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
2. HOW DO WE PROCESS YOUR INFORMATION AND WHY?
In Short: We process your information for specific purposes, each with a documented legal basis.
| Purpose | What we do | Legal basis (GDPR / NZ Privacy Act) |
|---|---|---|
| Providing the Service | Authenticate your account; provision, configure, and maintain your assigned IP addresses; deliver the dashboard and the API | Performance of our contract with you (GDPR Art. 6(1)(b)); authorised purpose under NZ IPP 10 |
| Billing | Charge your payment method via Stripe; generate invoices; reconcile disputes | Performance of our contract (GDPR Art. 6(1)(b)) |
| Tax and accounting records | Retain invoice data to meet Inland Revenue and equivalent tax record-keeping requirements | Legal obligation (GDPR Art. 6(1)(c)) |
| Security, fraud prevention, abuse investigation | Analyse connection logs, respond to reports of abuse on your IP, detect automated abuse of the sign-up flow | Our legitimate interests in maintaining a secure Service (GDPR Art. 6(1)(f)); legitimate purpose connected to our functions (NZ IPP 1) |
| Service communications | Send account, billing, and service emails (activation, invoices, incident notifications, SLA notices) | Performance of our contract (GDPR Art. 6(1)(b)) |
| Marketing communications | If you opt in, send occasional product updates and promotional emails | Your consent (GDPR Art. 6(1)(a)), which you can withdraw at any time via the unsubscribe link in every marketing email |
| Aggregate analytics | Understand aggregate site usage (visits, referrers, rough geography) to improve the site | Our legitimate interests in understanding and improving our Service (GDPR Art. 6(1)(f)) |
We do not use your personal information for any purpose other than those listed in this section.
3. WHO DO WE SHARE YOUR INFORMATION WITH?
In Short: We share the minimum needed to run the Service, and we never sell your data.
We share information with:
- Subprocessors. Third parties that help us deliver the Service, each under a data processing agreement where required. A current list is available at getpublicip.com/legal/subprocessors. At a high level this includes our payment processor (Stripe), our tunnel infrastructure providers and our transactional email provider.
- Law enforcement and regulators. We disclose information only where required by a legally valid request (for example a New Zealand search warrant, production order, or the equivalent foreign legal instrument authenticated through a Mutual Legal Assistance Treaty). We push back on requests that are overbroad or improperly issued. Where we are not legally prohibited from doing so, we will notify the affected customer before disclosing their data, to allow them to seek legal advice or contest the request.
- In a corporate transaction. If LikeFury Ltd is acquired, merged, or sold, customer information may be transferred to the acquiring party as part of that transaction, subject to the acquiring party's commitment to honour this Privacy Notice or an equivalent policy.
- With your consent. In any other case where you have given us permission.
We never sell, rent, or share your personal information for advertising or marketing purposes. We do not share information with social media platforms or data brokers.
4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
In Short: We use a minimal, privacy-preserving set of cookies and tracking technologies. We do not use third-party advertising or marketing trackers.
We use only the following:
- Session cookies (strictly necessary) — Our Backend sets a session cookie and CSRF cookie while you are signed in. These are required for authentication and cannot be turned off while using the authenticated dashboard.
- Plausible Analytics (self-hosted) — we run our own instance of Plausible at analytics.getpublicip.com. Plausible does not use cookies, does not collect personal data, does not build cross-site profiles, and does not transfer your data to any third party. It counts page views and referrers in aggregate only.
- Altcha CAPTCHA — our sign-up and contact forms use Altcha, a proof-of-work CAPTCHA that runs entirely in your browser. It does not use cookies, does not track you, and does not build a fingerprint.
We do not use Google Analytics, Facebook Pixel, LinkedIn Insight Tag, Twitter/X Pixel, TikTok Pixel, or any other third-party advertising or marketing tracker. We do not sell, rent, or share your data with advertisers.
A standalone Cookie Notice with the same information is available at getpublicip.com/legal/cookies.
5. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
In Short: We do not currently offer social login.
Registration and sign-in to GetPublicIP are handled with an email address and password. We do not offer the ability to register or sign in using a third-party social media account (such as Facebook, X, Google, or LinkedIn) and we do not receive any profile information from such platforms. If we introduce social login in the future, we will update this Privacy Notice and describe what information we would receive and how it would be used before enabling the feature.
6. WHERE WE SEND YOUR INFORMATION
In Short: Your information is processed in New Zealand and in the countries where our infrastructure and subprocessors operate.
LikeFury Ltd is based in New Zealand. Our infrastructure and subprocessors operate in the following locations, and some of your information may be transferred, stored, or processed in each:
| Location | Why | Safeguards |
|---|---|---|
| New Zealand | Primary place of business; account data storage | Privacy Act 2020; NZ has an EU adequacy decision for inbound transfers |
| Australia | Tunnel endpoint infrastructure for Oceania region | Australian Privacy Act 1988 (Australian Privacy Principles); substantially similar standard for Privacy Act 2020 IPP 12 |
| Netherlands (European Union) | Tunnel endpoint infrastructure for European region | Within the European Economic Area (GDPR applies directly) |
| United States | Stripe, Inc. (payment processing) and, where applicable, tunnel endpoints and transactional email provider | Stripe is certified under the EU-US Data Privacy Framework and the UK Extension; Standard Contractual Clauses are in place under the Stripe DPA. For NZ Privacy Act IPP 12 purposes we rely on the NZ Office of the Privacy Commissioner's Model Clauses incorporated in the Stripe DPA and, where you have given express consent by accepting this Privacy Policy, on IPP 12(1)(f). |
You can request a copy of the safeguards applicable to any transfer by emailing privacy@getpublicip.com.
7. HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information only as long as we need it for the purposes set out above, or as required by law.
Our default retention schedule is:
| Data category | Retention | Reason |
|---|---|---|
| Account record (email, name, authentication credentials) | Lifetime of the account, plus 30 days after account deletion | Support handover and fraud prevention; enables account recovery within a reasonable window |
| Billing invoices and tax records | 7 years | Inland Revenue Department record-keeping requirements; equivalent tax laws in other jurisdictions |
| WireGuard private keys | Deleted on IP release or account deletion | No business need once the IP is released |
| Bandwidth counters | 2 years | Billing reconciliation and capacity planning |
| Server-side request logs (including IPs) | 5 years | Security investigations; debugging |
| Support tickets and attachments | 3 years from resolution | Dispute resolution; service improvement |
| Marketing consent and unsubscribe records | 6 years | Proof of compliance with UEMA, CAN-SPAM, CASL, and equivalent laws |
| Aggregate analytics (Plausible) | Indefinite | Non-personal data; cannot be linked to any individual |
When we no longer have a legitimate business need to process your personal information, we delete or anonymise it. If this is not immediately possible (for example because it is held in backup archives), we isolate it from further processing until deletion is possible.
You can request earlier deletion of your information under section 10 (Your Privacy Rights). We may retain a minimum subset of information where we are legally required to do so (for example tax records) or where we have a specific, justified reason (such as an open abuse investigation).
8. WHAT HAPPENS IF THERE IS A PRIVACY BREACH?
In Short: If a breach is likely to seriously harm you, we will tell you and the regulator promptly.
If we become aware of a privacy breach that has caused, or is reasonably likely to cause, serious harm to you, we will:
- notify the New Zealand Privacy Commissioner as soon as practicable, and in any event within 72 hours of confirming the breach, as required by Part 6 of the Privacy Act 2020;
- notify you directly, without undue delay, where the breach is likely to result in serious harm to you;
- for European Union and United Kingdom data subjects, notify the lead supervisory authority within 72 hours of awareness as required by Article 33 of the GDPR / UK GDPR, and notify you directly without undue delay where Article 34 applies;
- for Australian residents, notify the Office of the Australian Information Commissioner if the breach meets the Notifiable Data Breaches threshold under the Privacy Act 1988 (Cth); and
- take prompt remedial steps to contain the breach, investigate its cause, and reduce the risk of recurrence.
In our notification to you we will describe the nature of the breach, the kinds of information involved, the steps we have taken or will take, and the steps we recommend you take to protect yourself.
9. DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at privacy@getpublicip.com.
10. YOUR PRIVACY RIGHTS
In Short: Your rights depend on where you live. We honour the strongest applicable right for each request, regardless of where you are based.
| Right | Who has it | How we respond |
|---|---|---|
| Access your information | All | Email privacy@getpublicip.com; we respond within 20 working days (NZ) or one month (GDPR / UK) |
| Correct inaccuracies | All | Edit in the dashboard, or email privacy@getpublicip.com |
| Delete your information | All (subject to legal retention requirements in section 7) | Email privacy@getpublicip.com or delete your account; we confirm within 20 working days |
| Data portability | EU / UK data subjects | Email privacy@getpublicip.com; we provide the data in a structured, machine-readable format |
| Object to processing based on legitimate interests | EU / UK data subjects | Email privacy@getpublicip.com |
| Restrict processing | EU / UK data subjects | Email privacy@getpublicip.com |
| Withdraw consent | Anyone whose processing is based on consent | Click unsubscribe in marketing emails; email privacy@getpublicip.com for other consents |
| Lodge a complaint with a regulator | All | NZ: Office of the Privacy Commissioner (privacy.org.nz); EU: your national supervisory authority; UK: Information Commissioner's Office (ico.org.uk); AU: Office of the Australian Information Commissioner (oaic.gov.au) |
| Not be subject to a solely automated decision with legal or similarly significant effects | EU / UK data subjects | We do not make any such decisions |
Verifying your identity. We will verify your identity before acting on a request — usually by confirming that you can authenticate to the email address on file. This protects you from someone else submitting a request in your name.
Response time. We aim to respond to every request within the statutory window (20 working days under the NZ Privacy Act 2020, or one month under GDPR / UK GDPR). Complex or voluminous requests may take longer, in which case we will notify you within the statutory window and explain why.
Withdrawing consent. If we rely on your consent to process your information, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal, and does not affect processing grounded on another lawful basis.
Fees. Under section 42 of the New Zealand Privacy Act 2020 and Article 12(5) of the GDPR, we may charge a reasonable administrative fee for requests that are manifestly unfounded or excessive, or refuse to act on them. We have never done this and do not expect to.
11. DO-NOT-TRACK AND GLOBAL PRIVACY CONTROL
Most web browsers offer a Do-Not-Track ("DNT") setting. No uniform technology standard for recognising and implementing DNT signals has been finalised, and we do not currently respond to DNT signals. However, we do not engage in cross-site tracking or share data with advertisers, so a DNT signal is effectively honoured by default on our site.
We honour the Global Privacy Control (GPC) signal. Where a US state privacy law (including the CCPA / CPRA and equivalent state laws) requires us to treat GPC as a valid opt-out of the sale or sharing of personal information, we do so. For completeness: we do not sell or share personal information for advertising purposes in any jurisdiction, so there is nothing additional to opt out of.
If a new standard for online tracking signals is adopted that we are required to follow, we will describe our response in an updated version of this Privacy Notice.
12. DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
LikeFury Ltd's Privacy Officer is responsible for ensuring compliance with the Privacy Act 2020 and for responding to privacy enquiries, access and correction requests, and complaints. You can reach the Privacy Officer at privacy@getpublicip.com.
If you have questions or comments about this notice, please contact us at:
LikeFury Ltd
Auckland
New Zealand
privacy@getpublicip.com
14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please contact us using the information provided above.