Privacy Policy

Last updated: January 1, 2025

1. Information We Collect

When you use NULLR, we collect information necessary to provide the detection service:

Account data: email address, name, and encrypted password when you register.
Visitor intelligence data: IP addresses, browser fingerprints, and device signals collected on behalf of our customers on their websites. This data is processed to detect bots and threats.
Usage data: request counts, block rates, and aggregate statistics per API key.
Payment data: processed by Stripe or NOWPayments — we do not store card numbers.

2. How We Use Information

To provide, operate, and improve the NULLR detection service.
To send transactional emails (verification, billing, usage alerts).
To improve detection accuracy via an opt-in global threat database.
We do not sell personal data. We do not serve advertising.

3. Data Retention

Visitor detection logs are retained according to your plan (7 days on Starter, up to 365 days on Agency). You can delete logs at any time from the user panel. Account data is retained until you cancel your account.

4. Global Threat Database

With your opt-in consent, anonymised threat signals (IP addresses of confirmed bots, fingerprint hashes) may be contributed to our cross-user threat intelligence database. This helps all NULLR customers benefit from collective threat detection. Individual customer data is never shared between accounts — only anonymised threat indicators.

5. Third-Party Services

Stripe: payment processing. Subject to Stripe's privacy policy.
NOWPayments: crypto payment processing.
ipinfo.io / ip-api.com: IP geolocation. IPs are sent to these services for enrichment during detection.
AbuseIPDB: IP reputation scoring.

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by emailing privacy@nullr.io. For EU/EEA residents, you have rights under GDPR. We respond to all requests within 30 days.

7. Security

API keys are stored as SHA-256 hashes. Passwords are bcrypt-hashed. All data in transit is encrypted with TLS. We do not store plaintext credentials.

8. Contact

For privacy enquiries: privacy@nullr.io