Privacy Policy · government.rest

Short version: We do not store your scan queries, your IP address, or any results from your inspections. The tool runs ephemerally. No scan data ever touches a database we control.

1. Who We Are

government.rest is an independent web security and OSINT intelligence platform. When this policy says "we", "us", or "our", it refers to the operators of government.rest. You can reach us at support@government.rest.

2. What We Collect and Why

2.1 Scan Queries — Not Collected

URLs you submit to the Source Inspector, usernames you look up via Social Lookup, IP addresses you query via IP Intelligence, and any other tool inputs are never stored, logged, or transmitted to our servers in a way that persists beyond the immediate response. The CORS proxy fetches the target page and returns the result directly to your browser. We do not record what you inspected.

2.2 Account Data (Paid Users)

If you purchase a paid plan, we collect:

Email address — to identify your account, deliver receipts, and communicate service updates
Payment information — processed by our payment provider (we never see or store raw card numbers)
Plan type and purchase date — to manage your subscription entitlements

We do not require an account to use the core features of the Service.

2.3 Technical Logs

Our hosting infrastructure may generate standard web server access logs (request path, status code, timestamp, and a hashed or anonymised IP). These logs are used solely for uptime monitoring, abuse detection, and rate-limit enforcement. They are automatically purged on a rolling basis and are never used to build profiles of individual users' behaviour.

2.4 Cookies and Local Storage

We do not use advertising cookies or third-party tracking cookies. If you are a logged-in paid user, a session cookie may be set to keep you authenticated. No persistent fingerprinting or behavioural tracking cookies are used.

3. Third-Party Services

The Service integrates with the following third-party services to function. Each has its own privacy policy:

CORS Proxy providers (corsproxy.io, allorigins.win) — used to fetch target pages on your behalf. These providers receive the URL you inspect and may log requests according to their own policies.
ipinfo.io — used for IP Intelligence lookups. Your IP address lookup queries are sent to their API.
Roblox Public API — used for Roblox username/profile lookups.
Lanyard API — used for Discord user lookups. Only works for users who have opted into Lanyard.
Payment processor — handles all billing. We receive confirmation of payment but not raw financial data.

We do not sell, rent, or share your data with advertising networks, data brokers, or any other third party not listed above.

4. How We Use Your Data

Account data (email, plan status) is used to:

Authenticate your session and enforce plan entitlements
Send transactional emails (receipt, plan confirmation, critical service notices)
Investigate abuse or violations of our Terms of Service if reported

We will never use your email to send unsolicited marketing without explicit opt-in consent.

5. Data Retention

Scan query data: not retained — ever.
Account data: retained for the duration of your account. You can request deletion at any time.
Technical logs: automatically purged on a rolling 7-to-30-day cycle.
Payment records: retained as required by financial regulations (typically 7 years), held by our payment processor.

6. Your Rights

Depending on your jurisdiction, you may have rights including:

Access — request a copy of personal data we hold about you
Correction — request correction of inaccurate data
Deletion — request deletion of your account and associated data
Portability — request your data in a machine-readable format
Objection — object to processing of your data in certain circumstances

To exercise any of these rights, email support@government.rest. We will respond within 30 days.

7. Security

We apply appropriate technical and organisational measures to protect your data, including HTTPS encryption in transit, access controls on account data, and minimal data collection as a baseline security practice. No method of transmission or storage is 100% secure; we cannot guarantee absolute security, but we take it seriously.

8. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. Significant changes will be communicated to registered users by email. Continued use of the Service after changes constitutes acceptance of the revised policy.

10. Contact

Privacy questions, data requests, or concerns: support@government.rest. You can also reach us on Discord.