Privacy Policy

Last updated: February 28, 2026

Netra Security ("we", "us", "our") operates the ServerTools website at server-tools.areakpi.in and the ServerTools binary product. This Privacy Policy describes how we collect, use, store, and protect your personal information when you visit our website, purchase a license, or use our software.

By using our website or software, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our services.

1. Information We Collect

1.1 Information You Provide

  • Account information: Email address when you log in via OTP or make a purchase.
  • Billing information: Name, country, and payment details. Payment card numbers are processed directly by our payment processors (Stripe, Razorpay, PayPal) and are never stored on our servers.
  • Purchase records: License tier, order ID, purchase date, and amount.
  • Support communications: Any emails or messages you send us for support.

1.2 Information Collected Automatically

  • Server logs: IP address, browser type, operating system, referring URL, pages visited, and timestamps. These logs are retained for 30 days for security monitoring.
  • Cookies: We use a single httpOnly session cookie (st-session) for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics.

1.3 Information We Do NOT Collect

  • Scan results: The ServerTools binary operates entirely offline. We never receive, transmit, or store your scan results, vulnerability findings, or security assessment data.
  • License usage telemetry: We do not track which scanners you run, how often, or against which targets. The binary validates your license key locally using Ed25519 signature verification — no network call is made.
  • Passwords: We use email-based OTP authentication. No passwords are stored.

2. How We Use Your Information

  • License fulfillment: To generate and deliver your Ed25519-signed license key.
  • Account access: To authenticate you via one-time email codes.
  • Order management: To process payments, issue receipts, and provide order history.
  • Product updates: To notify you of critical security updates or license expiry (opt-out available).
  • Legal compliance: To comply with applicable laws, regulations, or valid legal processes.

3. Data Storage and Security

3.1 Storage Location

Your data is stored on our server located in Nuremberg, Germany (Hetzner data center). The server uses full-disk encryption and is secured with SSH key-only access, fail2ban intrusion prevention, and automatic security updates.

3.2 Database

We use SQLite with WAL (Write-Ahead Logging) mode. The database file is not accessible via the web and is backed up daily. Session tokens are generated using cryptographically secure random bytes (256-bit) and OTPs are stored as HMAC-SHA256 hashes.

3.3 Payment Security

We never store credit card numbers, CVVs, or bank account details. All payment processing is handled by PCI DSS Level 1 certified processors:

  • Stripe — International credit/debit card payments
  • Razorpay — Indian payments (UPI, net banking, cards)
  • PayPal — PayPal balance and linked payment methods

3.4 License Key Security

License keys are Ed25519-signed tokens. The signing private key is stored as an environment variable on the server and is never committed to source control, logged, or exposed via API. The public key is embedded in the compiled binary for offline verification.

4. Data Retention

  • Account data: Retained as long as your account exists. You may request deletion at any time.
  • Order records: Retained for 7 years to comply with tax and accounting obligations.
  • License keys: Retained until expiry plus 90 days, then permanently deleted.
  • Session tokens: Expire after 30 days of inactivity and are then purged.
  • OTP codes: Expire after 10 minutes and are immediately nullified upon successful verification.
  • Server logs: Retained for 30 days, then automatically rotated and deleted.

5. Data Sharing

We do not sell, rent, or trade your personal information. We share data only with:

  • Payment processors (Stripe, Razorpay, PayPal) — to process your transactions.
  • Email delivery (SMTP provider) — to send OTP codes and license keys.
  • Law enforcement — only when required by valid legal process (court order, warrant, or subpoena).

We do not use Google Analytics, Facebook Pixel, or any third-party tracking service.

6. Your Rights

Regardless of your jurisdiction, we provide the following rights to all users:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and associated data (except records required for legal/tax compliance).
  • Export: Receive your data in a machine-readable JSON format.
  • Objection: Object to processing for marketing purposes (opt-out of product update emails).

To exercise any right, email privacy@netra.tools with your registered email address. We will respond within 30 days.

7. GDPR Compliance (EU/EEA Users)

Our legal basis for processing your data is: (a) contract performance (license fulfillment), (b) legitimate interest (security monitoring), and (c) consent (marketing communications). Our server is located within the EU (Germany), so no cross-border data transfer occurs for EU users. You have all rights under Articles 15-22 of the GDPR.

8. Indian IT Act Compliance

We comply with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. We implement reasonable security practices including encryption, access controls, and regular audits. Indian users may contact our Grievance Officer at grievance@netra.tools.

9. Children

ServerTools is a professional security auditing product. We do not knowingly collect data from individuals under 18. If we discover that we have collected data from a minor, we will delete it immediately.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be announced via email to registered users at least 14 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For privacy-related inquiries:

  • Email: privacy@netra.tools
  • Entity: Netra Security
  • Data Protection Officer: Ashish Kamdar
← Back to home