Skip to content
Download for

Legal

Privacy Policy

Privacy Policy for JPRQ, covering account data, tunnel metadata, request inspection data, Stripe billing, support, cookies, retention, and user choices.

1. Overview

This Privacy Policy explains how JPRQ collects, uses, stores, shares, and protects personal data when you use the JPRQ website, dashboard, desktop app, CLI, public tunneling service, request debugger, support channels, and paid subscriptions.

If you do not want JPRQ to process data as described here, do not use the service.

2. Our Role

For account, website, product, billing, support, security, and business operations data, JPRQ generally acts as the controller or business that decides why and how the data is processed.

For request and response content that you choose to route through JPRQ, JPRQ may act as a service provider or processor that handles the data to provide tunneling, inspection, replay, storage, support, and security features. You are responsible for the legality and configuration of the services and data you expose.

3. Data We Collect

Account and identity data

We may collect your name, email address, GitHub account details, authentication identifiers, profile image, organization information, account settings, device identifiers, license status, and authentication events.

Product usage and tunnel data

We may collect tunnel identifiers, tunnel domains, custom subdomains, custom domains, local target metadata, timestamps, IP addresses, user agent strings, CLI or desktop app version, operating system, bandwidth usage, connection counts, request counts, error logs, performance data, security events, and plan-limit events.

Request inspection data

If you use request debugging, request history, or replay features, JPRQ may process request and response metadata, paths, methods, status codes, timing data, headers, query strings, cookies, tokens, bodies, payloads, files, replay data, and related logs. The exact data depends on what your local services receive and what features you enable.

Request inspection data may contain confidential information or personal data. You should avoid routing sensitive or regulated data through JPRQ unless you have the legal rights, user notices, consents, controls, and written agreements needed for that use.

Billing and subscription data

Paid orders are processed through Stripe. We may receive and store billing metadata such as Stripe customer IDs, subscription IDs, invoice IDs, plan, subscription status, renewal date, cancellation status, refund status, dispute status, billing name, billing email, billing address, tax IDs where provided, card brand, card expiration, and card last four digits. We do not receive or store full card numbers or card security codes.

Support and communications

If you contact us, we collect the information you provide, including your email address, message content, attachments, logs, screenshots, troubleshooting details, and support history.

Website, cookies, and local storage

We may collect website interaction data and use cookies, local storage, or similar technologies for authentication, session management, preferences, security, analytics, product improvement, and checkout flows.

4. How We Use Data

We use data to:

  • Provide, maintain, secure, debug, and improve JPRQ.
  • Create tunnels, route traffic, authenticate users, and enforce plan limits.
  • Operate request inspection, replay, history, desktop, dashboard, and CLI workflows.
  • Process subscriptions, renewals, cancellations, refunds, invoices, receipts, taxes, and payment disputes through Stripe.
  • Detect abuse, fraud, security incidents, illegal activity, and service misuse.
  • Respond to support requests and communicate about account, billing, security, legal, and product updates.
  • Analyze aggregate service performance and usage trends.
  • Comply with law, enforce our terms, and protect JPRQ, users, infrastructure providers, payment processors, and third parties.

5. Legal Bases

Where required by law, we process personal data based on contract necessity, legitimate interests, consent, legal obligations, or protection of rights and safety. Examples include providing the service you request, securing shared infrastructure, complying with tax and payment obligations, responding to support requests, and preventing abuse.

6. Sharing and Processors

We do not sell personal data. We may share data with service providers and processors that help us operate JPRQ, including hosting, database, authentication, analytics, logging, email, support, security, error monitoring, and payment services.

Stripe processes payment, billing, subscription, invoice, refund, tax, and dispute data for JPRQ. Stripe may act as a processor, service provider, or independent controller depending on the Stripe service and legal context. Stripe's processing is described in Stripe's privacy materials at stripe.com/legal/privacy-center.

We may also disclose data if required by law, legal process, security investigation, fraud prevention, enforcement of these policies, or protection of JPRQ, users, Stripe, infrastructure providers, or third parties.

7. Retention

We keep personal data only as long as needed for the purposes described in this policy, including providing JPRQ, complying with legal obligations, resolving disputes, enforcing agreements, preventing abuse, and maintaining security.

Account data, billing records, support messages, security logs, tunnel metadata, and request history may have different retention periods depending on your plan, feature configuration, legal requirements, backup cycles, support needs, and security needs. We may retain aggregated or de-identified data after personal data is deleted.

If request history or body capture controls are available in your plan or product settings, use those controls to reduce or delete stored request inspection data.

8. Security

We use reasonable technical and organizational safeguards to protect data, including access controls, encryption in transit where appropriate, monitoring, and operational security practices. No internet service can guarantee perfect security.

You are responsible for securing your account, local services, credentials, exposed applications, and systems connected through JPRQ. JPRQ is not a substitute for application authentication, firewalling, secrets management, or compliance controls.

9. International Transfers

JPRQ and its service providers may process data in countries other than your own. Where required, we use appropriate safeguards for international transfers.

10. Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to processing of your personal data. You may also have the right to withdraw consent where processing is based on consent.

You can reduce some data collection by deleting request history where available, disabling optional capture features where available, rotating tokens, revoking devices, changing browser cookie settings, or closing your account.

To make a privacy request, contact [email protected]. We may need to verify your identity before responding.

11. Children

JPRQ is not directed to children under 16, and we do not knowingly collect personal data from children under 16. If you believe a child provided personal data to JPRQ, contact us so we can take appropriate action.

12. Changes

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify affected users.

13. Contact

For privacy questions or requests, contact JPRQ at [email protected].