Welcome to Tunnee (“Tunnee”, “we”, “our”, or “us”). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our tunneling and networking services, website, APIs, and related applications (collectively, the “Service”).
By using Tunnee, you agree to the collection and use of information in accordance with this Privacy Policy.
1. Who We Are
Tunnee is operated from Portugal.
If you have questions about this Privacy Policy or your personal data, you can contact us at:
Email: support@tunnee.com
2. Information We Collect
Account Information
When you create an account, we may collect:
- Email address
- Password (stored in hashed form) or authentication credentials
- Account preferences and settings
OAuth Login Providers
We currently support email and password authentication. We plan to offer login via Google and GitHub in the future. If you choose to sign in through one of these providers, we will receive basic profile information from them - typically your name, email address, and profile picture - in accordance with your permissions and their respective privacy policies.
We do not receive or store your passwords from third-party providers.
Tunnel Metadata
To operate and secure the Service, we may collect metadata related to tunnels and connections, including:
- Tunnel identifiers
- Tunnel configuration
- Connection timestamps
- IP addresses
- Bandwidth usage
- Request counts
- Diagnostic and operational metrics
Connection metadata and logs are retained for up to 90 days for operational and security purposes, after which they are deleted or anonymized.
Payment Information
Payments are processed by Stripe. Tunnee does not store full payment card information.
Stripe may collect:
- Billing information
- Payment card details
- Transaction information
Please review Stripe’s Privacy Policy for additional details.
Error and Diagnostic Data
We use Sentry to collect error reports and diagnostic information to improve the reliability and stability of the Service.
This may include:
- Device and browser information
- Error logs
- Technical diagnostics
Error and diagnostic data is retained for up to 30 days.
Cookies and Local Storage
We use cookies and similar technologies to operate the Service. These may include:
- Session cookies - to keep you authenticated during a session
- Preference cookies - to remember your settings
- Security cookies - to detect and prevent abuse
We do not use third-party advertising or tracking cookies. You can control cookie behavior through your browser settings, though disabling certain cookies may affect the functionality of the Service.
Infrastructure and Network Data
We use infrastructure and networking providers including:
- Cloudflare for DNS, networking, and security services
- Hetzner for hosting infrastructure
These providers may process IP addresses and technical request data as part of delivering their services.
3. We Do Not Inspect Tunnel Content
Tunnee is designed as a tunneling and networking platform.
We do not intentionally inspect, read, or store the content of traffic transmitted through tunnels.
However, limited technical metadata may be processed to:
- Operate the Service
- Prevent abuse
- Monitor system reliability
- Enforce security measures
4. How We Use Information
We use collected information to:
- Provide and maintain the Service
- Authenticate users
- Process payments
- Monitor infrastructure performance
- Detect abuse, fraud, and security threats
- Troubleshoot technical issues
- Communicate with users
- Comply with legal obligations
5. Automated Processing and Abuse Detection
Tunnee uses automated systems to detect abuse, security threats, and violations of our Acceptable Use Policy. These systems analyze metadata such as traffic patterns, connection frequency, and IP reputation.
Where automated processing results in account restriction or suspension, you may contact us at support@tunnee.com to request human review of the decision.
We do not use automated decision-making for purposes beyond security and abuse prevention.
6. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (“EEA”), we process personal data under the following legal bases:
- Performance of a contract - to provide the Service you have signed up for
- Legitimate interests - to maintain security, prevent abuse, improve reliability, and operate the Service effectively
- Compliance with legal obligations - where processing is required by law
- Consent - where we have requested and received your explicit consent
7. Data Retention
We retain personal data only for as long as necessary for the purposes described in this Policy. Specific retention periods:
| Data type | Retention period |
|---|---|
| Account information | Duration of account, plus up to 30 days after deletion |
| Connection logs and tunnel metadata | Up to 90 days |
| Error and diagnostic data | Up to 30 days |
| Payment records | As required by applicable law (typically 7 years) |
| Abuse and security records | Up to 1 year, or longer if required for legal proceedings |
8. Data Breach Notification
In the event of a personal data breach, we will:
- Notify the relevant supervisory authority (CNPD in Portugal) within 72 hours of becoming aware of the breach, where required by applicable law
- Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms
Notifications will describe the nature of the breach, the data involved, likely consequences, and measures taken or planned to address it.
9. Sharing of Information
We do not sell personal data.
We may share information with:
- Infrastructure providers (Hetzner, Cloudflare)
- Payment processors (Stripe)
- Error monitoring providers (Sentry)
- Legal authorities when required by law
- Service providers acting on our behalf under data processing agreements
Third-party providers are authorized to process data only as necessary to provide services to Tunnee.
10. Data Processing Agreements
Business customers subject to GDPR may require a Data Processing Agreement (“DPA”) with Tunnee. Please contact us at support@tunnee.com to request a DPA.
11. International Transfers
Your information may be processed in countries outside your jurisdiction, including countries that may have different data protection laws.
Where required, we implement appropriate safeguards for international data transfers, such as Standard Contractual Clauses approved by the European Commission.
12. Security
We implement reasonable technical and organizational measures designed to protect personal information, including encryption in transit and access controls.
However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
13. Your Rights
Depending on your jurisdiction, you may have rights to:
- Access your personal data
- Correct inaccurate data
- Delete your data
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time, without affecting the lawfulness of prior processing
- Lodge a complaint with a supervisory authority
EEA users: You have the right to lodge a complaint with your local data protection authority. In Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD): www.cnpd.pt.
To exercise your rights, contact us at support@tunnee.com.
14. Children’s Privacy
Tunnee is not intended for individuals under the age of 18.
We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.
15. Abuse Prevention and Legal Compliance
We may process and retain certain technical information to:
- Detect abuse
- Prevent malicious activity
- Enforce acceptable use policies
- Respond to lawful requests
16. Third-Party Services
Tunnee may link to or integrate with third-party services. We are not responsible for the privacy practices of third parties.
Third-party providers used by Tunnee include:
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Stripe | Payment processing | stripe.com/privacy |
| Cloudflare | DNS, networking, and security | cloudflare.com/privacypolicy |
| Hetzner | Hosting infrastructure | hetzner.com/legal/privacy-policy |
| Sentry | Error monitoring | sentry.io/privacy |
| Google (planned) | OAuth login | policies.google.com/privacy |
| GitHub (planned) | OAuth login | docs.github.com/en/site-policy/privacy-policies |
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
If we make material changes, we will update the “Last updated” date and may provide additional notice where required by law.
18. Contact
If you have any questions about this Privacy Policy or your data, contact: