Privacy Policy

This Privacy Policy explains how diag.md, operated by iHost.md, collects, processes, and stores information when you use this network diagnostic tool. We are committed to handling your data transparently and minimally.

Last updated: March 2026

1. Data Controller

The data controller for diag.md is:

Company: iHost.md
Address: Chisinau, Republic of Moldova
Email: noc@ihost.md
Website: https://ihost.md

2. Principle of Data Minimisation

diag.md is designed around a strict data minimisation principle: no data is collected, stored, or transmitted to our servers unless you explicitly click "Generate Report".

Simply visiting the page and viewing diagnostic results does not store anything on our servers. All processing for display purposes happens in your browser.

3. What Data We Collect & Why

When you click "Generate Report", the following data is saved to our server as a JSON file:

Data	Source	Purpose
Public IP address (IPv4/IPv6)	Browser → ipapi.co/ipwho.is	Core diagnostic identifier
Server-detected IPv4	PHP `REMOTE_ADDR`	Debug reference for support team
GeoIP data (country, city, ISP, ASN, timezone, coordinates)	ipapi.co / proxycheck.io v3	Network location context
VPN/proxy/TOR detection result	proxycheck.io v3	Connection type classification
Browser signals (User-Agent, platform, screen, language, WebGL)	Browser JS APIs	Device/environment context
Bot/automation detection signals	Local analysis	Browser authenticity check
Speed test results (if test was run)	Browser ↔ server	Network performance data
Blacklist check results (IPv4 only)	Server DNS queries	IP reputation data
Report generation timestamp	Server clock	Record-keeping

4. Data We Explicitly Do Not Collect

Names, email addresses, or any personally identifiable registration data
Cookies — we do not set any cookies on your device
Third-party analytics or tracking (no Google Analytics, no Meta Pixel, no similar tools)
Advertising identifiers or cross-site tracking data
Payment or financial information of any kind
Browser history or data from other websites

5. Rate-Limiting Data

To prevent abuse, we store temporary rate-limiting records in our server's tmp/ directory:

A SHA-256 hash of your browser fingerprint (computed from UA, screen, timezone, and canvas rendering) — stored with the report ID and a timestamp. The hash cannot be reversed to identify you.
A list of timestamps associated with your server-side IP address, used to enforce the 30 reports/hour cap.

Both records expire automatically after 60 minutes and are never included in the diagnostic report itself.

6. How Data Is Stored

Reports are stored as flat JSON files on iHost.md infrastructure located in Moldova
Each report is accessible only via its unique ID (e.g. DIAG-XXXXXX-XXXX) — there is no public index or search
The /reports/ directory is blocked from direct HTTP access
No database is used — there is no SQL injection risk
All traffic is transmitted over HTTPS/TLS

7. Data Sharing with Third Parties

We share the minimum necessary data with third-party services to operate the tool:

proxycheck.io — receives your IP address to perform VPN/proxy detection. Subject to their privacy policy.
ipapi.co / ipwho.is — your browser directly queries these services for GeoIP data. We do not control this transmission.
DNS blacklist providers — your IP is queried against public DNSBL zones via DNS from our server. These are public infrastructure queries.
Google Fonts — font files are loaded from fonts.googleapis.com. This transmits your IP and browser info to Google.

We do not sell, rent, or share your diagnostic report data with any third party for commercial purposes.

8. Data Retention

Diagnostic reports are retained indefinitely by default — there is no automatic expiry
Rate-limiting records in tmp/ expire after 60 minutes automatically
Server access logs (maintained by the hosting infrastructure) are retained per standard hosting policy
You may request deletion of a specific report at any time by contacting us with the report ID

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your data:

Right of access — request a copy of data stored in a report by its ID
Right to erasure — request deletion of a specific report by providing its ID
Right to rectification — request correction of inaccurate data in a stored report
Right to object — object to processing of your data

To exercise any of these rights, contact us at noc@ihost.md with the relevant report ID. We will respond within 30 days.

10. Legal Basis for Processing

Our legal basis for processing data submitted via the "Generate Report" function is legitimate interest (Article 6(1)(f) GDPR) — specifically, providing technical support diagnostics requested by the user — and consent, as the data is only saved upon explicit user action.

11. Children's Privacy

diag.md is not directed at children under the age of 16. We do not knowingly collect data from children. If you believe a child has submitted a report, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. The "Last updated" date will reflect the most recent revision. We encourage you to review this page occasionally. Continued use of diag.md after changes constitutes acceptance of the updated policy.

13. Contact & Complaints

For privacy-related inquiries or to exercise your rights: noc@ihost.md

If you believe your data has been mishandled and you are located in the EU/EEA, you have the right to lodge a complaint with your local supervisory authority.