Legal & Ethics

Privacy Policy

Last Updated: May 13, 2026

Philosophy

kapadia.org is built on the principle of minimalist data processing. We believe that privacy is the default state, not an optional feature. This site does not use tracking pixels, marketing cookies, or behavioral analytics.

Data We Process

We do not collect personal information like names, email addresses, or phone numbers. However, by nature of how the web works, some technical data is processed:

  • IP Addresses: Your IP address is used transiently to provide the networking tools on this site (such as the Speed Test, DNS Analyzer, Browser Fingerprint, and the Homepage Terminal). We do not store these IP addresses in any database.
  • Edge Logs: This site runs on a global edge network. Standard server logs (which may include IP addresses and browser headers) are generated to prevent abuse and ensure security, but these are purged automatically and never sold.

Cookies

kapadia.org does not use any non-essential or tracking cookies. Some tools may use local browser storage (sessionStorage) to maintain state while you are using them, but this data never leaves your machine.

Third-Party Services

To maintain high performance and provide advanced diagnostic features, we use a small number of trusted third-party providers. We distinguish between services that your browser connects to directly and those where your request is proxied through our network to protect your identity.

Direct Connections (Sees your IP)

  • Google Fonts: Provides the site's typography.
  • Cloudflare: Powers the global edge network and DDoS protection.
  • speed.cloudflare.com: Used by the Speed Test for ping, download, and upload measurements. Your browser connects to this service directly.
  • cdnjs: Delivers optimized JavaScript libraries like SparkMD5 and Marked.js.
  • OpenStreetMap: Provides mapping links for geolocation coordinates.

Proxied Investigations (Shields your IP)

When using our OSINT and networking tools, your IP address is never shared with the following providers. They only see the address of our edge network:

  • ipwho.is: Used for IP geolocation and ASN data (primary provider).
  • ipapi.co: Used as a fallback IP geolocation provider if ipwho.is is unavailable.
  • rdap.org: Used for domain registration lookups (OSINT and Link Inspector).
  • crt.sh: Used for Certificate Transparency security audits.
  • Platform APIs: Used for username lookups across GitHub, GitLab, Hacker News, Docker Hub, and npm. npm's public CouchDB registry may include an account's email address in its API response if the owner made it public on npm — this tool surfaces it only when present in that public response.
  • Link destinations: When using the Link Inspector, the URL under investigation is fetched by our edge network to trace redirect chains and surface security signals. Your browser never connects to the target URL directly.
  • Public DNS: All DNS lookups are performed via Cloudflare (1.1.1.1) via Secure DoH.

Contact

If you have questions about this policy or the technical architecture of the site, you can reach out via the information provided on the About page.