ssh-keygen, puttygen), the inputs and outputs are kept only in memory or short-lived temporary files that are deleted after the response is returned. Standard web analytics and ads do apply.
1. Summary
8gwifi.org is a free collection of online cryptography, security, and developer tools. We're built around a strict principle: process now, store nothing. The one deliberate exception is the optional "Sign in with Google" feature โ when (and only when) you choose to sign in, we keep a small account record so features and entitlements follow you between visits. That is documented in full in ยง8. This page explains exactly what data is and isn't collected when you use the site, who we share information with, and how to exercise your rights.
2. What we collect
Standard web-server data
When you visit any page, our hosting provider's logs capture the same information every web server captures:
- Your IP address (truncated where allowed by analytics settings)
- User-Agent string (browser and OS)
- Page URL accessed and timestamp
- Referrer URL, if your browser sends one
Session cookies
A short-lived session cookie (JSESSIONID) is created when you load a tool page. It carries a CSRF token (j_csrf) so that operations like "email me my generated key" can't be triggered cross-site. It is destroyed when you close the browser or after a period of inactivity.
Form input you submit to a tool
When a tool performs server-side computation (e.g. generating an RSA key pair, decoding a PGP packet, running puttygen for format conversion), the input you submit travels over HTTPS to our backend, is processed in memory or a short-lived temporary file, and the result is returned to your browser. The temporary files are deleted before the response is sent. We do not log the content of these inputs or outputs.
3. What we don't collect
- Private keys โ neither the OpenSSH/PEM private key nor the PuTTY
.ppkis persisted on our servers after the response is returned. - Passphrases โ used during the request only; not stored, not logged.
- Plaintext messages sent through encrypt/decrypt tools.
- Uploaded files are processed in memory or in tempfiles deleted in a
finallyblock immediately after use. - Account information โ the core tool catalog needs no account, sign-up, or profile. The only exception is the optional "Sign in with Google" feature, which creates a minimal account record (Google account ID, email, name). What that accesses, how it's used, and how to delete it is documented in full in ยง8.
- Browser fingerprints beyond the User-Agent string in standard server logs.
5. Third-party services we rely on
- Cloudflare โ CDN and DDoS protection. Sees request metadata (IP, URL).
- Google Analytics โ aggregate visitor metrics.
- Google AdSense โ advertising; cookie-based personalization unless you opt out.
- Sign in with Google (Google Identity / OAuth 2.0) โ optional authentication. Only invoked if you click "Sign in with Google". See ยง8 for the exact scopes, data, and retention.
- Mail relay โ the optional "email my key" feature delivers via a standard SMTP relay. The recipient address you type is processed only to send that one email. We don't add it to any list.
Each third party has its own privacy policy, and we don't control what they collect once a request reaches them.
6. Server logs and data retention
Standard request logs (IP, URL, status code, timestamp, User-Agent) are retained for up to 90 days for security incident investigation, abuse detection, and operational debugging. After that they are rotated out and overwritten. We do not back up logs off-site.
Temporary files used during tool computation (e.g. the ssh-keygen output written to java.io.tmpdir) are deleted at the end of the request that created them.
7. Email features
A small number of tools offer to email the result to you (e.g. "Email my SSH key pair"). When you opt in, the recipient address and the result content are transmitted to our SMTP relay for delivery and are not stored on our side after dispatch. We never add your address to any newsletter or marketing list.
If you receive an unexpected email from us, please contact us at the address in ยง12 โ we treat that as an abuse report.
8. Sign in with Google & Google user data
8gwifi.org offers an optional "Sign in with Google" button so that account-based features (saved preferences, AI tool usage and quota, and billing/entitlements) can follow you between visits. The vast majority of the site works with no sign-in at all. This section documents exactly how the application accesses, uses, stores, and shares Google user data, consistent with the Google API Services User Data Policy (including the Limited Use requirements) and the Google APIs Terms of Service.
Scopes we request
When you choose to sign in, we request only these standard OAuth scopes. We do not request access to Gmail, Drive, Calendar, Contacts, or any other sensitive or restricted scope:
openidโ to authenticate you and obtain a stable Google account identifier.https://www.googleapis.com/auth/userinfo.emailโ your Google account email address.https://www.googleapis.com/auth/userinfo.profileโ your basic profile (name, and profile picture/locale where Google provides them).
Google user data we access
From Google's userinfo endpoint we receive, and may retain, only the following:
- Your Google account ID (the
sub/idvalue โ a stable, opaque identifier). - Your email address.
- Your name (and, transiently, profile picture and locale where Google returns them).
How we use, process, and handle it
We use Google user data for a single purpose: to authenticate you and operate your 8gwifi.org account (saved preferences, AI tool usage and quota, and billing/entitlements). The table below states, for each item of Google user data, exactly how it is used, processed, and handled, and the purpose for that use:
| Google user data | How it is used, processed & handled | Purpose |
|---|---|---|
Google account ID (sub/id) |
Received over HTTPS from Google's userinfo endpoint, held in your server-side session, and written to your account record as the primary key that identifies you. | To recognise you as a returning user and link your preferences, usage quota, and entitlements to a stable identifier (rather than your email, which can change). |
| Email address | Received over HTTPS, held in your server-side session, and stored on your account record. | To display which account you are signed in to and to contact you about your account and billing/entitlements. |
| Name (and, transiently, profile picture/locale) | Received over HTTPS, held in your server-side session, and stored on your account record. Profile picture/locale are used only in-session and not persisted. | To personalise the signed-in experience (e.g. greeting you by name in the interface). |
Google user data is processed only on our own servers and within our own billing/account infrastructure. We do not use it for any purpose other than the ones stated above. In particular, we do not use Google user data to serve advertising, we do not sell, rent, or trade it, and we do not use it to develop, train, or improve generalized artificial-intelligence or machine-learning models.
How we store and retain it
- Tokens. Your OAuth access token and refresh token are held in your server-side session only. They are never written to our logs and are discarded when you log out or your session expires.
- Account record. Your Google account ID, email, and name are stored in our account database (written through our billing service) so your account persists between visits. This is the one place we deliberately retain data tied to you; everything else on the site follows the "process now, store nothing" principle described above.
Sharing
We do not share Google user data with third parties except as strictly necessary to operate the service โ our own hosting/CDN and billing infrastructure acting as processors on our behalf โ or where required by law. Google user data is never transferred for advertising purposes and is never sold.
Revoking access and deleting your data
- You can revoke 8gwifi.org's access to your Google account at any time from your Google Account permissions page.
- To delete your account record and the associated Google user data from our systems, email us at the address in ยง12 and we will remove it.
Limited Use
8gwifi.org's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We request only the scopes listed above, use the data solely for the user-facing features described in this section, and do not transfer it to others for serving ads, training generalized/AI models, or any purpose unrelated to providing or improving these features.
9. Your rights
Because the site doesn't maintain user profiles or persist tool inputs, there is typically nothing on file to request, correct, or delete. That said, you have the right to:
- Access โ ask whether we hold any personal data tied to you. (For 99% of visitors the answer is "only the rolling 90-day request logs, by IP".)
- Erasure โ request deletion of any data we do hold.
- Object โ withdraw from analytics/ads via the opt-out links in ยง4.
- Lodge a complaint with the data protection authority in your jurisdiction (GDPR, CCPA, etc.).
Send any rights-related request to the email address in ยง12. We aim to respond within 30 days.
10. Children's privacy
The site is not directed at children under 13 (or 16 in some jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided personal information through the site, contact us and we will delete it.
11. Changes to this policy
We may update this policy from time to time โ typically when we add a new feature that handles user data differently. The "Effective" date at the top reflects the most recent update. Material changes will be announced on the site for at least 14 days before they take effect.
12. Contact
For privacy questions, data requests, or anything related to this policy:
- Email: [email protected]
- X (Twitter): @anish2good
See also: Terms of Use