Privacy Policy

Effective date: July 3, 2026

IPTinCan is built for private communication between people who know each other — couples, families, and small communities. Our business is selling private servers, not your data. We do not sell personal information, we do not run ads, and we do not profile you.

1. The short version

2. What we collect, and why

Account & billing (managed hosting customers): your email, the server name you choose, license records, and payment status. Payments are processed by Stripe; we never see or store your full card number. Stripe's privacy policy applies to payment data.

License telemetry: managed servers periodically contact our licensing service with the license key, server version, and current user count, so we can enforce plans and spot outages. This does not include names, messages, or media.

Server contents (your private server): chat messages, uploaded files, recordings you choose to make, and account records for the people the admin invites (display name and an optional email used to deliver the invite). This data is stored in your server's database on a single-tenant virtual machine. Voice and video calls are end-to-end encrypted between participants; the server relays media it cannot decrypt.

Backups: managed servers are backed up nightly (database and media) to protect against outages. Backups are stored in our cloud project, are retained for roughly 14 days, and are deleted automatically. Destroying your server deletes its data; its backups age out within the retention window.

Website: iptincan.com serves static pages and does not use third-party analytics or advertising trackers.

3. Children

IPTinCan servers are often used by families, including children — that is by design, and it shapes how the product works:

4. Who we share data with

Only infrastructure processors, and only what they need to run the Service: Google Cloud (server hosting, backups), Cloudflare (DNS, network security), Stripe (payments), and Resend (transactional email such as invites and receipts). We disclose data beyond that only if legally required, and where lawful we will tell the affected customer.

5. Retention and deletion

6. Security

Managed servers use TLS for all connections, end-to-end encryption for calls, single-tenant isolation per customer, and signed licensing. No system is perfectly secure; if we learn of a breach affecting your data we will notify you without undue delay.

7. Your rights

Depending on where you live (e.g. GDPR, CCPA), you may have rights to access, correct, export, or delete personal data we hold about you. Because most personal data lives on your own server under your admin's control, the fastest path is usually your server admin — but you can always reach us at support@iptincan.com and we will help within the timelines the law requires.

8. Changes and contact

We'll post any changes to this policy here with a new effective date. Questions or requests: support@iptincan.com.