Privacy Policy

We believe in transparency about how we collect, use, and share information about you. This policy explains our privacy practices in clear, simple terms.

Contents

Overview

At Ngrok Inc. ("ngrok," "we," "us," or "our"), we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our tunneling services, website, and related applications.

Key Points: We collect minimal data necessary to provide our services, use industry-standard security measures, and never sell your personal information to third parties.

This policy applies to all users of our services, whether you're using our free tier or are an enterprise customer. By using ngrok, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information You Provide

We collect information you directly provide to us, including:

  • Account Information: Email address, name, and password when you create an account
  • Payment Information: Billing details for paid plans (processed securely by our payment processors)
  • Communications: Messages you send us through support channels, feedback forms, or surveys
  • Profile Information: Optional information like company name, job title, and profile picture

Information We Collect Automatically

When you use our services, we automatically collect certain information:

  • Usage Data: Information about how you use our services, including tunnel creation, traffic patterns, and feature usage
  • Device Information: IP address, browser type, operating system, device identifiers, and referring URLs
  • Log Data: Server logs including timestamps, request/response data, and error messages
  • Cookies and Tracking: Small data files to enhance your experience and analyze usage patterns

Technical Information

To provide our tunneling services, we process:

  • Tunnel Metadata: Configuration details, domain names, and connection information
  • Network Data: Routing information and performance metrics (we do not inspect tunnel content)
  • Security Information: Authentication tokens, SSL certificate data, and security event logs

How We Use Your Information

We use the information we collect for the following purposes:

Service Provision

  • • Operate and maintain our tunneling services
  • • Process payments and manage subscriptions
  • • Provide customer support
  • • Monitor service performance and reliability

Communication

  • • Send service announcements and updates
  • • Respond to support inquiries
  • • Send marketing communications (with consent)
  • • Notify about security issues

Improvement

  • • Analyze usage patterns and performance
  • • Develop new features and services
  • • Conduct research and analytics
  • • Test and optimize our platform

Security & Compliance

  • • Detect and prevent fraud and abuse
  • • Maintain security and integrity
  • • Comply with legal obligations
  • • Enforce our terms of service

How We Share Your Information

We do not sell your personal information. We only share your information in the limited circumstances described below.

Service Providers

We share information with trusted third-party service providers who help us operate our business:

  • Cloud infrastructure providers (AWS, Google Cloud)
  • Payment processors (Stripe, PayPal)
  • Customer support platforms
  • Analytics and monitoring services
  • Email and communication services

Legal Requirements

We may disclose your information when required by law or to:

  • Comply with legal process (subpoenas, court orders)
  • Respond to government requests
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activities

Business Transfers

In the event of a merger, acquisition, or sale of our company, your information may be transferred as part of that transaction.

Data Security

We implement industry-standard security measures to protect your information:

🔐 Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256)

🛡️ Access Controls

Strict access controls and employee background checks

📊 Monitoring

24/7 security monitoring and incident response

✅ Compliance

SOC 2 Type II certified with regular security audits

While we use reasonable security measures, no system is completely secure. We cannot guarantee absolute security of your information.

Data Retention

We retain your information for as long as necessary to provide our services and fulfill legal obligations:

Data Type Retention Period
Account Information Until account deletion + 30 days
Usage Logs 90 days
Security Logs 1 year
Billing Records 7 years (legal requirement)
Support Communications 3 years

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

📄 Access

Request a copy of the personal information we have about you

✏️ Correction

Request correction of inaccurate or incomplete information

🗑️ Deletion

Request deletion of your personal information

📦 Portability

Request transfer of your data to another service

⏸️ Restriction

Request limitation of how we process your information

🚫 Objection

Object to certain types of processing

To exercise these rights, please contact us at [email protected]. We will respond within 30 days.

International Data Transfers

Our services operate globally. When we transfer your information internationally, we ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for transfers to countries with adequate protection
  • Additional safeguards such as encryption and access controls

Children's Privacy

Our services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending an email notification to registered users
  • Displaying a prominent notice on our platform

Changes become effective 30 days after posting, unless otherwise specified.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Email

[email protected]

Data Protection Officer

[email protected]

Mailing Address

Ngrok Inc.
548 Market Street, PMB 77519
San Francisco, CA 94104-5401
United States

Last Updated: May 15, 2025