Standard Nginx logs containing your IP address, the page you visited, timestamp, HTTP status code, and browser user agent string. These are retained on the server for a limited period and used only for diagnosing issues and reviewing traffic patterns. They are never shared with third parties.

When you use PhishCheck, the sanitized filename and file size are written to application logs, along with the analysis verdict and elapsed time. No email content is logged.

PhishCheck, Tracer, and Unfurlr set a single session cookie used exclusively for CSRF (cross-site request forgery) protection. This cookie contains only a signed security token — no personal data, no tracking identifiers. It is stored entirely in your browser, never on the server, and expires when your browser fully quits. It is not used for analytics, advertising, or identification of any kind.

No accounts, registration, or login.

No analytics scripts, pixels, or fingerprinting code runs on any page.

Files uploaded to PhishCheck are analyzed entirely in server memory and discarded immediately after the report is generated. Nothing is written to disk. Once the response is sent, the file data no longer exists on the server.

Email headers, body text, attachment contents, and extracted URLs are never logged or retained. They exist only during the analysis and are gone when the report is delivered.

URLs extracted from uploaded emails are sent to Google's Safe Browsing API to check for known threats. Google receives the URLs but not the email content. See Google's privacy policy ↗.

PhishCheck makes DNS lookups and WHOIS queries for sending domains and linked domains. These go to public resolvers and registrars. Domain names are disclosed but no personal data is transmitted.

When you submit a URL to Unfurlr, the server makes HTTP requests to that URL and any redirect destinations to follow the chain. Those servers will see a request originating from this server's IP address. No personal data from your browser is forwarded.

This site uses UptimeRobot to monitor availability. UptimeRobot periodically requests the site to verify it is reachable. No user data is shared with UptimeRobot.

Page fonts are loaded from Google Fonts. Google may log your IP address as part of this request. See Google's privacy policy ↗.