• Your shopping cart is empty!

IP2Location Privacy Policy

Effective on: January 1, 2020

Last updated on January 1, 2021

Introduction and Scope

Hexasoft Development Sdn. Bhd. (“Hexasoft” “we,” “us,” “our”) takes the protection of your personally identifiable information (“Personal Data”) very seriously. This privacy policy (the “Notice”) addresses data subjects whose Personal Data we may process in three separate ways:

  • First, it addresses Personal Data we process in our IP2Location application (the “App”) or in our IP2Location database (the “Database”) or in our IP geolocation solution located at https://www.ip2location.com and accompanying API (collectively, with the App and the Database, the “Service”).
  • Second, it explains our privacy practices in connection with Personal Data we may collect about you when you contact us or access our IP2Location website located at https://www.ip2location.com (the “Website”).
  • Third, it addresses Personal Data we collect or store from current, prospective, and former customers of our Service.
Unless clearly stated otherwise, the contents of this policy apply to the processing of all three types of Personal Data.

Who Are We?

We collect IP Address information, coupled with some high-level geolocation data which we store in the Service. Many of our customers use this information to provide the right services to the right people. For example, the data we provide might help a streaming service provide the right content to international users or an e-commerce website to show only the clothing options that ship to a particular region.

We work very hard to protect the Personal Data we do collect and to ensure that the Personal Data we collect is appropriate for the services we provide. You can view the information we typically collect about your device and location for use in the Service by visiting this demo page of our Website. You can request that we delete or not sell the Personal Data we have about you at any time via the process described below.

With respect to all three categories of Personal Data we collect (Personal Data we collect directly for the Service, Personal Data we receive from users of our Website, and Personal Data we are provided by business contacts and prospects of Hexasoft), we decide the purposes and means of processing your Personal Data. Consequently, we act as a data controller or “business” under the relevant Privacy Laws like the European Union’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”) (together with other privacy laws, “the Applicable Laws”).

What Data Do We Collect About You?

Data Used In The Service: The Personal Data we collect for use in our Service is described in detail in the Table below. With respect to the Personal Data used in the Service we only collect IP Addresses and certain coarse geolocation and Internet Service Provider information associated with that IP Address.

Most of the IP Address and geolocation Personal Data we collect is publicly accessible by anyone using networking diagnostic commands such as ping or traceroute. It is also coarse geolocation data, meaning that we collect your postal or ZIP code and city-level GPS coordinates, but not your street, name, or mailing address.

Because we only collect your IP Address coupled with coarse, high-level geolocation information, we do not think the information we collect is reasonably capable of being associated with or could be reasonably linked, directly or indirectly, with a particular consumer or household. As a result, it is possible a court would decide this information would not constitute Personal Data as defined under some or all of the Applicable Laws. By disclosing this information, we do not waive any rights to argue that this information should be understood as de-identified or otherwise not Personal Data.

Because we cannot associate the data in the Service with any person except to identify unique IP Addresses, exercising some of your data subject rights could be complicated, as discussed below, and in some cases, we may require additional information from your Internet Service Provider to do so. This is especially true if you have a dynamic IP Address as opposed to a static one.

Data Collected Via Website or Customers: When you visit our Website, contact us directly, or are a current, prospective, or former customer of our Service, we may collect and process the following categories of Personal Data about you:

  • Identifiers: first and last name, user name, email address, mailing address, company name, phone number, IP Address.
  • Special Categories of Personal Data (as defined in the CCPA): Bank account numbers, credit card numbers, or other financial account information.
  • Commercial Information: records of products or services purchased from us, or considered.
  • Internet or other similar network activity: Information about your interaction with our website and our advertising for the Service; whether you are using a proxy server; information about which Internet Service provider you are using and their location; internet connection speed, ISP domain name; mobile carrier and usage type information.
  • Geolocation data: your address, country, region, city, ZIP code, time zone, weather station, and other geolocation data.
  • Other Personal Data: Feedback you may provide through our website, or exercise your Data Subject Rights Requests, to the extent it contains Personal Data not already described above.

What This Policy Doesn’t Cover:

This Notice does not apply to the Personal Data of our employees, job applicants, contractors, business owners, directors, officers, and other staff.

Lawful Bases for Processing

We must have a valid reason to use your Personal Data. It's called the "lawful basis for processing". Within the scope of this Notice, we may rely on one or more of the following lawful grounds for processing of your Personal Data:

  • to perform our obligations to you in cases where you have purchased the Service from us, or in order to help you make a purchase, upon your request;
  • our legitimate interests and the legitimate interests of our customers for the purpose of facilitating the fulfillment of their business needs, which may include the detection and prevention of credit card fraud, password sharing or abuse of service, compliance with export control and sanctions, content localization, digital rights management, spam filtering, etc.; and
  • any other ground, as required or permitted by law in the specific respective context.
Where we receive your Personal Data as part of providing our Services to you based on a contract, we require such Personal Data to be able to carry out the contract. Without that necessary Personal Data, we will not be able to provide the Services to you.

Processing of Personal Data

Data Used In The Service: We process certain categories of Personal Data in our Service for the purposes of identifying the geographical location of an individual or an IT system and providing this information to our customers. Our customers then decide how to use this information. We understand our customers often use this information for geo-fencing. That is, they may use this information to limit the content they show or services they provide based on the location of the individual or IT system trying to access it. They may also use the Personal Data we process to identify whether you are using a proxy server, to comply with export control laws and sanctions, web traffic analysis, digital rights management, geographical targeting for advertising or other purposes, and spam-filtering by location.

The Table below contains more information about how we collect Personal Data for the Service and the categories of third parties with whom we share Personal Data used in the Service.

Data Collected Via Website or Customers: Additionally, if you access our website, contact us, or sign up as a customer for our Service, we process Personal Data:

  • to respond to your inquiries, and/or other requests or questions;
  • to sell our services to you, including processing your payments;
  • to pay commissions to our affiliates;
  • to identify how you interact with our Website;
  • to improve our Website;
  • to enable us to send you our newsletter; and
  • for logging and statistical purposes.
We don’t collect additional categories of Personal Data without informing you.

Sharing Personal Data with Third Parties

We may use third-party vendors to perform certain services on our behalf. We may share your Personal Data with these third-party vendors solely to enable them to perform the services for us. In providing them with your Personal Data, we require that these third-party vendors maintain at least the same level of data protection that we maintain for your Personal Data. We do not provide your Personal Data to parties unconnected with the services we provide.

Data Collected Via Website or Customers: For visitors to our website, individuals who contact us directly or who are current, prospective, or former clients, we share the Personal Data we collect about you with certain third-party vendors who perform services on our behalf. These third-party vendors include those providing:

  • infrastructure services;
  • payment processing services;
  • service desk and bug tracking software services; and
  • email services.

Data Used In The Service: For data-subjects whose Personal Data we process as part of providing the Service, please see the Table below for more information about which third parties, including vendors, may receive your Personal Data.

Summary Table: Data Used In the Service

This table summarizes the Personal Data we collect as part of the Service. The Personal Data we collect from our Website, from individuals who contact us directly, and from our customers is described above.

Personal Data We May Collect, Process, or Store How We Obtain It Business/Commercial Purpose for this Collection Third Parties Who Receive this Information
Your IP Address, country, ZIP code, region, city, city-level coordinates and elevation, nearest weather station.
We obtain this information using networking diagnostic technology or from your Internet Service Provider.
To provide this information to our customers for the purpose of providing the Service; our legitimate interests and those of our customers (as detailed above).
Our customers; certain third-party vendors that provide infrastructure support services, and software management services (service desk, bug tracking, etc.).
Internet or other similar network activity
Your use of a proxy server; internet connection speed; the identity and location of your internet service provider; domain information; mobile carrier information.
Internet or other similar network activity
Same as above.
Internet or other similar network activity
Same as above.
Internet or other similar network activity
Same as above.
Geolocation Data
Your IP Address, country, ZIP code, region, city, city-level coordinates and elevation, nearest weather station.
Geolocation Data
Same as above.
Geolocation Data
Same as above.
Geolocation Data
Same as above.


A “cookie” is a small file stored on your device that contains information about your computer. We may use cookies for session management, targeted advertising, and web analytics. Most of the cookies placed on your device through our Services are first-party cookies, since they are placed directly by us. Other parties, such as Google, may also set their own (third-party) cookies through our Services. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.

If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. Note, if you reject certain cookies, you may not be able to access all of our Website’s features. For more information, please visit https://www.aboutcookies.org/.

You may also set your browser to send a Do Not Track (DNT) signal. For more information, please visit https://allaboutdnt.com/.

Please see our Cookie Policy for more information about the cookies we place on our website.

Other Disclosure of Your Personal Data

We may also disclose your Personal Data:

  • to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders. If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.;
  • if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring; or
  • to our subsidiaries or affiliates only if necessary for business purposes as described in the Table above.

We reserve the right to use, transfer, sell and share aggregated, anonymous data, which does not include any Personal Data, for any legal business purpose. The purposes may include analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.

If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.

Data Integrity & Security

We are strongly committed to keeping your Personal Data safe. Hexasoft has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction.

Data Retention

Personal Data processed in relation to our Service is retained indefinitely. However, you may send a request to us to ask to delete your Personal Data at any time, subject to the limitations described in this Notice.

Privacy of Children

None of our services and specifically the Service is not directed at, or intended for use by, children under the age of 18. We have no actual knowledge that well sells the personal information of minors under 16 years of age.

What Privacy Rights Do You Have?

You have specific rights regarding your Personal Data collected and processed by us. Please note that you can only exercise these rights with respect to Personal Data that we process about you when we act as a “data controller” under the GDPR or as a “business” under the CCPA. This is when Hexasoft decides why and how your Personal Data will be processed, and not our Customers. To exercise your rights with respect to information processed by us on behalf of one of our Customers, please read the privacy policy of our Customer.

In this section, we first describe your privacy rights and then we explain how you can exercise those rights.

Please note: with respect to data stored in our Service, there are significant limitations on our ability to respond to requests to exercise these rights. These limitations relate to our ability to verify your identity.

In part to protect your privacy, we purposefully collect only “coarse” level information associated with your IP Address. For example, we collect your ZIP or postal code, but we do not have your street address. It is this lack of identifying information that presents a challenge in verifying your identity for purposes of exercising your rights. We need to reliably verify your identity to prevent malicious or fraudulent attempts to alter or delete data in our Service.

We must rely on your IP Address to verify your identity. We will automatically detect your IP Address when you make a request to exercise any of the rights below. If you would like us to reveal, edit, delete or otherwise manipulate our stored data associated with an IP Address that does not match the one you are contacting us from, we will need to take additional steps to verify your identity. This may include requiring you to acquire an attestation from your Internet Service Provider. This is particularly likely to be true if you are seeking to exercise rights regarding a dynamic IP Address, as opposed to a static one.

Right to Know What Happens to Your Personal Data

This is called the “right to be informed”. It means that you have the right to obtain from us all information regarding our data processing activities that concern you such as how we collect and use your Personal Data, how long we will keep it and who it will be shared with, among other things.

We are informing you of how we process your Personal Data with this Notice.

We will always try to inform you about how we process your Personal Data.

Right to Know What Personal Data Hexasoft Has About You

This is called the “right of access”. This right allows you to ask for full details of the Personal Data we have about you.

You have the right to obtain from us confirmation as to whether or not we process Personal Data concerning you, and, where that is the case, a copy of or access to the Personal Data and certain related information.

Data Used In The Service: With respect to the Personal Data processed as part of the Service, you can access and view the information we collect at any time at this demo feature. Please see the Section “How Can You Exercise Your Privacy Rights,” below, for more information.

Data Collected Via Website or Customers: Once we receive and confirm that it was effectively you or your authorized agent who made the request, we will disclose to you:

  • The categories of Personal Data we collected about you;
  • The categories of sources for the Personal Data we collected about you;
  • Our purposes of processing that Personal Data;
  • Where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
  • The categories of third parties with whom we share that Personal Data;
  • If we carry out automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR meaningful information about the logic
  • involved, as well as the significance and the envisaged consequences of such processing for you;
  • The specific pieces of Personal Data we collected about you (this is also called a “data portability” request); and
  • If we sold or disclosed your Personal Data for a business purpose, two separate lists disclosing:
    • sales, identifying the Personal Data categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained; and
  • If we rely on legitimate interests as a lawful basis to process your Personal Data, the legitimate interests pursued by us or by a third party;
  • The appropriate safeguards for transferring your Personal Data from the EU to a third country, if applicable.
Please take into account that the GDPR allows us not to satisfy your access request when:
  • You already have the information;
  • Providing such information proves impossible or would involve a disproportionate effort, or providing such information is likely to render impossible or seriously impair the achievement of the objectives of that processing; and
  • That Personal Data must remain confidential subject to an obligation of professional secrecy regulated by Union or Member State law, including a statutory obligation of secrecy.
Please know that the CCPA does not allow us to disclose Social Security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, account passwords, or security questions and answers.

Right to Change Your Personal Data

This is called the “right to rectification”. It gives you the right to ask us to correct, without undue delay, anything that you think is wrong with the Personal Data we have on file about you, and to complete any incomplete personal data.

If your account settings do not allow you to change it directly, please follow the steps described below and we will do our best to change the Personal Data for you.

Right to Delete Your Personal Data

This is called the right to erasure, right to deletion or the "right to be forgotten". This right means you can ask for your Personal Data to be deleted.

Sometimes we can delete your information, but other times it is just not possible, like when the law tells us we cannot do that. If that's the case, we will consider if we can limit how we use it.

Occasions Where We Cannot Fulfil a Deletion Request Under the GDPR or the CCPA: The GDPR and the CCPA allow us to deny a request to erase your Personal Data if we or our service providers need to retain the Personal Data to:

  1. Complete the transaction for which we collected the Personal Data;
  2. Fulfill the terms of a written warranty or product recall conducted in accordance with federal law;
  3. Provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  4. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  5. Debug products to identify and repair errors that impair existing intended functionality;
  6. Exercise free speech, ensure the right of another consumer to exercise their free speech rights or exercise another right provided for by law.
  7. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, provided that you previously provided informed consent;
  8. Enable solely internal uses reasonably aligned with your expectations based on your relationship with us;
  9. Comply with a legal obligation, including (but not limited to) obligations from the California Electronic Communications Privacy Act; or
  10. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Ask us to Change How We Process Your Personal Data

This is called the “right to restrict processing”. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain occasions, such as where you believe the data is inaccurate or the processing activity is unlawful. This right enables you to ask us to suspend the usage of Personal Data about you, for example, if you want us to establish its accuracy or the reason for processing it.

Right to Ask Us to Stop Using Your Personal Data

This is called the “right to object”. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party) to support our processing of your Personal Data, as we do in this Privacy Policy. Also, you have the right to object at any time to the processing of your Personal Data for direct marketing purposes.

We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.

Right to Port or Move Your Personal Data

This is called the “right to data portability”. It's the right to ask for and download Personal Data about you that you have given us or that you have generated by virtue of the use of our Services, so that you can:

  • Move it;
  • Copy it;
  • Keep it for yourself; or
  • Transfer it to another organization.
We will provide your Personal Data in a structured, commonly used and machine-readable format. When you request electronically to know what data we have about you, we will provide you with a copy of your Personal Data in electronic format.

Right Related to Automated Decision Making

We sometimes use computers to study your Personal Data. We might use this Personal Data so we know how you use our services. For decisions that may seriously impact you, you have "the right not to be subject to automatic decision-making, including profiling". But in those cases, we will always explain to you when we might do this, why it is happening and the effect.

Right Not to be Discriminated Against for Exercising your Privacy Rights

We will not discriminate against you for exercising any of your privacy rights. Unless the applicable data protection laws permit it, we will not:

  • Deny your goods or services;
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of goods or services; or
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Right to Lodge a Complaint with a Supervisory Authority

If the GDPR applies to the processing of your Personal Data with us, the GDPR grants individuals to lodge a complaint with a supervisory authority if you’re not satisfied with how we process your Personal Data.

In particular, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work or place of an alleged violation of the GDPR.

Your Right to Opt Out of the Sale of Personal Data

You have the right to ask us to not sell your Personal Data at any time. This is called the “right to opt out”. We sell the information stored in our Service to our Customers. We do not sell the information we collect from our Website or from our Customers.

To exercise the right to opt-out, you may submit a request to us by completing the below webform:

Once you make an opt-out request, we will wait at least twelve months before asking you to reauthorize the sale of your Personal Data. However, if you change your mind, you may opt back into Personal Data sales at any time by using the procedure described below. We will only use Personal Data provided in an opt-out request to review and comply with the request.

Your Right to Opt In to the Sale of Personal Data

If you have directed us not to sell your Personal Data, you can opt-in to the sale of your Personal Data at any time.

In addition, we do not sell the Personal Data of individuals that we know are less than 18 years old. Individuals who opt-in to Personal Data sales may opt-out of future sales at any time.

How Can You Exercise Your Privacy Rights?

You may exercise any of the rights described above, including the right to opt out of the sale of your Personal Data, by filling out this webform:

Please note, for our Customers, please log into your client account where you will find a customized webform where you may exercise any of the rights described above.

You may always contact us by email at support@ip2location.com; or by writing to us at:

Hexasoft Development Sdn. Bhd.
Attn: Data Protection Officer
70-3-30A D'Piazza Mall
Jalan Mahsuri
11950 Bayan Baru
Pulau Pinang

For requests related to Personal Data stored in the Service PLEASE NOTE since we require your IP Address to verify your identity, the simplest way to make your request is via our webform. If you contact us by email or mail, we will be happy to assist you in submitting a webform request, or answering any other questions you may have. If you need to submit a request not via our webform, we will need another way to verify that you own or use the IP Address at issue. We will likely require that you obtain an attestation from your Internet Service Provider that you own or use the IP Address you are contacting us about.

Authorized Agents

Data Collected Via Website or Customers: You may appoint an authorized agent to exercise your rights on your behalf. You should appoint such agent via written permission or a power of attorney pursuant to Probate Code sections 4000 to 4465 (if you reside in the State of California) or the applicable rules for authorizing somebody else to exercise your rights in your country of residence.

To verify that your authorized agent acts on your behalf, we will ask for this written permission from your agent or for the power of attorney. In case you provided your authorized agent with written permission, we will require that you also verify your identity.

Data Used in the Service: In addition to the above information, your authorized agent will need to provide us with certification from your Internet Service Provider that you own or use the IP Address(es) at issue.

Verification of Your Identity

Data Collected Via Website or Customers: To evaluate your privacy rights requests, we need to be sure it was you who made the request. Consequently, we might need some identification to check that you are who you say you are.

For this verification, we may ask you for specific information, including certain Personal Data. We will only use the Personal Data you provide us in a request to verify the requestor's identity or authority to make the request.

Please note that you may only make a consumer request to know or data portability twice within a 12-month period.

Data Used in the Service: As discussed above, we will verify your identity by matching the IP Address you are using to make your request to the IP Address we have stored in the Service. If the two do not match, we will need to verify your identity by another method. We will likely require you to obtain a certification or attestation from your Internet Service Provider that you own or use the IP Address at issue. We may also ask for certain Personal Data such as your Name or email address so that we may contact you about your request. We will only use this information to contact you about your request and will delete this information once the request is complete.

Response Timing and Format of Our Responses

We will confirm the receipt of your request in 10 days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, except when we have already granted or denied the request.

Please allow us up to 30 days to reply to your requests, from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will send our written response by mail or electronically, at your option.

Consider that we will only cover the twelve-month period preceding the moment we receive the request in any disclosures we provide you with.

We will act upon your request to opt-out from selling your Personal Data in 15 days. We will also notify the third parties to whom we sold your Personal Data of your request and instruct them not to further sell your Personal Data, if they do. We will inform you about this in 90 days from the receipt of your request.

If we cannot satisfy a request, we will also explain why in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.

We promise we will not charge a fee for processing or responding to your requests. Exceptionally, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.

Changes to this Privacy Notice

If we make any material change to this Notice, we will post the revised Notice to this web page and update the “Effective” date above to reflect the date on which the new Notice became effective.

Contact Us

If you have any questions about this Notice or our processing of your Personal Data, please write to us by email at support@ip2location.com or by postal mail at:

Hexasoft Development Sdn. Bhd.
Attn: Data Protection Officer
70-3-30A D'Piazza Mall
Jalan Mahsuri
11950 Bayan Baru
Pulau Pinang

Please allow up to 30 days for us to reply.

European Union Representative

VeraSafe has been appointed as Hexasoft's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to Hexasoft, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative

Alternatively, VeraSafe can be contacted at:

VeraSafe Czech Republic s.r.o
Klimentská 46
Prague 1, 11002
Czech Republic

If you are a resident of the European Union, you may have the right to lodge a complaint with a data protection regulator in one or more of the EU member states.