Privacy Policy

HTTPTunnel (the “Site”, “we”, “us”) operates https://www.httptunnel.ge, a free public proxy listing and proxy testing service. We are based in Tbilisi, Georgia.

This policy explains exactly what data we collect, why, and the third parties that receive it. We have written it to match what the application actually does — nothing aspirational, nothing boilerplate.

When you browse the Site (no account, no form submitted):

• Standard web-server log entries: your IP address, the URL requested, HTTP status, timestamp, and user-agent string. Retained for a maximum of 30 days for abuse mitigation and capacity planning.
• An anti-forgery cookie (session-scoped) and, if you sign in to the admin area, an authentication cookie. Neither cookie is shared with third parties.

When you submit the email subscription form:

• Your email address.
• Your display name, if you provide one (optional).
• Which list(s) you opted into (proxy list digest, occasional announcements).
• The IP address, user-agent, and source page from which you submitted the form — we record these as proof of consent and to defend against spam sign-ups (GDPR / CAN-SPAM compliance evidence).
• Timestamps for sign-up, confirmation, and (if applicable) unsubscribe.

We do not collect your name, address, phone number, or payment details. The Site has no shopping cart, no user profile, and no upload feature.

• Server logs: security, debugging, blocking abuse (e.g. scraping bots that degrade service for other users).
• Email address: to send you the proxy list digest and announcements you signed up for, nothing else.
• Consent metadata (IP, UA, source): regulatory requirement — if you later claim you never signed up, we can show the record.
• Cookies (anti-forgery, auth): required for the Site to function safely. Without them, form submissions and the admin area would be vulnerable to cross-site request forgery.

The Site loads scripts and resources from the following third parties. Each operates under its own privacy policy.

Google AdSense. We use Google AdSense (publisher ID ca-pub-3785827089532011) with Auto Ads enabled to monetise the Site. Google and its partners may use cookies (including the DART cookie) and similar technologies to serve ads based on your prior visits to this Site and other sites on the Internet. You can review Google's policies and opt out of personalised advertising:

• How Google uses information from sites or apps that use our services
• Manage your Google Ads settings (opt out of personalised ads)
• Digital Advertising Alliance opt-out (multi-vendor)

Where required by law (EEA, UK, Switzerland), Google's certified Consent Management Platform (Funding Choices) presents you with a consent prompt before personalised ads are served. The Site does not control what data Google collects through its ad units once you consent.

Top.ge analytics counter. The footer loads a script from counter.top.ge, a free Georgian web-traffic counter we use to track visitor volume. It records your IP and a basic page-visit fingerprint. See top.ge for their terms.

Content delivery networks. We load fonts and CSS from cdn.jsdelivr.net, cdnjs.cloudflare.com, and fonts.googleapis.com. These services see your IP address when their assets are fetched; they do not receive form data or any subscription details.

Email delivery. Outgoing email (confirmation, digest, unsubscribe) is sent from our own mail server (noreply@httptunnel.ge). We do not currently use a third-party email service provider (no SendGrid, Mailgun, etc.).

We do not sell or rent your email address or any other personal data to anyone, ever.

Cookies set by the Site itself:

• Anti-forgery (session, HttpOnly, SameSite=Lax) — protects form submissions against CSRF attacks. Required.
• Admin authentication (HttpOnly, Secure, SameSite=Lax) — only set after you sign in to the admin area. Not relevant to ordinary visitors.
• Theme preference (localStorage, not a cookie) — remembers your light/dark mode choice. Stored entirely in your browser; never sent to us.

Cookies set by third parties (AdSense, top.ge) are controlled by those services and listed in their respective policies. You can clear or block cookies at any time via your browser settings; doing so will not break the Site for ordinary browsing, but you will not be able to use the admin area or submit the subscription form.

• Server logs: 30 days, then deleted.
• Subscription records: kept for as long as you remain subscribed. After you unsubscribe, we keep the email + timestamps in a suppression list indefinitely so you are not re-added by a future import.
• Consent metadata (IP, UA, source): kept alongside the subscription record for the same duration.

If you are subscribed to our email list, you have the right to:

• Unsubscribe at any time via the one-click link in the footer of every email (RFC 8058 compliant) or by emailing unsubscribe@httptunnel.ge.
• Request a copy of the data we hold about you (email, sign-up timestamp, consent IP/UA, opt-in flags).
• Request deletion of your subscription record — we will remove everything except the email itself, which we retain on the suppression list to honour your unsubscribe.
• Request correction of your record.

For any of the above (except unsubscribe, which is automated), email unsubscribe@httptunnel.ge from the address on the subscription. We respond within 14 days.

The Site is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect data from minors. If you believe a minor has signed up, email unsubscribe@httptunnel.ge and we will delete the record.

Material changes will be reflected in the “Last updated” date at the top of this page. For changes that affect existing subscribers (e.g. a new third party receiving your email address), we will email you before the change takes effect.

Privacy questions or data requests: unsubscribe@httptunnel.ge.

HTTPTunnel · Tbilisi, Georgia