Privacy Policy

1. What We Are

stunl is a localhost tunneling service ("stunl", "we", "us", "our"). Our website is stunl.com and the service is accessible via our CLI tool and web portal at portal.stunl.com.

2. Information We Collect

Account Information

When you create an account, we collect your email address and a password. If you subscribe to a paid plan, payment is processed by Stripe and we store only your Stripe customer ID — we never see or store your full card number.

Tunnel Metadata

When you create a tunnel, we log metadata necessary to operate the service: tunnel type, protocol, timestamps, assigned subdomain/port, session duration, and bandwidth usage. We do not inspect, log, or store the content of traffic passing through your tunnels.

Server Logs

Our servers record standard web access logs (IP address, user agent, request path, timestamps). These logs are used for security monitoring, abuse prevention, and debugging. Logs are retained for 30 days and then automatically deleted.

SMS/MMS Messages

If you contact our customer support via SMS, we collect your phone number and the content of your messages solely to provide support. We do not use your phone number for marketing. You can opt out of SMS at any time by replying STOP.

3. How We Use Your Information

• Provide, maintain, and improve the stunl service
• Process payments and manage your subscription
• Enforce our terms of service and prevent abuse
• Send transactional emails (account verification, password resets, billing receipts)
• Respond to support requests (including via SMS)
• Monitor service health and security

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Third-Party Services

We use the following third-party services to operate stunl:

• Stripe — payment processing. Stripe's privacy policy: stripe.com/privacy
• Amazon SES — transactional email delivery
• Twilio — SMS customer support. Twilio's privacy policy: twilio.com/legal/privacy

These services receive only the minimum information necessary to perform their function. We do not share tunnel traffic data with any third party.

5. Data Security

All connections to stunl use TLS encryption. Tunnel traffic is encrypted in transit. Passwords are hashed with bcrypt. API keys are generated using cryptographically secure random bytes. Our infrastructure runs on hardened Linux servers with regular security updates.

For tunnels using our end-to-end encryption (E2E) feature, traffic is encrypted client-to-client and we cannot decrypt it even in transit through our servers.

6. Data Retention

• Account data is retained while your account is active
• Tunnel metadata is retained for 90 days after tunnel closure
• Server access logs are retained for 30 days
• Billing records are retained as required by law

You can request deletion of your account and associated data by emailing support@stunl.com.

7. Cookies

The stunl portal uses a session cookie to keep you logged in. We do not use tracking cookies, analytics cookies, or any third-party advertising cookies.

8. Children's Privacy

stunl is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this privacy policy or your data, contact us at:

• Email: support@stunl.com
• SMS: +1 (312) 779-6210