WebBotAuth.net

Data Protection

1. Data protection at a glance

We take the protection of your personal data seriously and process it only in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the Telecommunications Digital Services Data Protection Act (TDDDG). This page explains what data WebBotAuth.net processes, why, and what rights you have.

Personal data is any information relating to an identified or identifiable natural person, such as your name, email address, or IP address. The controller responsible for processing is blackvine GmbH (see section 10).

By design, WebBotAuth.net collects as little personal data as technically possible. It has no user accounts, no tracking, and no advertising.

2. How the checker handles data

WebBotAuth.net is a stateless inspection tool. When you check a domain or verify a signature, here is exactly what happens to data:

  • No accounts, no sign-up. The tool requires no registration or login. We do not collect or store any personal account data.
  • Only public data is fetched. When you enter a domain, the checker requests only that domain's publicly published material: its JWKS directory at the well-known URL, and any linked, public Signature Agent Card. It never reads anything private or behind authentication.
  • The domain you enter is processed in-request only. The domain or directory URL you submit is used to run the check and produce the report for that page view. We do not maintain a database of submitted domains or past results. Each report is computed fresh, on demand.
  • Pasted headers stay in the request. If you paste HTTP message-signature headers into the Verify Signature form, they are used in memory to verify the signature for that single response and are not stored afterwards.
  • No private keys. The checker only handles public keys from a JWKS directory. Private key material should never be submitted; if the tool finds private-key fields in a directory, it flags that as a critical failure rather than storing it.
  • Outbound requests are visible to the target. Because the checker fetches the domain you enter, the operator of that domain may see an incoming request from our servers, for example in their own server logs. This is the normal, intended behaviour of any online checker and does not transmit your personal data to them.

In short: the tool is designed so that running a check does not create a stored record of who checked what.

3. Cookies and local storage

WebBotAuth.net does not use tracking cookies, advertising cookies, or third-party analytics, and therefore does not show a cookie consent banner.

The only thing stored in your browser is your theme preference (light or dark mode), kept in your browser's local storage on your own device. It is never transmitted to us, and you can clear it at any time through your browser settings.

4. Server log files

Our hosting provider automatically collects standard technical information ("server logs") each time the site is accessed, which may include:

  • the requesting IP address,
  • date and time of the request,
  • the page or file requested and the HTTP status code,
  • referrer information, and
  • browser and operating system type.

This data is used solely to operate the service securely and reliably, to defend against attacks, and to diagnose faults. It is not combined into individual user profiles. The legal basis is our legitimate interest in the secure and stable operation of the website (Art. 6 (1) (f) GDPR).

Hosting. The website is hosted on Cloudflare's global network (Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA), acting as our processor under a data processing agreement. Cloudflare may process technical data on servers inside and outside the EU; transfers to third countries are covered by the EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

5. Contact by email

If you contact us by email (for example at contact@webbotauth.net), the information you provide, your email address and the content of your message, is processed solely to handle your enquiry. We do not share it without your consent, and we delete it once your enquiry has been dealt with and no statutory retention period requires otherwise.

The legal basis is Art. 6 (1) (b) GDPR where your message relates to a contract or pre-contractual steps, and otherwise our legitimate interest in responding to enquiries (Art. 6 (1) (f) GDPR).

6. Withdrawal of consent

Where processing is based on your consent, you may withdraw that consent at any time with effect for the future. The withdrawal does not affect the lawfulness of processing carried out before it.

Right to object (Art. 21 GDPR): where we process personal data on the basis of our legitimate interests (Art. 6 (1) (f) GDPR), you have the right to object to that processing at any time on grounds relating to your particular situation. We will then stop processing the data concerned unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims.

7. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you and information about how it is processed,
  • rectification of inaccurate data and completion of incomplete data,
  • erasure of your data where the legal conditions are met,
  • restriction of processing in the cases set out in Art. 18 GDPR,
  • data portability in a common, machine-readable format, and
  • lodge a complaint with a supervisory authority, in particular in the EU member state of your residence, workplace, or the place of the alleged infringement.

To exercise any of these rights, contact us using the details in section 10.

8. Data security

We use TLS encryption (HTTPS) to protect data transmitted between your browser and the site; you can recognise an encrypted connection by the "https://" prefix and the lock icon in your browser. We also apply appropriate technical and organisational measures to protect data against unauthorised access, loss, or manipulation.

9. Changes to this policy

We may update this data protection policy to reflect changes to the service or to legal requirements. The current version always applies and is available on this page.

10. Controller and contact

The controller responsible for data processing on this website is:

blackvine GmbH
Bienenweide 1
27324 Eystrup
Germany
Managing director
Bastian Grimm
Email
contact@webbotauth.net

For any data protection enquiry, or to exercise your rights, please contact us at the address above.