Privacy policy

VP Shield is a free, passive external scanner operated by VantagePoint Networks from London, UK. Running a scan stores the target domain you submitted and a salted hash of your IP address. We collect no cookies, run no analytics, and never sell or share data. An email address is only stored if you type one in before downloading a PDF report, and you can ask us to delete it any time.

VantagePoint Networks is an independent IT & AI consultancy registered in the UK, based in London. We are the data controller for everything described below.

• Data controller: VantagePoint Networks
• ICO registration: registered under the UK Information Commissioner's Office
• Contact: vpnetworks.co.uk/contact

Three things, and only these three:

1. The domain you submit. We need this to run the checks. It is stored alongside each scan so we can show you the result and count how many scans have run in total.
2. A one-way hash of your IP address. We never store your raw IP. We take your IP, add a server-side secret (the “salt”), run it through SHA-256, and store only the resulting hash. This is used to enforce the rate limit (5 scans per hour, 20 per day). Because the salt rotates, the hash cannot be reversed back to an IP.
3. Your email address — only if you type one in. If you choose to enter an email address before downloading a PDF report, we store that email so we can send the occasional manual outreach (never automated marketing). Skipping the email box is always offered with equal prominence, and the PDF download works either way.

We do not collect: cookies (the theme choice lives in your browser's localStorage and never leaves your device), analytics, device fingerprints, session replays, or your name.

• Legitimate interest — for the domain log, IP hash and aggregate scan count. We need these to run the service, stop abuse and prevent a single actor from overwhelming public APIs.
• Consent — for your email address. You opt in by typing it into the box; you can opt out any time by emailing us.

• Scan results are cached for 24 hours so re-scanning the same domain returns instantly. After 24 hours the cached result is deleted; the basic scan log entry (domain + timestamp + IP hash) is kept longer for abuse prevention and is normally deleted within 90 days.
• IP hashes are kept for as long as their scan log entry exists. The salt rotates daily, so historical hashes are not correlatable to today's traffic.
• Email addresses are kept until you ask us to remove them.

We do not sell data and we do not share it for advertising. The only third parties involved are infrastructure providers that process data on our behalf:

• Supabase — database hosting (EU region).
• Vercel — website hosting and serverless functions.
• Cloudflare Turnstile — invisible bot check on the scan form (no tracking cookies).

Each check VP Shield runs fetches public data about the target domain. Qualys SSL Labs and Mozilla HTTP Observatory are public APIs that see the target domain we query — they do not see you.

Under UK GDPR you can ask us to:

• confirm what data we hold about you,
• correct anything that is wrong,
• delete your email and any past scans tied to your IP,
• restrict or object to our processing,
• complain to the ICO (ico.org.uk).

Email us via the contact form on vpnetworks.co.uk/contact and we'll action any request within one month.

VP Shield is passive by design. We do not run port scans, vulnerability probes, credential tests, or anything that sends unsolicited traffic beyond fetching your public homepage. This is a legal requirement under the UK Computer Misuse Act 1990 and a trust requirement we take seriously.

If we update this page, we'll change the date at the top. Material changes will be highlighted on the home page for at least seven days.