Your Privacy with TLS Inspector
Your Privacy with TLS Inspector
Last Updated: March 14th 2020.
This policy applies to the TLS Inspector iOS Software Product ("the app").
TLS Inspector is a privacy-focused tool that puts users safety first. TLS Inspector is designed to protect users privacy, and therefor extreme care is taken to ensure that information collected by the app is not disclosed or shared except for normal operation of the app.
When you use the TLS Inspector iOS app you provide a domain name or IP Address to the app for inspection. The app connects directly to the website to collect certificate and other security information. The collection of certificate information happens on your device at the time you inspect the website. With the exception of the certificate status we do not contact any third party services for information about the website you inspect.
By default the app will store the last 5 inspected sites on your device. This list is saved locally to your device and is not synced with any internet service. You can remove individual sites from this list or disable this feature entirly from within the app.
When you inspect a website with the app we connect directly to the website to collect certificate and other security information. As part of the verification process the app will perform a Online Certificate Status Protocol (OCSP) status check to verify the status of certificates. This check involves contacting an external web service and including a fingerprint of the certificate to check. In most situations the authority that issued the certificate is the authority that provides the OCSP check service.
OCSP is an industry standard and used by web browsers and operating systems. It is not generally deemed a security risk, however you may disable TLS Inspector's built-in OCSP checking in the app settings. However, your device's operating system (iOS) may still perform a OCSP check by itself, which is beyond our control.
In normal use of the application you do not provide any information to us.
The app records information related to the operation of the app in text files known as "logs". In the event that you're having difficulties using TLS Inspector due to a problem, we may ask that you enable "Debug Logging". When enabled, the app records more information about what the app is doing so we can better identify potential issues. The information included in this log doesn't include any personal information such as your name or phone number, but does include the domains you inspect using the app while debug logging is enabled. As a precaution, debug logging will automatically be disabled each time the app starts.
These log files are stored locally on your device, and are never automatically shared with anybody without your explicit action & consent.
Apple provides us with limited, aggregated, and anonmyzed information about our users and their devices. We do not have a way to opt-out of this information.
Information that Apple provides us includes, but is not limited to:
We treat this information as secret, and do no share, disclose, or sell any information that Apple provides us.
This policy applies to the TLS Inspector website.
The TLS Inspector website is an purly informational website and does not provide means for you to provide information to us outside of the normal use of a web site.
Like every website some information is provided to us automatically, this information includes but is not limited to:
We treat this information as secret, and do no share, disclose, or sell any information this information.
This policy applies to the various methods you can interact with the TLS Inspector community.
You may email us with any questions or concerns using this address.