Privacy Policy

Last Updated: March 14th 2018.
Effective: Immediately.

TLS Inspector is a privacy-focused tool that puts users safety first. TLS Inspector is designed to protect users privacy, and therefor extreme care is taken to ensure that information collected by the app is not disclosed or shared except for normal operation of the app.

Key takeaways from this policy
  • We never collect personal information about you or your device.
  • We never share the websites you inspect using the app.

When you inspect a website with TLS Inspector the app connects directly to the website to collect certificate and other security information. The collection of certificate information happens on your device at the time you inspect the website. With the exception of the certificate status we do not contact any third party services for information about the website you inspect.

Application Features

Recently Inspected Domains

Starting with TLS Inspector 1.2 the app will remember the last 5 recently inspected domains on your device for easy re-inspection. This feature stores the last 5 domains locally on your device, and does not sync or otherwise share this list anywhere else. If desired, this feature can be disabled from the application settings. Individual sites can be removed from the list by swiping to the left on a site, and tapping "Delete".

Certificate Status

Starting with TLS Inspector 1.7.0 the app will perform a Online Certificate Status Protocol (OCSP) query to check if the certificate used by a website has been revoked. The authority that responds to these queries is defined in a certificate, and is typically the authority who issued the certificate. To accomplish this, we send the SHA-1 fingerprint of the certificate we're checking to the OCSP responder and they indicate the status of that certificate. That does mean that because of this request, the OCSP responder may be able to identify the website you're inspecting, depending on the certificate.

We believe that this poses little danger, however understand that some users may not want this. Automatic OCSP querying can be disabled in the Application Settings, however your device may still perform OCSP queries which is beyond our control.

Since the first release of TLS Inspector the app can download a file that contains revoked certificates known as a Certificate Revocation List (CRL). These list typically contain many certificates, however, like with OCSP CRLs could potentially be used to identify a website you're inspecting. Since TLS Inspector 1.7.0 automatic CRL downloading is disabled by default.

Application Logs

Starting with TLS Inspector 1.7.0 the app will now keep a small amount of error information in text files known as "logs". These files are typically empty, but contain information if the application quits unexpectedly (known as a crash). In the event of a crash, the application will save information about what happened at the time the app crashed so we can prevent the issue from happening again.

In the event that you're having difficulties using TLS Inspector due to a problem, we may ask that you enable "Debug Logging". When enabled, the app records more information about what the app is doing so we can better identify potential issues. The information included in this log doesn't include any personal information such as your name or phone number, but does include the domains you inspect using the app while debug logging is enabled. As a precaution, debug logging will automatically be disabled each time the app starts.

These log files are stored locally on your device, and are never automatically shared with anybody without your explicit action & consent.

We take our logging policy very seriously. These logs are never shared with anybody unless you press the share logs button.

TestFlight Beta Applications

Beta applications are releases that are meant for testing purposes. These releases may contain software faults or other problems. In order for provide users with a reliable service, we release these builds to select users in order to catch these problems before we release the application to the public.

When you sign up for beta released you must provide us with your Apple ID email address. Your address is stored in a cryptographic hash format in a database to prevent duplicate-sign ups. Your email address will be provided to Apple, Inc. to complete the registration process.

Beta applications are distributed using the TestFlight service provided by Apple. This first-party service is tied to your Apple ID and the software is sent to your device using the TestFlight app.

Beta testing is completely voluntary, and users can leave the test at any time by uninstalling the beta application and leave the TestFlight group through the TestFlight app.

Questions or Comments

You may email us with any questions or concerns using this address.