www.ve.ms

Security and infrastructure checks from Europe. No ads, no trackers.

Privacy Policy

1. Controller and contact

The controller responsible for data processing in connection with this website and the tools and services offered on it is shown below. For data protection matters and to exercise your rights, please use these contact details. We do not appoint a separate data protection officer due to the size of the project.

Hold the button for 5 seconds to reveal contact details.

2. Hosting and infrastructure

This website and its tools are hosted in Germany. Our hosting provider acts as a processor; we have concluded a data processing agreement (Auftragsverarbeitungsvertrag, AV contract) in accordance with Art. 28 GDPR. Data is stored and processed within the European Union (Germany). We do not use external content delivery networks (CDNs), third-party fonts (e.g. Google Fonts), or third-party analytics or tracking scripts on this site. This reduces the number of parties that receive your data and supports privacy by design.

3. Data we process and for what purpose

3.1 General website use

When you visit our website, the server automatically records access data (e.g. IP address, time, requested URL, browser type). This is necessary for technical operation and to ensure security. Access logs are typically retained for a limited period and then deleted or anonymised. We do not use this data to profile you or to pass it on to third parties for advertising purposes.

3.2 Sessions and rate limiting

Some areas of the site (in particular the tools) use server-side sessions. Session data may include a session identifier and, where necessary for the function, temporary data such as:

  • Rate-limiting counters (to prevent abuse and ensure fair use)
  • Captcha-related data (to distinguish human users from automated abuse)
  • For the Mail Blacklist Check and Mail Delivery Check tools: the email address or test message, only for the duration of the check (and in the case of "send email to ping@ve.ms", until the automated reply is sent and the message archived or deleted), to perform the test and apply rate limits

This data is stored only for the duration of the session or for short retention periods and is not used for long-term profiling or marketing.

3.3 Tools and services — data flow

Our tools process the inputs you provide only to deliver the requested service. We describe the main data flows below.

  • Mail Delivery Check: You can either use the unique test address shown on the tool page (send an email, then click "Check your score") or send a test email directly to our check address (e.g. ping@ve.ms). In both cases we receive the message, analyse SPF, DKIM, DMARC and blacklist status, and in the direct-email case we send you an automated reply with the report and then archive or delete the message. The address and message are processed only for this check and for rate limiting; we do not use them for newsletters or other marketing.
  • Mail Blacklist Check: The IP or domain you enter is checked against public blacklists. No persistent storage of your inputs beyond session/rate-limit needs.
  • Email Header Analyzer: The headers you paste are processed only on our server to analyse them and display the result. They are not stored permanently.
  • Cookie & Tracking Check: The URL you enter is fetched by our server (via HTTP/HTTPS) to analyse response headers and page content for cookies and third-party resources. The URL is processed only for this analysis and for rate limiting; we do not crawl or store the full content of third-party sites.
  • Website Speed: The URL you enter is requested by our server to measure response times (e.g. DNS, connection, time to first byte). The URL is used only for this measurement and for rate limiting.
  • Client Speedtest: Your browser exchanges data with our server to measure download and upload speed and latency. This data is technical (e.g. test payloads); we do not use it to identify you personally beyond what is inherent in the connection (e.g. IP).
  • DNS Lookup: The domain or hostname you enter is used to perform DNS queries and show you the results. No long-term storage of your queries.
  • WHOIS Lookup: The domain or IP you enter is used to perform a WHOIS query and display the result. Processed only for this purpose and for rate limiting.
  • Certificate Check: The URL or hostname you enter is used to fetch the SSL/TLS certificate and display subject, issuer, validity, and related data. Processed only for this check and for rate limiting; not stored permanently.
  • Ping Check: The hostname or IP you enter is used to run a ping from our server and display round-trip times and packet loss. Processed only for this check and for rate limiting; not stored permanently.
  • Password Generator: Options you choose (length, character sets, etc.) are used only in your browser or in the immediate request to generate passwords. We do not store generated passwords or your choices.
  • Mail Exposure Protection: The text or options you enter are used only to generate the suggested snippets or examples. Not stored permanently.

3.4 Pasteboard (/p…)

The pasteboard lets you share text behind short URLs. You can create plaintext pastes (the content is stored on our server and is readable by us for hosting purposes) or encrypted pastes: encryption and decryption run in your browser; you choose a passphrase that is not transmitted to us. We store only the ciphertext plus cryptographic parameters needed to deliver the blob (e.g. salt, IV) and metadata such as slug, optional display title, theme and view preferences, account linkage, creation and expiry timestamps. We cannot decrypt encrypted pastes without your passphrase. Anonymous pastes expire automatically after a limited period; account-owned pastes follow the rules shown in the tool (including cleanup for inactive accounts where applicable).

3.5 Link shortener

When you create a short link, we store the destination URL, the short code, your account association (if any), and settings such as expiry, optional click limits, safety interstitial options, and theme. When someone opens a short URL, we process the request to redirect or show the interstitial; we may update aggregate click counts. If you use the report-abuse flow, we process the report together with technical data needed to handle it (e.g. reporter IP address and user agent as submitted with the report) for abuse investigation and rate limiting.

3.6 PDF editor and image watermark — saved templates

The PDF editor and image watermark tools perform primary processing in your browser. If you choose to save a named template while logged in, we store the template name and a JSON description of layout or settings you saved, linked to your account, so you can reload it later. We do not need to store your finished files for that feature.

3.7 News

Our News page contains editorial content about the ve.ms project and the broader developer/hosting ecosystem. Reading News does not trigger third-party feed fetching in your browser.

3.8 Account and login

If you register or log in, we process your account data (e.g. identifier, password stored in hashed form) only for authentication and to provide account-linked services. We do not use this data for marketing or pass it to third parties for advertising.

We do not sell or share your tool inputs with third parties for advertising or similar purposes. Where we use external services (e.g. mail delivery), their processing is limited to what is necessary for the function (e.g. sending one test email).

4. Legal basis

We process personal data on the following bases:

  • Legitimate interest (Art. 6(1)(f) GDPR): for operation of the website, security, rate limiting, and abuse prevention; for providing and improving the tools.
  • Contract or pre-contractual steps (Art. 6(1)(b) GDPR): where you use a service that constitutes a contract (e.g. use of a tool in accordance with our terms).
  • Legal obligation (Art. 6(1)(c) GDPR): where we must retain or disclose data to comply with applicable law.

Where we rely on legitimate interest, we have balanced our interests (operating a secure, usable site and tools) against your rights; we minimise data and retention and do not use your data for advertising.

5. Your rights

Under the GDPR you have the right to:

  • Access (Art. 15): obtain confirmation as to whether we process your data and, if so, a copy and other information.
  • Rectification (Art. 16): have inaccurate personal data corrected.
  • Erasure (Art. 17): request deletion of your data where the legal conditions are met.
  • Restriction of processing (Art. 18): request that we only store your data and process it in limited ways in certain situations.
  • Data portability (Art. 20): receive your data in a structured, commonly used format where the processing is based on consent or contract and is carried out by automated means.
  • Object (Art. 21): object to processing based on legitimate interest; we will stop unless we demonstrate compelling legitimate grounds.
  • Withdraw consent: where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Complain to a supervisory authority (Art. 77): you may lodge a complaint with a data protection authority, in particular in the EU member state of your residence, place of work, or place of the alleged infringement. In Germany, the competent authority is the supervisory authority of the federal state where we are based.

To exercise these rights, contact us using the details in section 1. We will respond within the time limits set by the GDPR (generally one month).

6. Data retention

We keep personal data only as long as necessary for the purposes described:

  • Access and error logs: limited period (e.g. a few weeks), then deletion or anonymisation.
  • Session and rate-limit data: short-lived; not retained beyond what is needed for abuse prevention and fair use.
  • Tool inputs (URLs, email addresses, domains, etc.): not stored permanently; only processed for the immediate request and, where applicable, for rate limiting during your session.
  • Emails sent to our Mail Delivery Check address (e.g. ping@ve.ms): processed to generate the report and send the automated reply; the message is then archived or deleted and not used for other purposes.
  • Pasteboard: plaintext or ciphertext and related metadata for as long as the paste exists (including expiry for anonymous pastes); encrypted content remains undecipherable by us without your passphrase.
  • Short links: destination URL and configuration until expiry, deletion, or account rules apply; click counters where enabled.
  • Saved PDF/watermark templates: until you delete them or delete your account.
  • Short-link abuse reports: retained only as long as needed to assess abuse and secure the service.

We do not retain your tool inputs for long-term analysis or marketing. Where we are under a legal obligation to retain data (e.g. for tax or legal claims), we retain it only as required by law.

7. Recipients and international transfers

Data may be passed to:

  • Hosting provider (Germany): they process data on our behalf under a data processing agreement; no transfer outside the EU for core hosting.
  • Mail provider (e.g. for Mail Delivery Check): only to the extent necessary to receive and send emails (e.g. test messages to our check address, automated replies with the report); we choose providers with adequate data protection where possible.

We do not transfer your personal data to countries outside the European Economic Area unless we have ensured appropriate safeguards (e.g. adequacy decision or standard contractual clauses). Our primary infrastructure is in Germany.

8. Security

We take appropriate technical and organisational measures to protect your data (e.g. secure connections, access controls, regular updates). Despite this, no system can be completely secure; we encourage you to avoid sending highly sensitive data through our tools where possible.

9. Changes to this policy

Last updated: 4 April 2026.

We may update this privacy policy from time to time to reflect changes in our practices or the law. The current version is always available on this page. Continued use of the site after changes constitutes acceptance of the updated policy where permitted by law.

10. Contact for privacy

For any questions about this privacy policy or our data practices, please use the contact details given in section 1.