Privacy Policy

Websites (we-amp.com, modpagespeed.com, iispeed.com, ngxpagespeed.com)

Our websites are static and do not use cookies or analytics trackers. Third-party scripts are loaded only on the modpagespeed.com purchase page (FastSpring checkout — see below). Web server access logs (IP address, URL, user agent, timestamp) are retained for up to 30 days for operational purposes and then deleted.

License service (api.modpagespeed.com)

When you activate a license, we process: your license key, and the product and version identifier. License tokens are Ed25519-signed and cached locally on your server; routine validation is offline. Tokens include a products field (listing which products the license covers) and a max_instances field (your contractual instance limit). These fields are token metadata delivered to your server — they do not constitute additional data collection.

To prevent duplicate trial usage, we store a one-way SHA-256 hash of your email address. The original email is not retained for trial deduplication — only the irreversible hash, kept for 90 days.

IP addresses are held in memory only for rate limiting and abuse prevention; they are not persisted to disk.

We also store a terms-acceptance timestamp (retained for 5 years under the Dutch limitation period) and, for paid subscriptions, the FastSpring subscription ID (retained for the duration of the subscription plus 1 year).

Instance telemetry

Every 12 hours, the ModPageSpeed software on your server contacts our license service to renew its license token. As part of this renewal request, the software transmits three additional fields:

• Machine identifier — a SHA-256 hash of your subscription ID combined with a locally generated random identifier (UUID). The UUID is created once on first run and stored on your server; only the irreversible hash is transmitted. This identifier cannot be used to identify your machine or infrastructure.
• Product — which product is running (e.g. "mps2" or "mps1")
• Version — the software version string

We store this data in our database as a heartbeat record (last_seen, product, and version) keyed by the machine identifier hash, within the scope of your subscription. Heartbeat records are automatically and permanently deleted after 30 days.

Purpose: Instance counting for license compliance. This allows us to verify that the number of server instances running our software aligns with your contractual instance limit. We do not use this data for any other purpose.

What we do not collect: The telemetry contains no personal data, no traffic data, no hostnames, no IP addresses (beyond the transient network connection), and no information about your websites or their visitors. The heartbeat write is asynchronous and never delays or blocks the license renewal response.

ModPageSpeed software

ModPageSpeed runs entirely on your servers. It optimises and caches your web content locally; it does not send traffic data, page content, or visitor information to us.

The admin console (a web interface served from your server) uses sessionStorage for authentication tokens — no cookies are set by the console.

Regional pricing (modpagespeed.com)

To display prices in your local currency, we use server-side IP-to-country resolution powered by DB-IP Lite (hosted on our own infrastructure). Your IP address is processed transiently for this purpose and is not stored or linked to the geolocation result. The resolved country code is used solely to select the appropriate price from a pre-built pricing table; no personal data is transmitted to third parties for this purpose.

If you manually select your country on the pricing page, your preference is stored locally in your browser (localStorage) to maintain your selection across page views. This data remains in your browser and is not transmitted to us.

IP geolocation by DB-IP.

On the purchase page, the FastSpring Store Builder Library loads to process your checkout. See "Purchases (via FastSpring)" below.

Purchases (via FastSpring)

Payment processing is handled by FastSpring (Bright Market LLC), our Merchant of Record. FastSpring collects the personal and payment data necessary to process your order (name, email, billing address, payment details). We receive your name, email address, and order details — but not your full payment information.

FastSpring acts as an independent data controller for payment processing. See FastSpring's privacy policy for details on their data handling.

Fraud prevention

In cases of confirmed chargebacks or fraud, we store a one-way SHA-256 hash of the associated email address to prevent repeat abuse. The original email is not retained in the deny list — only the irreversible hash. These records are retained indefinitely as a proportionate measure for fraud prevention (legal basis: legitimate interest).

Email communication

When you contact us via email, we process your email address and message content to respond to your inquiry. We do not add you to marketing lists without explicit consent.