PocketPorts Privacy Policy
Last updated: May 1, 2026 · Effective: May 1, 2026
PocketPorts is a network reconnaissance app published by WeaveHub Technologies LLC (“WeaveHub,” “we,” or “us”). This document describes what data PocketPorts collects, how it is processed, and the privacy controls that apply to scan output.
For data subject requests (access, rectification, erasure, portability, or restriction of processing under GDPR Articles 15–21 or CCPA §1798.100 et seq.), use the contact form at weavehub.app/contact.
1. Data we collect
1.1 Account identity
When you sign in with Apple, we receive the stable Apple identity claim (sub) from Apple’s identity service. We do not receive your email address unless you explicitly relay it. We use this identifier solely to:
- bind your subscription / trial entitlements to your account
- key per-account quota and rate-limit state
- support cross-device session continuity
We never sell, rent, or transfer this identifier to third parties.
1.2 Subscription state
RevenueCat (our subscription processor) is the source of truth for trial, paid, and entitlement state. Webhook events from RevenueCat are persisted on our backend keyed on event id for idempotency. See the RevenueCat Privacy Center for RevenueCat’s processor disclosures.
1.3 Scan targets
When you initiate a scan, we record:
- the resolved IPv4 address of the target
- the original hostname you supplied
- the port range scanned
- the scan timestamp and duration
- per-port observation state (open / closed / filtered / error)
These records are required to deliver scan results back to your device and to enforce the abuse-prevention controls described in §2.
1.4 Scan banners
When the scanner detects an open port, it may capture up to 256 bytes of the service’s “banner” — the greeting string that the service emits on connect. Banners are useful for service identification (e.g., recognizing SSH-2.0-OpenSSH_8.4p1 as an OpenSSH instance), but raw banners can contain personally identifying information about the operator of the scanned host.
To meet our data minimization obligation under GDPR Article 5(1)(c), every captured banner is passed through a redaction pipeline before it is persisted, transmitted to your device, or indexed. The redaction pipeline replaces the following categories of data with structured placeholders:
| Category | Placeholder |
|---|---|
| Hostnames / FQDNs (non-target) | [REDACTED-HOSTNAME] |
| IPv4 literals (non-target) | [REDACTED-IP] |
| IPv6 literals | [REDACTED-IP] |
| MAC addresses | [REDACTED-MAC] |
| Email addresses | [REDACTED-EMAIL] |
Unix /home/<user>/ paths | /home/[REDACTED]/ |
macOS /Users/<user>/ paths | /Users/[REDACTED]/ |
Windows C:\Users\<user>\ paths | C:\Users\[REDACTED]\ |
Stripe API keys (sk_*, pk_*) | [REDACTED-KEY] |
AWS access key IDs (AKIA…) | [REDACTED-KEY] |
GitHub personal access tokens (ghp_…) | [REDACTED-KEY] |
| JWT-shaped strings | [REDACTED-JWT] |
| Authorization / Bearer / api-key / token / password / secret / Set-Cookie header values | [REDACTED] |
The redaction pipeline runs before any persistence or transmission. Banner deduplication uses a SHA-256 hash computed over the redacted banner — we never persist a raw banner, and we never persist a hash that would let us reconstruct one.
The scan target host is the one identifier that is preserved in banners where it appears, replaced with the literal token target so analysts can distinguish “this banner mentions the host being scanned” from “this banner mentions some other host.” This preserves analyst utility while limiting the blast radius if a banner happens to mention a third party.
If you believe a redaction pass is missing or incomplete, please report it via weavehub.app/contact; we treat under-redaction as a security defect and will patch the scanner image on the same release cadence as a CVE response.
1.5 Diagnostics
Crash and performance telemetry is collected via Apple’s standard on-device mechanisms (you control sharing in Settings → Privacy & Security). We do not run a third-party analytics SDK.
2. Lawful basis for processing
| Processing activity | Lawful basis (GDPR Art. 6) |
|---|---|
| Delivering scan results | Contract performance, Art. 6(1)(b) |
| Subscription / billing | Contract performance, Art. 6(1)(b) |
| Abuse prevention / quotas | Legitimate interest, Art. 6(1)(f) |
| Banner redaction (this doc) | Legal obligation (Art. 5(1)(c) data minimization) |
| Crash diagnostics (opt-in) | Consent, Art. 6(1)(a) |
3. Retention
| Data | Retention |
|---|---|
| Scan results (incl. redacted banners) | 30 days, then purged |
| Subscription / RevenueCat events | Lifetime of the account |
Account identity (Apple sub) | Until you delete your account |
| Crash diagnostics (opt-in) | Apple retention policy |
You can delete your account in-app at any time via Settings → Account → Delete Account; deletion cascades to your scan history.
4. Sub-processors
- RevenueCat — subscription state and entitlement webhook source
- Apple — Sign in with Apple identity
- Cloudflare — D1 (data store) and Workers (API edge) for non-scan data
- AWS — Fargate (scanner runtime), ECR (container image registry)
5. Your rights
Under GDPR / CCPA you may request:
- access to the personal data we hold about you
- correction or deletion of that data
- export in a portable format
- restriction of processing
- to object to processing on legitimate-interest grounds
File requests via weavehub.app/contact. We respond within 30 days. We will never ask you to verify identity by sending a credential over email.
6. Children’s privacy
PocketPorts is not directed to children under 13 (or the equivalent local threshold). We do not knowingly collect data from children.
7. Changes to this policy
We post material changes to this document on this page and update the “Last updated” header above. The git history of the source document in the PocketPorts repository is the authoritative changelog.