Privacy Notice
Last updated: March 25, 2026 — Luxembourg
CyberRamen.com is committed to transparency. This page explains exactly what data is processed, where, and why. No legalese.
What We Do NOT Do
- No analytics (no Google Analytics, no Matomo, no tracking pixels)
- No advertising or ad networks
- No third-party scripts or CDNs — all JavaScript and fonts are self-hosted
- No fingerprinting or user profiling
- No user accounts or registration
- No data sold or shared with third parties
- No external font loading (fonts are served from our own server)
Client-Side Tools (Majority)
Most tools on CyberRamen.com run entirely in your browser. The data you enter never leaves your device. This includes all encoding/decoding tools, hash generators, JWT decoders, the phishing awareness simulator, cheatsheets, and more.
These tools make zero network requests beyond loading the page itself. You can verify this in your browser’s DevTools Network tab.
Tools That Query External Services
A small number of tools require server-side lookups to function. These tools are clearly labeled. The data you submit (e.g., a domain name) is sent from our server to the external service — your IP address is never forwarded.
| Tool | External Service | Data Sent |
|---|---|---|
| DNS Mapper | crt.sh (Certificate Transparency) | Domain name you enter |
| DNS Mapper | ip-api.com (Geolocation) | Resolved IP addresses |
| WHOIS Lookup | RDAP servers (IANA, Verisign, etc.) | Domain name you enter |
| Phishing Checker | RDAP servers, crt.sh | URL/domain you enter |
| Phishing Checker (screenshot) | thum.io (thumbnail service) | URL you enter is sent client-side to thum.io to generate a preview image. Your browser IP is visible to thum.io when loading this image. |
| IP Geolocation (WebRTC) | STUN server (Cloudflare) | Connection metadata for local IP detection |
Session Cookie
A single session cookie (PHPSESSID) is set for rate limiting on API endpoints. It contains no personal data and is deleted when you close your browser. It is configured with:
HttpOnly— not accessible to JavaScriptSecure— only sent over HTTPSSameSite=Strict— never sent cross-site
Client-Side Storage
A few tools use localStorage to remember your preferences (e.g., accepted disclaimers, saved templates). This data is stored only in your browser, never sent to any server, and can be cleared at any time via your browser settings.
Server Access Logs
Standard web server logs (Apache) record IP addresses, timestamps, and requested URLs. These are used solely for security monitoring and are rotated automatically. No application-level logging of user input is performed.
Security Headers
Every page is served with strict security headers including:
- Content-Security-Policy — restricts all resources to same-origin only
- Strict-Transport-Security — enforces HTTPS
- Referrer-Policy: no-referrer — no URL data leaked to other sites
- X-Frame-Options: DENY — prevents embedding in iframes
- Permissions-Policy — disables camera, microphone, geolocation, payment APIs
GDPR & DORA Compliance
CyberRamen.com is operated from Luxembourg, EU. We process minimal data under GDPR Article 6(1)(f) — legitimate interest for security and site operation. No consent banner is required because we do not use tracking cookies or analytics. Under DORA (Digital Operational Resilience Act), our tools support ICT risk management without introducing third-party dependencies into your workflow.
Verify It Yourself
We encourage you to verify our claims:
- Open DevTools → Network tab — watch for external requests (there should be none on client-side tools)
- Open DevTools → Application → Cookies — only
PHPSESSIDshould be present - Check Response Headers — verify CSP and security headers
Contact
Questions about privacy? Contact us via johlem.net.