TunnelTime Privacy Policy

Last updated: April 4, 2026

Operator: Damian Andre
Contact for support, privacy, and legal requests: glidah@gmail.com

Overview

This Privacy Policy explains how TunnelTime collects, uses, stores, and shares information when you use the TunnelTime website, admin portal, command-line interface, APIs, and hosted tunnel relay services.

TunnelTime is a free beta service that lets users create and manage HTTP and TCP tunnels. Because TunnelTime acts as a relay between public internet traffic and services you choose to expose, TunnelTime may process network requests, connection details, and related operational data as part of providing the service.

If you do not agree with this Privacy Policy, do not use TunnelTime.

Information We Collect

We may collect the following categories of information:

1. Account and admin identity information

If you sign in to the TunnelTime admin portal using single sign-on, TunnelTime may receive information from your identity provider, such as:

• your email address
• your display name or profile name
• basic authentication and identity claims needed to verify your login

Based on the current product configuration, TunnelTime uses OpenID Connect and may use Google as the identity provider for admin login.

2. Session and authentication information

TunnelTime uses authentication credentials and session data, including:

• admin session cookies
• signed login state values
• CSRF protection tokens
• agent authentication tokens

The TunnelTime CLI also stores configuration locally on your device. Based on the current implementation, the Windows CLI stores its saved configuration, including the server URL and saved agent token, in %AppData%\TunnelTime\config.json.

3. Tunnel, device, and service metadata

When you create or manage tunnels, TunnelTime may collect and store information such as:

• agent IDs, names, and comments
• tunnel IDs
• requested subdomains
• remote TCP ports
• local URLs, local hosts, and local ports
• tunnel creation and closure timestamps
• agent connection status and last-seen timestamps

4. Network, routing, and usage data

To operate the service, TunnelTime may process:

• IP addresses or forwarded IP information
• host headers
• request paths and query strings
• request and response headers
• connection identifiers
• protocol and routing information
• rate-limit and security event data
• basic service logs

Because TunnelTime is a relay/proxy service, it may also process request and response bodies, TCP stream data, and other content that passes through active tunnels to the extent necessary to route traffic between public users and the local service you expose.

5. Audit and administrative records

TunnelTime stores administrative records such as:

• admin login events
• agent creation and revocation events
• tunnel closure events
• runtime settings changes
• the acting admin email associated with those actions

6. Information you choose to provide

You may provide information directly to TunnelTime, including messages sent to the support or privacy contact email and any comments or labels you enter in the admin portal.

How We Use Information

TunnelTime may use collected information to:

• authenticate users and admins
• create, maintain, and revoke agents and tunnels
• route HTTP and TCP traffic through the service
• secure the platform and prevent abuse
• enforce rate limits, session controls, and access restrictions
• troubleshoot errors, outages, and tunnel failures
• maintain audit trails and operational records
• communicate with you about support, legal, safety, or service issues
• improve, modify, suspend, or discontinue the beta service

Legal Bases and Your Choices

Depending on where you live, applicable privacy laws may require a legal basis for processing. TunnelTime generally processes information because it is necessary to provide the service you request, to maintain service security and integrity, to comply with legal obligations, or for legitimate operational interests such as preventing abuse and maintaining logs.

You can limit some collection by not using the service, by not storing a token in the CLI, or by closing tunnels and deleting local configuration files on your device. If you use TunnelTime, some processing is necessary for the service to function.

Cookies and Similar Technologies

TunnelTime uses cookies in the admin portal for session management and security. These cookies are used to keep admins signed in and help protect against unauthorized requests.

TunnelTime does not currently appear to include third-party advertising cookies or product analytics trackers in the repository reviewed for this draft.

How We Share Information

TunnelTime may share information in the following circumstances:

• with identity providers used for login, such as Google or another OpenID Connect provider
• with hosting, infrastructure, networking, and security providers that help operate TunnelTime
• if required by law, legal process, or a valid governmental request
• to investigate, prevent, or address fraud, abuse, security issues, or violations of the Terms of Service
• in connection with a sale, transfer, or reorganization of the service or its assets
• with your direction or consent

TunnelTime does not describe selling personal information for advertising in the current product implementation reviewed for this draft.

International Data Transfers

TunnelTime may process or store information in countries other than your own. Based on the service setup described for this draft, hosting or infrastructure may involve processing in Sydney, Australia.

By using TunnelTime, you understand that your information may be transferred to and processed in jurisdictions that may have different data protection rules than your home jurisdiction.

Data Retention

TunnelTime keeps information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

• operate and secure the service
• maintain session, tunnel, and audit records
• comply with legal obligations
• resolve disputes
• enforce agreements

Retention periods may vary depending on the type of information, whether a tunnel or session is still active, whether the information is needed for security review, and whether the law requires longer retention.

Security

TunnelTime uses reasonable administrative, technical, and organizational measures intended to protect information. These may include authenticated access controls, session protections, token-based authentication, rate limiting, and operational logging.

No system is perfectly secure, and TunnelTime cannot guarantee absolute security.

You are responsible for protecting your devices, local services, saved tokens, and any systems you expose through TunnelTime.

Children’s Privacy

TunnelTime is not directed to children under 13, and you may not use TunnelTime if you are under 13.

If you believe a child under 13 has provided personal information to TunnelTime, contact glidah@gmail.com so the issue can be reviewed.

Your Rights

Depending on where you live, you may have rights to request access to, correction of, deletion of, or information about certain personal data. You may also have the right to object to certain processing or request portability, subject to applicable law and technical limitations.

To make a privacy request, contact glidah@gmail.com. TunnelTime may need to verify your identity before responding.

Third-Party Services

TunnelTime may link to or rely on third-party services, including identity providers and infrastructure providers. Their privacy practices are governed by their own terms and privacy notices, not this Privacy Policy.

Beta Service Notice

TunnelTime is offered as a beta service. Features, providers, data flows, and retention practices may change as the service evolves. TunnelTime may update this Privacy Policy to reflect those changes.

Changes to This Privacy Policy

TunnelTime may update this Privacy Policy from time to time. The updated version will be posted with a revised effective date. Your continued use of TunnelTime after an update becomes effective means you accept the revised Privacy Policy, to the extent permitted by law.

Contact

If you have questions about this Privacy Policy or want to submit a privacy or legal request, contact:

Damian Andre
glidah@gmail.com