Privacy by architecture, not policy

IP geolocation built so
your application never needs
to send the full IP.

Send a partial prefix like 77.119.x.x and get country, ASN, and network back. The lookup API is designed around partial prefixes instead of exact IP input.

Under GDPR, IP addresses are personal data. BlurLoc avoids requiring your application to send a full IP to the lookup endpoint, while the website itself still processes ordinary web traffic metadata for operations and monitoring.

Try it free. No signup. See how it works

No API key. No signup. No credit card. Free tier starts immediately.

Every other IP geolocation API
Request
GET /lookup/77.119.123.45
Full IPv4 transmitted. Personal data under GDPR (ECJ ruling, 2016).
vs.
BlurLoc
Request
GET /lookup/77.119.x.x
No full IP required by the lookup API. Website traffic still includes normal request metadata.
Response: same result
"country_code": "AT",
"country_name": "Austria",
"asn": 25255,
"probability": 1

Why this matters legally

IP addresses are personal data

The ECJ confirmed in 2016 that IPv4 addresses, including dynamic ones, are personal data under EU law. GDPR Recital 30 names IP addresses explicitly. This is settled law, not interpretation.

Third-party API call = data transfer

Sending a full IP to an external geolocation API is a GDPR-regulated data transfer. It requires a legal basis, a signed Data Processing Agreement with the provider, and disclosure in your privacy policy.

BlurLoc: no full IP required for the lookup API

A partial prefix like 77.119.x.x covers up to 65,536 addresses. That lets your application avoid sending a full IP to the lookup API. Website visits, logs, and operational telemetry still need to be assessed separately.

How it works

Three steps. One HTTP call. Less privacy exposure in the lookup flow.

1

Mask the trailing octets

Before making any outbound call, replace the last one or two octets with x. This happens entirely inside your infrastructure. The exact address never leaves your server.

# user's exact IP (never leaves your server)
ip = "77.119.123.45"

# mask before sending
prefix = "77.119.x.x"
2

Query the BlurLoc API

A plain HTTP GET with the prefix in the URL path. No API key required on the free tier. Works from any language or runtime: if it can make an HTTP request, it works.

curl https://blurloc.com/lookup/77.119.x.x
3

Receive location data

Get country, ASN, organization, hosting and VPN flags, and a probability score. Everything you need for routing, fraud signals, and regional decisions. Enough signal, no privacy cost.

"country_code": "AT",
"asn": 25255,
"is_vpn": false,
"probability": 1

Try it now

No signup. No API key. Type any prefix and run a live lookup.

Try:
curl
curl -s "https://blurloc.com/lookup/77.119.x.x"
Response 
Run a lookup to see the JSON response.

Integrate in minutes

A plain HTTP GET. No SDK, no special client, no surprises.

cURL
# Free tier, no key needed
curl -s \
  "https://blurloc.com/lookup/77.119.x.x"
JavaScript
const prefix = "77.119.x.x";
const res = await fetch(
  `https://blurloc.com/lookup/${prefix}`
);
const { country_code, asn }
  = await res.json();
Response 200 OK
{
  "api_version": "v1",
  "query": "77.119.x.x",
  "match_type": "exact",
  "country_code": "AT",
  "country_name": "Austria",
  "asn": 25255,
  "as_org": "Hutchison Drei Austria GmbH",
  "is_hosting_provider": false,
  "is_vpn": false,
  "network": "77.119.0.0/16",
  "probability": 1,
  "warning": null,
  "candidate_count": 1
}

Everything you need.
Nothing you shouldn't send.

Built for partial prefixes

Accepts wildcards like 77.119.x.x, 77.119.12x.x, or 77.119.123.x. The API is built around the assumption that you won't send a full IP.

Strict mode enforcement

Add ?strict=1 to reject exact IP input with a 400 error. Enforce your privacy policy at the API level, not just in documentation, and catch accidental full-IP submissions in CI.

Probability scores

Every result includes a confidence score based on IP address-space overlap with the matched network. Know how certain the result is, especially when querying with a wider prefix.

ASN + org data included

Every response includes the Autonomous System Number, organization name, and hosting/VPN flags. Enough to distinguish residential traffic from datacenter, proxy, or VPN users.

Zero-friction free tier

No signup, no account, no API key on the free tier. Open a terminal and start querying. When you outgrow the limits, upgrade with a single Stripe checkout. No sales call, no contract.

Simple, honest pricing

No surprise overages. No data harvesting. No vendor lock-in.

Free

$0 /month

For personal projects and evaluation.

Start for free
  • 10,000 requests / month
  • No API key required
  • Country, ASN & network
  • VPN & hosting detection
  • 60 requests / minute
  • Use in commercial products
Most popular

Pro

$14 /month

For production apps and growing teams.

Get started
  • 100,000 requests / month
  • API key included
  • Everything in Free
  • Strict mode enforcement
  • 300 requests / minute
  • Email support

Scale

$49 /month

For high-volume APIs and enterprise teams.

Get started
  • 1,000,000 requests / month
  • Everything in Pro
  • 1,000 requests / minute
  • 99.9% uptime SLA
  • Priority support
  • Custom DPA on request

All plans include full API access, VPN/hosting detection, and probability scoring. Need higher volume? Contact us.

Frequently asked questions

Does BlurLoc actually solve the GDPR problem?
The lookup API is designed so your application can avoid sending full IPs to a third-party geolocation endpoint. A partial prefix like 77.119.x.x represents up to 65,536 IP addresses, which materially reduces precision. Your own website traffic, server logs, and monitoring still need to be assessed separately.
How accurate is a partial prefix lookup?
For country-level and ASN-level resolution, accuracy is comparable to a full IP lookup. ISPs and carriers typically assign entire /16 or /24 blocks to a single country and autonomous system. BlurLoc also returns a probability score with every result so you always know how confident the match is. For routing, fraud signals, and regional decisions, partial prefixes are sufficient in the vast majority of real-world cases.
Do I need a DPA with BlurLoc?
Not automatically for the lookup API itself if your integration only sends partial prefixes. Separate website traffic, server logs, and operational telemetry may still be personal-data processing and should be assessed on their own merits.
What if I accidentally send a full IP?
By default, BlurLoc accepts full IPs but flags the response with "warning": "exact_ip_submitted" so your application can detect the issue. Enable ?strict=1 on your requests and the API will reject full IP input with a 400 error.
What data fields does BlurLoc return?
Every response includes: country code and name, ASN and organization name, the matched network CIDR, hosting provider flag, VPN flag, match type (exact or probable), probability score, and candidate count. Add ?full=1 to receive the complete ranked list of candidate networks with individual probability scores.

Stop sending full IPs
to third parties.

BlurLoc gives you the location signals you need without requiring your application to send a full IP to the lookup API. Free to start. No signup. No credit card.

Try it now. It's free. See pricing

10,000 requests/month free. Upgrade anytime. Cancel anytime.