ipdata is an IP geolocation and threat intelligence API used by thousands of developers. If you're evaluating ipdata for your project, here's what you should know - including where it excels, where it may create friction for privacy-conscious or EU-based teams, and how IP Trust compares.
ipdata is an IP data provider founded in 2017, offering an API that covers geolocation, ASN data, company identification, VPN/proxy detection, and threat intelligence. According to their website, they serve over 20,000 developers and count companies like Disney, Cisco, Adobe, and McKinsey among their customers.
ipdata's distinguishing feature is its bundled threat intelligence - the API checks IP addresses against 100+ public and commercial blocklists and returns threat flags like is_known_attacker, is_known_abuser, and is_threat, along with machine-learning-generated reputation scores. This makes ipdata a popular choice for teams that want geolocation and basic threat detection in a single API call.
Their infrastructure runs across 11 AWS data centres globally, and they report average response times of around 60ms without caching.
ipdata is a solid product for developers who need a quick, all-in-one API. But depending on your requirements - particularly around data sovereignty, offline data access, and threat intelligence reliability - there are areas where it may create friction:
ipdata is a US-incorporated LLC, headquartered in New York and governed by Delaware law. Their infrastructure runs on AWS data centres globally, but there is no documented option for EU-only data processing or data residency guarantees. Their terms of service and dispute resolution are governed entirely by US law.
For organisations subject to GDPR, Schrems II, or internal data sovereignty policies, this means every API call - which involves sending an IP address (personal data under GDPR) to a US-based processor - requires careful compliance evaluation.
ipdata is primarily an API-only service. Database downloads are listed only under their Enterprise plan, which requires contacting sales. This means teams who want to keep IP lookups local - whether for latency, privacy, or compliance reasons - cannot do so without entering an enterprise procurement process.
For privacy-conscious organisations, this is a significant limitation. Local database lookups eliminate the need to send IP addresses to a third-party processor entirely, which is often the simplest path to GDPR compliance. Without a self-serve database option, ipdata's architecture requires you to send every lookup to their API.
ipdata's headline feature is its integrated threat intelligence, which aggregates data from 100+ open-source and commercial blocklists. This is genuinely useful for a first pass at threat detection - but it's worth understanding the limitations of this approach before building critical security decisions on it.
Public blocklists are reactive, not proactive. An IP address only appears on a blocklist after it has been reported for malicious activity. By the time a blocklist flags an IP, the damage is often already done, and the attacker may have moved on to a new address. This creates a window of exposure that blocklist-based detection cannot close.
Blocklist false positives are a real operational problem. Legitimate IPs end up on blocklists for a variety of reasons - shared hosting, dynamic IP reassignment, or overly aggressive list maintenance. This is a well-documented frustration for anyone who has dealt with Spamhaus or similar services blocking legitimate traffic. When you build automated decisions on blocklist data, you inherit these false positive rates.
CGNAT makes IP-level reputation increasingly unreliable. With the ongoing scarcity of IPv4 addresses, more and more users are behind Carrier-Grade NAT (CGNAT) - where hundreds or even thousands of users share a single public IP address. This means a single malicious user behind a CGNAT address can poison the reputation of that IP for every other user sharing it. Conversely, legitimate users behind a "clean" CGNAT IP may be accessing your service alongside malicious actors you can't see. IP-level reputation scores can create a false sense of certainty in a world where the relationship between IP addresses and individual users is increasingly blurred.
None of this means threat intelligence is useless - it's a valuable signal. But it's worth asking whether IP-level blocklist checks should be a primary security decision, or one input among several.
If you are looking for an alternative to ipdata, IP Trust delivers IP geolocation, ASN, VPN/proxy detection, and threat intelligence - hosted and processed entirely in the EU, with database downloads available on a self-serve basis and a different approach to threat data.
Here are the main benefits to choosing IP Trust over ipdata:
IP Trust is part of Friendly Captcha GmbH, an EU-incorporated company based in Munich, Germany. All data processing happens within the EU, with contractual data residency guarantees and a standard Data Processing Agreement included with every plan. For organisations subject to GDPR, Schrems II, or internal data sovereignty policies, this removes the need for transfer impact assessments, supplementary measures, or reliance on US adequacy decisions.
IP Trust publishes database download pricing directly on its website. Any customer can download IP data and run lookups locally - no enterprise sales process, no "Contact Sales" gate. This means you can eliminate third-party API calls entirely, keep all IP lookups within your own infrastructure, and simplify your GDPR compliance posture in the process.
Rather than aggregating public blocklists, IP Trust takes a different approach to threat data. IP Trust's ASN risk scoring is derived from first-party observations across the Friendly Captcha network, which processes real bot and abuse traffic at scale. This provides a risk signal at the network (ASN) level rather than the individual IP level.
This is a deliberate design choice. ASN-level risk is less granular than per-IP blocklist lookups, but it avoids the false positive and CGNAT problems that make IP-level reputation scores increasingly unreliable. Rather than returning a binary "this IP is bad" flag that may be stale, inaccurate, or affected by address sharing, ASN risk scoring tells you "traffic from this network has elevated risk characteristics" - a signal you can use to trigger additional verification steps (like step-up authentication or CAPTCHA challenges) rather than outright blocking.
The result is fewer false positives, less collateral damage to legitimate users, and a threat signal that degrades more gracefully as IPv4 address sharing continues to grow.
| ipdata | IP Trust | |
|---|---|---|
| Company headquarters | New York, NY (US) | Munich, Germany (EU) |
| Data processing location | AWS global (US-governed) | EU-only (with data residency guarantee) |
| Legal entity | US LLC (Delaware law) | EU-incorporated (part of Friendly Captcha GmbH) |
| IP geolocation | ✓ City-level | ✓ City-level |
| IP to ASN | ✓ | ✓ |
| VPN Detection | ✓ | ✓ |
| Proxy Detection | ✓ | ✓ |
| IP to Company | ✓ | ✓ |
| Threat intelligence | Aggregated blocklists (100+ feeds), IP-level reputation scores | First-party ASN risk scoring from Friendly Captcha network |
| Database downloads | Enterprise only (contact sales) | Self-serve, published pricing |
| SLA | Not publicly listed | Published on website |
IP Trust offers a free 28 day trial, no credit card required, with access to all data. If you are already an ipdata customer, or are evaluating IP data providers, you can sign up to a free trial and evaluate IP Trust for yourself.
Yes. IP Trust covers the same core data types - geolocation, ASN, company, VPN/proxy detection - and offers a compatible JSON API format and equivalent database download formats.
Only on their Enterprise plan, which requires contacting sales. Self-serve plans are API-only. IP Trust offers self-serve database downloads with published pricing.
ipdata is a US-incorporated LLC, headquartered in New York, with infrastructure running on AWS data centres globally. Their terms of service are governed by Delaware law.
ipdata aggregates public and commercial blocklists to provide per-IP threat flags. IP Trust provides ASN-level risk scoring based on first-party observations from the Friendly Captcha bot protection network. This approach avoids the false positive and CGNAT-related reliability issues that affect IP-level blocklist data, and is designed to guide adaptive security responses rather than binary block/allow decisions.
All data processing happens within the European Union. IP Trust offers contractual data residency guarantees and a standard DPA with every plan.