Privacy policy
Cloak4U is built around data minimization. As a click fraud protection and bot traffic detection tool, it needs only a small set of request-level signals to decide whether a visit is likely valid or invalid. This template describes the kinds of data such a tool collects, how it is protected, what is never collected, and the controls and rights that should accompany it.
Data minimization
The guiding principle is to collect the least amount of data required to score traffic quality and stop invalid traffic. Cloak4U evaluates each visit against transparent rules and records the outcome. It does not build advertising profiles, track people across unrelated sites, or gather information beyond what a traffic-quality decision requires.
What is collected
To evaluate a visit, Cloak4U processes a limited set of request signals, which may include:
- IP address (masked or hashed in the interface — see below);
- User-agent string (browser and device type);
- Referrer and destination page path;
- Language and coarse geo/device information;
- Request timing and frequency;
- The resulting decision, reason code, risk score, and a request ID.
These signals are combined into a risk score that determines whether a visit is allowed, blocked, challenged, or logged. They are operational data used to protect your campaigns — not marketing data.
IP masking and hashing
IP addresses are among the most sensitive signals, so they are handled carefully. In the dashboard and reports, IP addresses are masked or hashed rather than shown in full, so operators can recognize patterns and repeat offenders without unnecessarily exposing raw addresses. Where a full address must be processed to make a decision, it is used transiently for that purpose and subject to the retention controls described below.
What is never collected
Cloak4U is designed so that certain categories of data are simply never collected:
- Passwords or authentication credentials of your visitors;
- Cookies set for cross-site tracking purposes;
- Session contents — the data inside a logged-in user session;
- Uploaded files or attachments;
- Private form data such as message bodies, payment details, or personal fields your visitors submit.
Because Cloak4U looks only at request-level traffic signals, this sensitive content is outside its scope by design, not merely by policy.
How data is used
The signals above are used only to:
- Score each visit and decide whether it is valid or invalid;
- Apply the outcome you configured (allow, block, challenge, or log-only);
- Produce reports and a click log so decisions are auditable;
- Improve the transparency and accuracy of detection rules.
Data is not sold, and it is not used to serve different content to different audiences. Every valid visitor of a campaign reaches the same approved destination.
Retention controls
Records such as the click log are kept for a configurable period. Shorter retention means less data at rest; longer retention supports deeper reporting and dispute investigation. Choose the retention window that matches your needs and any obligations that apply to you, and delete records when they are no longer needed.
Data sharing and processors
A production deployment may rely on infrastructure providers (for example hosting or IP intelligence services) that process data on your behalf. A real policy should name those processors, describe the safeguards in place, and explain any cross-border transfers. This template does not enumerate specific processors.
Your rights
Depending on where you and your visitors are located, applicable law may grant rights to access, correct, export, or delete personal data, and to object to or restrict certain processing. A production policy should explain how to exercise these rights, how identity is verified, and the timeframe for responding. As the operator integrating Cloak4U, you are typically responsible for honoring such requests from your own visitors.
Security
Reasonable technical and organizational measures should protect the limited data Cloak4U processes, including access controls and encryption in transit. No system is perfectly secure, and this template does not promise absolute security.
Children’s privacy
Cloak4U is a tool for website and campaign operators and is not directed to children. A production policy should state the minimum age and how inadvertently collected children’s data would be handled.
Changes to this policy
This template will be replaced with a finalized policy before general availability, and any material changes should be dated and communicated. Because the current document is a placeholder, treat its terms as examples rather than commitments.
Contact
Questions about privacy can be sent to [email protected], or through the contact page. For how these practices relate to detection, see the bot detection guide and the traffic quality filters.