Privacy Policy

Last updated: May 12, 2026

1. Information We Collect

DataCloak operates as a local-first browser extension. The majority of data processing happens on your device. We collect the following categories of information:

• Audit event metadata: When you choose to log events, we store anonymized metadata including timestamp, site domain, detected bot type, and action taken. We do not store the full URLs you visit, your browsing history, or your form data.
• Subscription information: If you upgrade to a paid plan, Stripe processes your payment information. We store your email address and subscription tier to manage your account.
• Extension usage data: We collect aggregate, anonymous statistics about extension installs and feature usage to improve the product. This data cannot be traced back to individual users.

2. How We Use Information

We use collected information to:

• Provide, maintain, and improve the DataCloak service
• Process and manage subscriptions and billing
• Send service-related communications (upgrades, policy changes, security notices)
• Detect, prevent, and address technical issues and abuse

3. Local Processing (Default)

DataCloak is designed to minimize data collection. All scraper detection and form cloaking happens locally in your browser. Your actual browsing content, form inputs, and personal data are never transmitted to our servers unless you explicitly choose to log an audit event — and even then, only anonymized metadata is transmitted.

3a. Enterprise Cloud Dashboard (Optional Add-On)

Organizations that enable the Enterprise Cloud Dashboard add-on may transmit the following data to our Cloudflare infrastructure for centralized reporting and team management:

• Audit event metadata: domain accessed, detected bot/scraper type, cloaking action taken, timestamp, and (for authenticated users) operator email.
• Operator account data: email address, name, organization — used for team access and per-seat billing.
• Configuration data: your DataCloak rule settings for the organization.

The Enterprise Cloud Dashboard is an opt-in add-on. The browser extension continues to function fully without it. When enabled, audit metadata is transmitted to and stored in our Cloudflare Workers infrastructure. We do not collect full URLs, form input content, or page content.

PHI note: DataCloak is a metadata tool — it observes which sites are accessed and what bots are detected, not the content of pages visited. DataCloak does not knowingly process protected health information (PHI). If you are a healthcare organization and choose to use the Enterprise Cloud Dashboard, you are responsible for ensuring your use complies with HIPAA requirements applicable to your organization.

4. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information with:

• Service providers: Stripe (payment processing), Cloudflare (infrastructure and DDoS protection). These providers only process data under our instructions.
• Legal requirements: If required by law, court order, or governmental authority.

5. Data Retention

Audit log retention depends on your subscription tier. Free accounts: 7 days. Starter accounts: 30 days. Pro and Scale accounts: 1 year. Subscription data is retained for 2 years after account closure for legal and tax compliance purposes.

6. Cookies

DataCloak does not use cookies for tracking. We use essential session cookies to manage authenticated user sessions for paid accounts.

7. Security

We implement industry-standard technical and organizational measures to protect your data, including TLS encryption for all data in transit, SHA-256 hash-chain integrity for audit logs, and access controls on all systems storing user data.

8. Children's Privacy

DataCloak is not intended for users under the age of 18. We do not knowingly collect information from children.

9. International Users

DataCloak is operated from the United States. If you are accessing the service from outside the US, you consent to the transfer of your data to the United States in accordance with this policy.

10. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. To exercise any of these rights, contact us at privacy@data-cloak.com. We respond to all legitimate requests within 30 days.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any material changes will be communicated via email to all active subscribers and posted on this page with an updated "Last updated" date.

12. Contact

For questions about this Privacy Policy, contact us at:
Email: privacy@data-cloak.com
Website: data-cloak.com