Privacy Policy
Last updated: 12 April 2026
1. Data Controller
CloakScan is operated by Denis Franchi, located at Ferrara - Italy. For any privacy-related inquiries, contact us at privacy@cloakscan.com.
2. Data We Collect
We collect only the data necessary to provide the service:
- Account data: email address, display name, avatar — provided during registration via Supabase Auth.
- Usage data: URLs you add for monitoring, scan results, alert history.
- Billing data: subscription status, billing interval, Stripe Customer ID. We never store full card numbers — payments are handled by Stripe.
- Technical data: IP address, browser type, access timestamps — collected automatically by our infrastructure to ensure security.
3. Legal Basis for Processing (GDPR)
- Contract performance: to provide the monitoring service you have signed up for.
- Legitimate interests: security, fraud prevention, service improvement.
- Legal obligation: when required by applicable law.
- Consent: for non-essential cookies or marketing communications, where applicable.
4. How We Use Your Data
- Delivering the site monitoring and cloaking detection service
- Sending transactional emails (alerts, scan reports) via Resend
- Processing payments via Stripe
- Security monitoring and abuse prevention
We do not sell, share, or rent your data to third parties for marketing purposes.
5. Third-Party Processors
- Supabase — database and authentication (EU region). Privacy policy
- Stripe — payment processing. Privacy policy
- Resend — transactional email delivery. Privacy policy
- Vercel — hosting and infrastructure. Privacy policy
6. Data Retention
We retain your data for as long as your account is active. Upon account deletion, your personal data is removed within 30 days. Scan history and anonymous usage data may be retained in aggregate form for up to 12 months.
7. Your Rights (GDPR)
If you are based in the EU/EEA, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten")
- Object to or restrict certain processing
- Data portability
- Lodge a complaint with your local data protection authority
To exercise any of these rights, contact us at privacy@cloakscan.com.
8. Security
All data is transmitted over HTTPS. Access to production data is restricted and audited. We use Row Level Security (RLS) at the database level to ensure users can only access their own data.
9. Changes to This Policy
We may update this policy to reflect changes to our practices or for legal reasons. We will notify registered users by email for any material changes.