Skip to main content
ReputableClickGet started
Legal

Privacy Policy

Last updated: May 1, 2026

Privacy Policy

This Privacy Policy explains how Kaytos, LLC ("Kaytos", "we", "us", or "our"), the company that develops and operates the Reputable Click software and platform, collects, uses, and shares information when you use reputable.click and related services (the "Services"). Reputable Click is a product of Kaytos, LLC; all data processing described in this policy is performed by Kaytos, LLC.

This policy covers:

  • Visitors to our websites and documentation;
  • Users of our dashboard and accounts;
  • Information processed when customers integrate Reputable Click into their own websites/apps (for example, calls to scoring endpoints, verification redirects, and event ingestion).

For cookie and similar technology information, see our Cookies Policy.

1. Roles: Controller vs. Processor

We primarily act as a data processor (service provider) on behalf of our customers.

Depending on how the Services are used, Kaytos may act as:

  • A data controller for information we collect about our own website visitors and account holders (for example, when you create a dashboard account or contact us directly); and
  • A data processor / service provider for information processed on behalf of a customer about the customer's end users ("End-User Data") when the customer uses the Services for bot protection, verification, fraud prevention, and security.

When we act as a processor, we process End-User Data solely on behalf of and under the instructions of the customer. The customer is the data controller responsible for determining the purposes and means of processing, for providing appropriate privacy notices to their end users, and for obtaining any required consents.

If you are an end user of a customer's website or app, your interaction with our verification services is governed by that customer's privacy notice. Please review the customer's privacy policy for information about how they use bot protection and verification services. Any requests regarding End-User Data (such as access, correction, or deletion) should be directed to the customer. We will assist customers in responding to such requests in accordance with our agreements with them.

2. Information We Collect

A. Information you provide to us

  • Account information (e.g., name, email, profile image) and authentication information from sign-in providers such as GitHub or Google.
  • Customer configuration (e.g., rules, allowlists/denylists, and settings you create in the dashboard).
  • Support and communications (e.g., emails you send us, and information you include in support requests).

B. Information we collect automatically on our sites/apps

  • Log and device information such as IP address, user agent, device identifiers, timestamps, pages viewed, and referring URLs.
  • Session and security information such as cookies used for authentication and security controls.
  • Operational telemetry from infrastructure we operate on your behalf.

C. Information processed when customers use Reputable Click

When a customer integrates our Services (including verification redirects and API endpoints), we may process signals on behalf of the customer including:

  • IP address and network data (e.g., ASN, approximate location such as country/region/city/postal code inferred from IP);
  • User agent and general device, browser, and connection characteristics, which may be used as fingerprinting signals to detect automated traffic;
  • Session identifiers provided by the customer or generated during verification;
  • Browser cookies transmitted to our endpoints for session continuity and bot detection (customers are responsible for scoping their cookies appropriately);
  • Page context that a customer chooses to send (for example: referring page, timezone, language);
  • Events that customers send from their backend (for example: purchase, account creation, failed login), which may include customer-defined identifiers or metadata.

When the customer enables optional AI-assisted analysis features, relevant signals may be sent to AI providers we use as subprocessors to generate analysis and recommended actions. When the customer enables outbound integrations, recommended actions may be transmitted to third-party systems using credentials the customer has provided.

We also use technical signals and analysis methods to distinguish automated traffic from human visitors. The specific methods used are proprietary and confidential.

Customers control what data they send to us. We ask customers not to send unnecessary or sensitive personal information.

D. Third-Party Verification Services

During the verification process, we may use third-party captcha services such as hCaptcha or Google reCAPTCHA to help verify that visitors are human. These services are governed by their own privacy policies:

3. How We Use Information

We use information to:

  • Provide, operate, and maintain the Services on behalf of customers (including verification, scoring, and classification);
  • Return results to customers so they can make decisions about traffic on their sites;
  • Detect, prevent, and investigate abuse, security incidents, fraud, and technical issues;
  • Improve and develop the Services (including debugging and performance analysis);
  • Communicate with you about the Services (support, service messages, and administrative communications);
  • Comply with legal obligations.

When processing End-User Data as a processor, we use information only as instructed by the customer and as necessary to provide the Services.

Automated decision-making

The Services may produce automated decisions (such as allow, challenge, or block) based on reputation signals, and — when configured by the customer — may automatically apply those decisions in the customer's own systems. Where applicable law (such as GDPR Article 22) gives individuals rights related to automated decision-making, the customer (as controller) is responsible for providing appropriate disclosures and safeguards.

4. Legal Bases (EEA/UK/Switzerland)

Where GDPR or similar laws apply, we process personal data under legal bases such as:

  • Performance of a contract (providing the Services to account holders/customers);
  • Legitimate interests (security, fraud prevention, and improving the Services);
  • Compliance with legal obligations.

For End-User Data processed on behalf of customers, the customer (as controller) is responsible for establishing the applicable legal basis. Our processing as a processor is governed by our Data Processing Agreement with the customer.

5. How We Share Information

We may share information:

  • With service providers that help us run the Services (for example hosting/CDN providers, database providers, error monitoring, and DNS resolvers). They are authorized to process information only as necessary to provide services to us.
  • With identity providers (e.g., GitHub, Google) when you choose to sign in using those providers.
  • With customers, as part of providing the Services (for example, verification and scoring results returned to the customer).
  • With third-party verification providers (e.g., hCaptcha, reCAPTCHA) as necessary to perform verification challenges.
  • With third-party AI providers when a customer enables optional AI-assisted analysis features.
  • With third-party systems the customer integrates, using credentials the customer has provided, to apply actions configured by the customer.
  • For legal reasons, such as to comply with law, protect rights and safety, or respond to lawful requests.
  • Across infrastructure instances, where data may be replicated between our server instances in different geographic regions for availability and redundancy.

We do not sell or share personal information in the sense of "selling" or "sharing" under the CCPA/CPRA.

Subprocessors

We use the following service providers (subprocessors) to help operate the Services:

ProviderPurposeLocation
Hetzner Online GmbHCloud infrastructure and hostingGermany / Finland / United States
Microsoft Corporation (Azure)Cloud infrastructure and hosting (optional)United States (global regions)
Cloudflare, Inc.CDN, DDoS protection, edge computeUnited States (global edge)
Intuition Machines (hCaptcha)Verification challengesUnited States
Google LLCVerification challenges (reCAPTCHA), Authentication (optional)United States
GitHub, Inc. (Microsoft)Authentication provider (optional)United States
Anthropic, PBCAI-assisted analysis (optional, customer-enabled)United States
OpenAI OpCo, LLCAI-assisted analysis (optional, customer-enabled)United States

Customers can typically select the cloud provider and region used for their dedicated infrastructure (for example, EU regions for data residency).

For customers subject to GDPR or similar laws, please see our Data Processing Agreement for more details.

6. Data Retention

We retain information for as long as necessary to provide the Services and for legitimate business purposes such as security and compliance.

For security signals processed on behalf of customers, the Services are designed to use short-lived retention. Most behavioral and verification data is retained on the order of minutes to days. Reputation records (such as allowlist or blocklist entries) are retained for the period needed for the security purpose — typically up to 90 days — or until the customer removes them. Specific retention periods are configurable by the customer and are documented in our product documentation and Data Processing Agreement.

Backups and logs may be retained for additional periods consistent with operational needs and legal requirements.

When we act as a processor, we retain End-User Data in accordance with our agreement with the customer and delete or return it upon termination as directed.

7. Security

We use reasonable administrative, technical, and physical safeguards designed to protect information. No security measures are perfect, and we cannot guarantee absolute security.

8. Your Choices and Rights

Account holders

You may be able to access, correct, or delete certain account information through the dashboard. You can also contact us to request access, correction, or deletion, subject to verification and legal exceptions.

End users of customers

If a customer uses Reputable Click on their site (including verification redirects), the customer is the controller for that End-User Data. Please contact the customer directly for privacy requests relating to that customer's site or app. We will assist customers in responding to valid requests as required by law and our agreements.

EEA/UK/Switzerland and other regions

Depending on your location, you may have rights such as access, deletion, correction, portability, or objection/restriction. You may also have the right to lodge a complaint with a supervisory authority.

9. International Transfers

We may process and store information in the United States and other countries where we or our service providers operate. Where required, we use appropriate safeguards for cross-border transfers, such as Standard Contractual Clauses.

10. Children

The Services are not directed to children, and we do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK/Switzerland).

11. Changes

We may update this Privacy Policy from time to time. We will update the "Last updated" date when we do.

12. Copyright & DMCA

For copyright infringement claims, see our DMCA Policy.

13. Contact

Questions or requests? Contact us at support@reputable.click.