// Legal

Privacy Policy

Last updated: February 6, 2026
Back

Privacy Policy

This Privacy Policy explains how Kaytos, LLC ("Kaytos", "Reputable Click", "we", "us", or "our") collects, uses, and shares information when you use reputable.click and related services (the "Services").

This policy covers:

  • Visitors to our websites and documentation;
  • Users of our dashboard and accounts;
  • Information processed when customers integrate Reputable Click into their own websites/apps (for example, calls to scoring endpoints, verification redirects, and event ingestion).

For cookie and similar technology information, see our Cookies Policy.

1. Roles: Controller vs. Processor

We primarily act as a data processor (service provider) on behalf of our customers.

Depending on how the Services are used, Kaytos may act as:

  • A data controller for information we collect about our own website visitors and account holders (for example, when you create a dashboard account or contact us directly); and
  • A data processor / service provider for information processed on behalf of a customer about the customer's end users ("End-User Data") when the customer uses the Services for bot protection, verification, fraud prevention, and security.

When we act as a processor, we process End-User Data solely on behalf of and under the instructions of the customer. The customer is the data controller responsible for determining the purposes and means of processing, for providing appropriate privacy notices to their end users, and for obtaining any required consents.

If you are an end user of a customer's website or app, your interaction with our verification services is governed by that customer's privacy notice. Please review the customer's privacy policy for information about how they use bot protection and verification services. Any requests regarding End-User Data (such as access, correction, or deletion) should be directed to the customer. We will assist customers in responding to such requests in accordance with our agreements with them.

2. Information We Collect

A. Information you provide to us

  • Account information (e.g., name, email, profile image) and authentication information from sign-in providers such as GitHub or Google.
  • Customer configuration (e.g., rules, allowlists/denylists, and settings you create in the dashboard).
  • Support and communications (e.g., emails you send us, and information you include in support requests).

B. Information we collect automatically on our sites/apps

  • Log and device information such as IP address, user agent, device identifiers, timestamps, pages viewed, and referring URLs.
  • Session and security information such as cookies used for authentication and security controls.

C. Information processed when customers use Reputable Click

When a customer integrates our Services (including verification redirects and API endpoints), we may process signals on behalf of the customer including:

  • IP address and network data (e.g., ASN, approximate location such as country/region/city/postal code inferred from IP);
  • User agent and general device/browser characteristics;
  • TLS connection characteristics and network protocol signals;
  • Session identifiers provided by the customer or generated during verification;
  • Page context that a customer chooses to send (for example: referring page, timezone, language);
  • Events that customers send from their backend (for example: purchase, account creation, failed login), which may include customer-defined identifiers or metadata.

We also use technical signals and analysis methods to distinguish automated traffic from human visitors. The specific methods used are proprietary and confidential.

Customers control what data they send to us. We ask customers not to send unnecessary or sensitive personal information.

D. Third-Party Verification Services

During the verification process, we may use third-party captcha services such as hCaptcha or Google reCAPTCHA to help verify that visitors are human. These services are governed by their own privacy policies:

3. How We Use Information

We use information to:

  • Provide, operate, and maintain the Services on behalf of customers (including verification, scoring, and classification);
  • Return results to customers so they can make decisions about traffic on their sites;
  • Detect, prevent, and investigate abuse, security incidents, fraud, and technical issues;
  • Improve and develop the Services (including debugging and performance analysis);
  • Communicate with you about the Services (support, service messages, and administrative communications);
  • Comply with legal obligations.

When processing End-User Data as a processor, we use information only as instructed by the customer and as necessary to provide the Services.

4. Legal Bases (EEA/UK/Switzerland)

Where GDPR or similar laws apply, we process personal data under legal bases such as:

  • Performance of a contract (providing the Services to account holders/customers);
  • Legitimate interests (security, fraud prevention, and improving the Services);
  • Compliance with legal obligations.

For End-User Data processed on behalf of customers, the customer (as controller) is responsible for establishing the applicable legal basis. Our processing as a processor is governed by our Data Processing Agreement with the customer.

5. How We Share Information

We may share information:

  • With service providers that help us run the Services (for example hosting/CDN providers, database providers, and error monitoring). They are authorized to process information only as necessary to provide services to us.
  • With identity providers (e.g., GitHub, Google) when you choose to sign in using those providers.
  • With customers, as part of providing the Services (for example, verification and scoring results returned to the customer).
  • With third-party verification providers (e.g., hCaptcha, reCAPTCHA) as necessary to perform verification challenges.
  • For legal reasons, such as to comply with law, protect rights and safety, or respond to lawful requests.
  • Across infrastructure instances, where data may be replicated between our server instances in different geographic regions for availability and redundancy purposes.

We do not sell or share personal information in the sense of "selling" or "sharing" under the CCPA/CPRA.

Subprocessors

We use the following service providers (subprocessors) to help operate the Services:

ProviderPurposeLocation
Hetzner Online GmbHCloud infrastructure and hostingGermany / Finland / United States
Microsoft Corporation (Azure)Cloud infrastructure and hosting (optional)United States (global regions)
Cloudflare, Inc.CDN, DDoS protection, edge computeUnited States (global edge)
Intuition Machines (hCaptcha)Verification challengesUnited States
Google LLCVerification challenges (reCAPTCHA), Authentication (optional)United States
GitHub, Inc. (Microsoft)Authentication provider (optional)United States

For customers subject to GDPR or similar laws, please see our Data Processing Agreement for more details.

6. Data Retention

We retain information for as long as necessary to provide the Services and for legitimate business purposes such as security and compliance.

For security signals processed on behalf of customers, the Services are designed to use short-lived retention. For example:

  • Verification status (e.g., recent captcha completion): approximately 1 hour
  • Session and behavioral counters: minutes to hours
  • Aggregated reputation signals: up to 7-90 days depending on the signal

Backups and logs may be retained for additional periods consistent with operational needs and legal requirements.

When we act as a processor, we retain End-User Data in accordance with our agreement with the customer and delete or return it upon termination as directed.

7. Security

We use reasonable administrative, technical, and physical safeguards designed to protect information. No security measures are perfect, and we cannot guarantee absolute security.

8. Your Choices and Rights

Account holders

You may be able to access, correct, or delete certain account information through the dashboard. You can also contact us to request access, correction, or deletion, subject to verification and legal exceptions.

End users of customers

If a customer uses Reputable Click on their site (including verification redirects), the customer is the controller for that End-User Data. Please contact the customer directly for privacy requests relating to that customer's site or app. We will assist customers in responding to valid requests as required by law and our agreements.

EEA/UK/Switzerland and other regions

Depending on your location, you may have rights such as access, deletion, correction, portability, or objection/restriction. You may also have the right to lodge a complaint with a supervisory authority.

9. International Transfers

We may process and store information in the United States and other countries where we or our service providers operate. Where required, we use appropriate safeguards for cross-border transfers, such as Standard Contractual Clauses.

10. Children

The Services are not directed to children, and we do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK/Switzerland).

11. Changes

We may update this Privacy Policy from time to time. We will update the "Last updated" date when we do.

12. Copyright & DMCA

For copyright infringement claims, see our DMCA Policy.

13. Contact

Questions or requests? Contact us at support@reputable.click.