// Legal

Privacy Policy

Last updated: December 14, 2025
Back

Privacy Policy

This Privacy Policy explains how Kaytos, LLC ("Kaytos", "Reputable Click", "we", "us", or "our") collects, uses, and shares information when you use reputable.click and related services (the "Services").

This policy covers:

  • Visitors to our websites and documentation;
  • Users of our dashboard and accounts;
  • Information processed when customers integrate Reputable Click into their own websites/apps (for example, calls to scoring endpoints and event ingestion).

For cookie and similar technology information, see our Cookies Policy.

1. Roles: Controller vs. Processor

Depending on how the Services are used, Kaytos may act as:

  • A data controller for information we collect about our own website visitors and account holders; and
  • A data processor / service provider for information that a customer submits to us about the customer’s end users ("End-User Data") when the customer uses the Services for bot protection, reputation scoring, fraud prevention, and security.

If you are an end user of a customer, please review the customer’s privacy notice. Requests about End-User Data are often best directed to the customer.

2. Information We Collect

A. Information you provide to us

  • Account information (e.g., name, email, profile image) and authentication information from sign-in providers such as GitHub or Google.
  • Customer configuration (e.g., rules, allowlists/denylists, and settings you create in the dashboard).
  • Support and communications (e.g., emails you send us, and information you include in support requests).

B. Information we collect automatically on our sites/apps

  • Log and device information such as IP address, user agent, device identifiers, timestamps, pages viewed, and referring URLs.
  • Session and security information such as cookies used for authentication and security controls.

C. Information processed when customers use Reputable Click

When a customer sends requests to our APIs (for example, scoring endpoints), we may process signals including:

  • IP address and network data (e.g., ASN, approximate location such as country/region/city/postal code inferred from IP or provided by edge headers);
  • User agent and device/browser/OS characteristics;
  • TLS / HTTP fingerprint signals (for example: JA3, JA4 fingerprints) when available;
  • Session identifiers provided by the customer (or generated client-side), and optional browser fingerprint identifiers (e.g., a FingerprintJS visitor ID);
  • Page context that a customer chooses to send (for example: page URL/path/query/title, timezone, language, screen size);
  • Optional bot detection results a customer chooses to send (for example, outputs from BotD);
  • Events that customers send from their backend (for example: purchase, account creation, failed login, honeypot triggers), which may include customer-defined user IDs or metadata.

Customers control what they send. We ask customers not to send unnecessary or sensitive personal information.

3. How We Use Information

We use information to:

  • Provide, operate, and maintain the Services (including authentication, provisioning, and configuration);
  • Compute scores and classifications, and provide results back to customers;
  • Detect, prevent, and investigate abuse, security incidents, fraud, and technical issues;
  • Improve and develop the Services (including debugging and performance analysis);
  • Communicate with you about the Services (support, service messages, and administrative communications);
  • Comply with legal obligations and enforce these Terms.

4. Legal Bases (EEA/UK/Switzerland)

Where GDPR or similar laws apply, we process personal data under legal bases such as:

  • Performance of a contract (providing the Services to account holders/customers);
  • Legitimate interests (security, fraud prevention, and improving the Services);
  • Compliance with legal obligations;
  • Consent, where required (for example, for certain cookies or fingerprinting on a customer’s site, which is typically handled by the customer).

5. How We Share Information

We may share information:

  • With service providers that help us run the Services (for example hosting/CDN providers, database providers, and error monitoring). They are authorized to process information only as necessary to provide services to us.
  • With identity providers (e.g., GitHub, Google) when you choose to sign in using those providers.
  • With customers, as part of providing the Services (for example, scoring results returned to the customer for that request).
  • For legal reasons, such as to comply with law, protect rights and safety, or respond to lawful requests.

We do not sell personal information in the sense of "selling" under the CCPA/CPRA.

Subprocessors

We use the following service providers (subprocessors) to help operate the Services:

ProviderPurposeLocation
Hetzner Online GmbHCloud infrastructure and hostingGermany / Finland
Cloudflare, Inc.CDN, DDoS protection, edge computeUnited States (global edge)
GitHub, Inc. (Microsoft)Authentication provider (optional)United States
Google LLCAuthentication provider (optional)United States

For customers subject to GDPR or similar laws, please see our Data Processing Agreement for more details.

6. Data Retention

We retain information for as long as necessary to provide the Services and for legitimate business purposes such as security, analytics, and compliance.

For scoring and security signals, the Services are designed to use short-lived and rolling retention windows. For example, some counters and mappings may expire in minutes or hours, while some aggregated security and reputation signals may be retained longer (for example up to ~7 days or ~90 days depending on the signal and configuration).

Backups and logs may be retained for additional periods consistent with operational needs and legal requirements.

7. Security

We use reasonable administrative, technical, and physical safeguards designed to protect information. No security measures are perfect, and we cannot guarantee absolute security.

8. Your Choices and Rights

Account holders

You may be able to access, correct, or delete certain account information through the dashboard. You can also contact us to request access, correction, or deletion, subject to verification and legal exceptions.

End users of customers

If a customer uses Reputable Click on their site, the customer is typically the controller for that End-User Data. Please contact the customer directly for privacy requests relating to that customer’s site or app.

EEA/UK/Switzerland and other regions

Depending on your location, you may have rights such as access, deletion, correction, portability, or objection/restriction. You may also have the right to lodge a complaint with a supervisory authority.

9. International Transfers

We may process and store information in the United States and other countries where we or our service providers operate. Where required, we use appropriate safeguards for cross-border transfers.

10. Children

The Services are not directed to children, and we do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK/Switzerland).

11. Changes

We may update this Privacy Policy from time to time. We will update the "Last updated" date when we do.

12. Copyright & DMCA

For copyright infringement claims, see our DMCA Policy.

13. Contact

Questions or requests? Contact us at support@reputable.click.