Legal

Privacy Policy

Last updated: June 8, 2026 · Applies to all CloakMe accounts

CloakMe ("we", "us", "our") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights over it. By using our service, you agree to the collection and use of information as described here.

1. Information We Collect

Account Information

When you register, we collect your email address, username, and a hashed (bcrypt) password. We never store plain-text passwords.

Click and Traffic Data

For each redirect processed through CloakMe, we collect and store the following data points:

Data Point	Purpose	Retention
IP address (visitor)	Filter evaluation, geo-targeting, analytics	90 days
Country code	Geo-filter, analytics dashboard	90 days
User-Agent string	Device/browser/OS detection, bot filtering	90 days
Referrer URL	Email scanner detection, filter evaluation	Not stored after evaluation
Action taken (offer/white)	Analytics, click counting	90 days
Timestamp	Analytics, monthly quota tracking	90 days

Payment Information

Payments are processed exclusively by NOWPayments. We do not store credit card numbers or bank details. We store only payment status, plan name, cryptocurrency type, and the NOWPayments transaction ID for your records.

Technical Data

We collect standard server logs including HTTP request method, response code, and timestamp. These logs are used for debugging and security purposes and are retained for 30 days.

2. How We Use Information

Provide, operate, and improve the CloakMe service
Evaluate incoming traffic against your campaign filter rules
Display analytics dashboards to you about your campaigns
Enforce subscription usage limits (click quotas)
Detect and prevent abuse, fraud, and Terms of Service violations
Send transactional emails (account creation, payment confirmation) — we do not send marketing emails without consent

3. Third-Party Services

We use the following third-party services that may process data on our behalf:

ipinfo.io — Used to look up geolocation, ASN, and organization information for visitor IPs. Only the visitor's IP is sent. See ipinfo.io Privacy Policy.
NOWPayments — Cryptocurrency payment processor. Handles all payment transactions. See NOWPayments Privacy Policy.
Google Fonts — Fonts loaded from Google's CDN. See Google Privacy Policy.

We do not sell, rent, or share your personal data with any other third parties for marketing purposes.

4. Data Security

We implement reasonable technical measures to protect your data, including bcrypt password hashing, httpOnly JWT cookies, and HMAC-verified webhooks. However, no system is completely secure and we cannot guarantee absolute security.

5. Data Retention

Click data is retained for 90 days and then automatically purged. Account data is retained for the life of your account plus 30 days after deletion. You may request deletion of your account and associated data at any time via our contact page.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your account and data
Export your campaign configuration data
Withdraw consent for data processing (which may require account deletion)

To exercise these rights, please contact us.

7. Cookies

We use a single httpOnly session cookie (access_token) to keep you logged in. We do not use tracking cookies or third-party advertising cookies. A refresh token cookie (refresh_token) is also set for automatic session renewal.

8. Children

CloakMe is not directed at children under 16. We do not knowingly collect information from children. If you believe a child has created an account, please contact us for removal.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users of material changes by email. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

Privacy questions or data requests? Contact us here.