Data Processing Addendum
This Data Processing Addendum ("DPA") applies where Cloackit processes personal data on your behalf (for example, visitor IPs, headers, and session recordings). For this processing you are the controller and we are the processor.
Scope & roles
We process visitor personal data only to provide the filtering, hosting, analytics, and recording features you configure, and on your documented instructions (your dashboard settings).
Our commitments
- Process personal data only as needed to provide the Service.
- Apply appropriate technical and organizational security measures.
- Ensure people authorized to process the data are bound by confidentiality.
- Assist you, where reasonable, with data-subject requests and security obligations.
- Delete or return personal data on termination, subject to legal retention.
Subprocessors
You authorize us to engage the subprocessors listed on our Subprocessors page. We remain responsible for their compliance with this DPA.
Ad-platform OAuth (optional)
When you connect an advertising account (Google Ads, Microsoft Advertising, Meta Ads), you instruct us to transmit, on your behalf, the visitor IP addresses and click metadata our engine classified as invalid to that platform's API, for the sole purpose of (i) updating your campaign-level IP-exclusion list and (ii) requesting invalid-click adjustments. You may revoke the OAuth grant from your dashboard or directly on the advertising platform at any time; on revocation we delete the stored refresh token and stop the data flow within 24 hours.
International transfers
Where data is transferred across borders, we rely on appropriate safeguards as required by applicable law.
Your responsibilities
You are responsible for having a lawful basis to collect and process your visitors' data, for providing any required notices, and for obtaining any required consent.
Contact
Data-protection contact: privacy@cloackit.com.
JURE KALFIC, Sole Member
900 Bonita Dr
Aspen, CO 81611
United States
support@cloackit.com