Back to Cloaking Legion

Privacy Policy

Cloaking Legion — Professional Cloaking for Traffic Arbitrage

Effective Date: June 14, 2026 | Last Updated: June 14, 2026

Welcome to Cloaking Legion ("Company," "we," "our," "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (https://cloakinglegion.com), the Cloaking Legion SaaS platform, our browser fingerprint checker, and any related services (collectively, the "Service").

By accessing or using our Service, you agree to the terms outlined in this policy. If you do not agree, please discontinue use immediately.

1. Interpretation and Definitions

  • "Personal Data" means any information that relates to an identified or identifiable individual.
  • "Processing" means any operation performed on personal data, such as collection, storage, use, transfer, or deletion.
  • "Controller" means the entity that decides how and why personal data is processed. For the Service, Cloaking Legion is the Data Controller.
  • "Data Subject" means the individual whose personal data is being processed (i.e., you, the user).

2. Data Controller Details

If you have any questions about this policy, please contact our Data Protection Office:

3. What Data We Collect

We collect data to provide our cloaking and traffic analysis services. The types of data depend on your interaction with us:

3.1. Account & Registration Data

When you sign up for a plan (Start, Standard, Business, Corporate), we collect:

  • Email address.
  • Username and a hashed password (we never see your raw password).
  • Payment transaction IDs (we do not store full credit card numbers; payments are processed by encrypted third-party gateways).
  • Account preferences, plan tier, and team role (Admin, Team Lead, Buyer, Analyst).

3.2. Technical & Usage Data (Essential for Cloaking Service)

To filter traffic and protect your ad campaigns, our system automatically processes technical data about visitors routed through your campaigns. This is the core of our service. We act as a Data Processor on your behalf for this specific data:

  • IP Addresses: Temporarily analyzed to determine proxy/VPN usage, geo-location (country/city level), and connection type. Logs are anonymized or deleted within 72 hours.
  • Device Fingerprint Components: User-Agent, Client Hints, Screen Resolution, Canvas hash, WebGL hash, AudioContext fingerprint, and installed fonts. We use these solely to detect bots, headless browsers, or ad network moderators.
  • HTTP Header Data: Referer URL, Accept-Language, Sec-Fetch-Site headers.
  • WebRTC Leak Data: Examined to detect real IP addresses behind VPNs.

Important: This visitor-level technical data is processed in real-time for filtering decisions. We do not resell this data, use it for cross-site advertising, or build user profiles beyond the scope of your campaign's protection.

3.3. Usage Analytics

  • Service Metrics: Campaign performance data (ROI, CPA, clicks, conversions) processed via our built-in tracker.
  • Website Analytics: When browsing our public website, we collect anonymized interaction data (pages visited, time on site) via self-hosted analytics. No third-party tracking cookies are used on our marketing site.

3.4. Communication Data

  • Messages sent via our ticket system, Telegram Bot, or direct email to support.
  • Partner/Affiliate program data: Your payout wallet address (USDT TRC20), referral statistics, and commission earnings.

4. How We Use Your Data (Purposes & Legal Basis)

Under the GDPR and similar 2026 international privacy frameworks, we rely on the following legal bases:

Purpose Data Types Used Legal Basis
Account creation, authentication, and billing Account Data Contractual Necessity
Providing core cloaking/traffic filtering services Technical & Fingerprint Data Contractual Necessity + Legitimate Interest (fraud prevention)
Detecting ad platform moderators, bots, and spy services Fingerprint & Header Data Legitimate Interest (protecting your ad accounts)
Valid Click Feedback™ (sending quality signals to ad networks) Aggregated, anonymized click patterns Legitimate Interest (optimizing ad delivery)
Affiliate/Referral program management Account Data, Referral Stats Contractual Necessity
Customer support & responding to tickets Communication Data Legitimate Interest (support) / Consent
Security, abuse, and Terms of Service violation detection All Technical Data Legal Obligation / Legitimate Interest

5. Data Retention Policy

We retain your data only as long as necessary:

  • Account Data: Retained for the life of your account plus 24 months after closure, to handle billing disputes or legal claims.
  • Campaign Visitor Logs (IP, fingerprints): Automatically deleted or fully anonymized within 72 hours from the time of the visit. Aggregated statistics (click counts) are kept indefinitely.
  • Support Tickets: Archived 12 months after resolution.
  • Payment Records: Retained for the duration required by applicable tax and accounting laws (typically 7-10 years).

6. Data Sharing and Third-Party Processors

We do not sell your personal data. We share data only with the following categories of processors to run our business:

  • Infrastructure Providers: Cloud hosting providers (e.g., OVH, Hetzner, AWS) to host our servers and databases. Servers are located in the European Union and Switzerland.
  • Payment Gateways: Cryptocurrency and card processors to process plan subscriptions. We do not receive your full card number.
  • Affiliate Payouts: Blockchain networks (TRC20) for USDT commission transfers.

All third-party processors are vetted and bound by Data Processing Agreements (DPAs) ensuring compliance with 2026 international data transfer regulations.

7. Cookies and Tracking Technologies

Our public website (cloakinglegion.com) uses minimal cookies:

  • Essential Cookies: Session cookies for login state, language preference (`lang` cookie), and referral identification (`ref_by` cookie). These do not require consent under ePrivacy 2026 rules as they are strictly necessary.
  • Analytics Cookies: Our self-hosted analytics uses a first-party cookie to measure page views. No data leaves our servers.

Our SaaS platform (legion.ac) uses session tokens for authentication. We do not use third-party advertising cookies or tracking scripts.

8. International Data Transfers

Cloaking Legion operates globally. Your data may be processed on servers located in the EU, Switzerland, or other countries deemed to provide an "adequate level of protection" by the European Commission. For any transfers to third countries, we ensure appropriate safeguards, such as Standard Contractual Clauses (2021/914) as amended in 2026, or equivalent legal mechanisms.

9. Your Data Protection Rights (2026 Standards)

Depending on your jurisdiction (EU, UK, California, Brazil, etc.), you have comprehensive rights:

  • Right to Access: Request a copy of your personal data.
  • Right to Rectification: Correct any inaccurate data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention requirements.
  • Right to Restrict Processing: Limit how we use your data while a dispute is resolved.
  • Right to Data Portability: Receive your account data in a structured, machine-readable format (JSON/CSV).
  • Right to Object: Object to processing based on legitimate interests. You can object to specific fingerprinting by ceasing to use the Service, as this processing is essential for campaign cloaking.
  • Automated Decision-Making: Our service makes automated decisions (flagging a visitor as a bot/moderator). This is a contractual requirement for our cloaking service. You may request human review of any automated filtering rules affecting your traffic.

To exercise any of these rights, email [email protected] with the subject "Data Subject Request". We will respond within one calendar month, as mandated by the 2026 GDPR Art. 12 amendments.

10. Security Measures

We implement technical and organizational measures to ensure a level of security appropriate to the risk:

  • Encryption in transit (TLS 1.3) and at rest (AES-256).
  • Strict firewall rules and DDoS mitigation on all API endpoints.
  • Regular penetration testing and code audits.
  • Role-Based Access Control (RBAC) for team accounts.
  • Two-Factor Authentication (2FA) available for all plans.

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect data from children. If we become aware that a child under 18 has provided us with personal information, we will delete it immediately.

12. Changes to This Privacy Policy

We may update this policy periodically to reflect changes in our practices or legal obligations. If material changes occur, we will notify you via email to the address associated with your account and display a prominent notice on our Service dashboard. The "Last Updated" date at the top of this page will always reflect the latest version.

13. Legal Jurisdiction & Disputes

This Privacy Policy is governed by the laws of the European Economic Area (EEA). For any disputes that cannot be resolved informally, you agree to the exclusive jurisdiction of the courts in the EEA member state of the Data Controller's main establishment.

Contact Information

For any clarification regarding this policy or to exercise your rights, please contact:

Thank you for trusting Cloaking Legion to protect your traffic. We take your privacy as seriously as we take your campaign security.