Privacy Policy

Deflector (“we”, “our”, “us”) operates the Deflector bot-detection and content-poisoning platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

1. Information We Collect

Account & Contact Information

When you create an account, we collect your email address and any profile details you choose to provide. We do not collect payment card data directly — all billing is handled by Stripe, our payment processor.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, API call volumes, and timestamps. This helps us improve the product and enforce plan limits.

Bot Detection Data

When our detection script runs on your site, it processes signals from incoming HTTP requests — including IP addresses, user-agent strings, request headers, and behavioral fingerprints — to classify traffic as human or bot. This data is associated with your site and stored on our servers for analytics and reporting.

Cookies & Local Storage

We use session cookies for authentication and small amounts of local storage for UI preferences. Our detection script may set cookies on your end-users' browsers as part of the fingerprinting process. You are responsible for disclosing this to your own users in your site's privacy policy.

2. How We Use Your Information

• Provide, operate, and improve the Service
• Process transactions and send billing-related communications
• Send product updates, security alerts, and support messages
• Detect, investigate, and prevent fraudulent or abusive activity
• Comply with legal obligations
• Generate anonymized, aggregated statistics about bot traffic trends

We do not sell your personal data to third parties, and we do not use your data to train AI models.

3. Sharing & Disclosure

We may share your information with:

• Service providers — Supabase (database), Stripe (billing), Anthropic (AI content generation), and infrastructure providers, each bound by data processing agreements.
• Legal authorities — when required by law, court order, or to protect the rights and safety of Deflector or its users.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

4. Data Retention

We retain account data for as long as your account is active. Bot-event logs are retained for 90 days on the Free plan and 12 months on Pro and Business plans. You may request deletion of your data at any time by contacting us.

5. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. No system is perfectly secure, and we cannot guarantee absolute security.

6. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data, or to object to or restrict certain processing. To exercise these rights, email us at privacy@deflector.ai. We will respond within 30 days.

7. Children

The Service is not directed to children under 16. We do not knowingly collect personal information from anyone under 16. If you believe we have inadvertently done so, contact us and we will delete the information promptly.

8. International Transfers

Our servers are located in the United States. By using the Service from outside the US, you consent to the transfer of your data to the US. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting a notice in the dashboard or sending an email. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

10. Contact

Questions or concerns about this policy? privacy@deflector.ai