BlockBots
Legal

Privacy Policy

This policy explains what data BlockBots collects, how we use it, and what rights you have over your information.

Last updated: May 7, 2025

1. Introduction

BlockBots ("we", "us", or "our") is committed to protecting the privacy of our customers, website visitors, and end users. This Privacy Policy describes how we collect, use, store, share, and protect personal information in connection with our website at blockbots.org and our bot detection and traffic filtering platform (collectively, the "Service").

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of the Service.

2. Who We Are & Roles

BlockBots operates as a data controller for personal information we collect directly from visitors to our marketing website and from customers who create accounts (e.g., name, email, billing details).

BlockBots operates as a data processor for traffic metadata (such as IP addresses, request headers, and behavioral signals) that our customers route through the Service to protect their own websites and APIs. In that capacity, we process data on behalf of our customers according to their instructions and our Data Processing Agreement.

For questions about either role, contact us at support@blockbots.org.

3. Information We Collect

3.1 Account & Contact Information

When you register for an account or contact us, we collect:

  • Full name and email address
  • Company name (if applicable)
  • Billing address and payment method details (processed securely via our payment provider; we do not store full card numbers)
  • Communications you send us, including support requests

3.2 Service Usage & Technical Data

When you use the Service or visit our website, we automatically collect:

  • IP address and approximate geographic location
  • Browser type, version, and operating system
  • Pages visited, time spent, and referring URLs
  • API request logs, error reports, and feature usage patterns
  • Cookies and similar tracking technologies (see Section 7)

3.3 Customer Traffic Data (Processor Role)

When our customers use the Service to analyze traffic on their own properties, we process metadata about that traffic on their behalf. This may include visitor IP addresses, HTTP headers, device fingerprints, and behavioral signals. This data is processed solely to deliver bot detection functionality and is not used for any other purpose.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To provision, operate, maintain, and improve the Service.
  • Account management: To create and manage your account, authenticate you, and communicate with you about your subscription.
  • Billing: To process payments, send invoices, and manage your subscription plan.
  • Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
  • Security: To detect, prevent, and investigate fraud, abuse, or unauthorized access to the Service.
  • Service improvement: To analyze aggregated and anonymized usage data to improve detection accuracy and platform performance.
  • Legal compliance: To comply with applicable legal obligations, enforce our Terms of Service, and respond to lawful requests from authorities.
  • Communications: To send important service notifications, policy updates, and (with your consent) product announcements or newsletters.

We do not sell your personal information to third parties. We do not use your data for targeted advertising.

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Contract performance: Processing necessary to deliver the Service you have subscribed to.
  • Legitimate interests: To operate, secure, and improve our platform, provided these interests are not overridden by your rights.
  • Legal obligation: Where we are required to process data to comply with applicable law.
  • Consent: For optional communications such as marketing emails, where we rely on your explicit opt-in consent.

6. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We may share your data only in the following limited circumstances:

  • Service providers: Trusted third-party vendors who assist in operating the Service (e.g., cloud infrastructure, payment processing, email delivery). These parties are contractually bound to process data only on our instructions and in accordance with this policy.
  • Payment processors: Billing and payment data is handled by our payment provider (e.g., Stripe). We do not store full payment card details on our servers.
  • Legal requirements: We may disclose information if required to do so by law, court order, or valid governmental request, or to protect the rights, property, or safety of BlockBots, our customers, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of all or part of our business, your data may be transferred to the acquiring entity, subject to the same privacy protections.

7. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to ensure the Service functions correctly, remember your preferences, and understand how visitors use our site. Specifically, we use:

  • Essential cookies: Required for the website and dashboard to function. These cannot be disabled without affecting service functionality.
  • Analytics cookies: Used to collect aggregated, anonymized data about page visits and usage patterns to help us improve the Service.
  • Session cookies: Temporary cookies used to maintain your authenticated session in the dashboard.

You can control cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service. We do not use third-party advertising or behavioral tracking cookies.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Account data: Retained for the duration of your account and for up to 90 days following account closure, after which it is deleted or anonymized.
  • Traffic logs (processor role): Raw traffic metadata processed on behalf of customers is retained for a maximum of 30 days.
  • Billing records: Retained for up to 7 years as required for tax and financial compliance.
  • Support communications: Retained for up to 2 years to assist with follow-up inquiries.

After the applicable retention period, data is securely deleted or irreversibly anonymized.

9. Data Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/HTTPS
  • Encryption of sensitive data at rest
  • Access controls and role-based permissions for internal systems
  • Regular security reviews and infrastructure monitoring

While we take security seriously, no system is completely immune to risk. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law.

10. International Data Transfers

BlockBots may store and process data in data centers located outside your country of residence. If you are located in the EEA or UK and your data is transferred to a country that does not provide an equivalent level of data protection, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at support@blockbots.org. We will respond within 30 days. If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

12. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16. If we become aware that we have inadvertently collected such data, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at support@blockbots.org.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will provide notice via email or a prominent notice within the platform. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, requests, or concerns about this Privacy Policy or how we handle your data, please reach out:

BlockBots — Privacy Team
support@blockbots.org
blockbots.org/contact

We aim to respond to all privacy-related inquiries within 5 business days.