Privacy Policy — SharkEyes

SharkEyes processes only the minimum data necessary to distinguish real users from automated scripts and to protect forms. We do not collect sensitive personal information (such as race, health, financial data, etc.). This policy applies to all products and services hosted on the domain sharkeyes.vercel.app and related subservices.

The following types of data may be collected when interacting with our forms or widget/service:

Mouse movements and clicks — only the fact that an event occurred (e.g., "click happened", "mouse moved"), without storing exact coordinates.
Keystrokes — only the fact a key was pressed, without recording the actual characters or combinations.
Time spent on the page — session duration or time spent on a specific page.
Screen size and pixel ratio — display parameters (width/height in pixels, density) used to identify the device and ensure widget functionality.
Number of form fields — the count of fields in the form for anomaly detection and complexity assessment.
IP address and country/region — we store the IP in a generalized form and determine country/region, without storing exact geographic coordinates.
User-Agent, browser, and device platform — standard identification strings.
HTTP headers — headers used to evaluate requests (e.g., sec-fetch-site, sec-fetch-mode, sec-fetch-dest, sec-ch-ua, sec-ch-ua-platform, sec-ch-ua-mobile, accept, accept-language, accept-encoding, connection, sec_fetchaud, etc.).
Telegram Chat ID — only if voluntarily provided by the user for notifications; Chat ID itself does not include message content.
Email and name — if provided in a contact form; these are deleted after 2 weeks.
Domain data (aud) — audience/domain data received in tokens or configuration (e.g., aud in JWT).

We use the collected data exclusively for the following purposes: Bot detection and prevention — analyzing behavior (clicks, movements, time) to distinguish humans from bots. Form protection and spam reduction — automatic risk assessment and blocking suspicious requests. Service improvement — usage metrics aggregation and widget functionality monitoring across devices. Notifications — sending Telegram alerts if the user voluntarily provided a Chat ID. Security logs and incident investigation — temporary storage of logs to analyze security events and for debugging.

We process data based on:

Legitimate interest: fraud prevention, security, and service integrity.
User consent: for example, when voluntarily providing a Telegram Chat ID for notifications.

General telemetry and aggregated data are deleted after one week if not related to security. Security-related data is stored for one month and protected with additional measures including hashing. Email and name provided via contact forms are deleted after 2 weeks. Logs related to security incidents may be stored up to 1 year if necessary. We apply data minimization — personal identifiers are removed and data aggregated wherever possible.

We do not sell your data. Sharing is limited to: Cloud and hosting providers (e.g., Vercel) for service delivery. Logging and monitoring providers, if required for service performance and security. Legal authorities, if required by law. In all cases, we aim to minimize shared data and use data protection agreements where possible.

We implement technical and organizational measures to protect data: HTTPS/TLS encryption, least privilege access, hashing sensitive data, regular updates, and anomaly monitoring. No system is completely secure, but in case of a breach, we will take necessary steps to notify affected users and relevant authorities as required by law.

You have the right to:

Request a copy of your data.
Request correction of inaccurate data.
Withdraw consent for processing (e.g., stop receiving Telegram notifications).
Request deletion of personal data (as allowed by law and if it does not interfere with security investigations or legal obligations).
For all data-related requests (deletion, correction, copy), please use: /feedback/

SharkEyes uses minimal client-side scripts for behavioral telemetry. Cookies or localStorage are only used to identify widget sessions and temporarily buffer data — no personal data is stored there.

Our service is not intended for children under 14. We do not knowingly collect data from children. If you believe we have received such data, contact us via /feedback/ and we will delete it.

We may update this Policy from time to time. The last updated date is at the top. For significant changes, we will notify users via email or dashboard notifications.

For questions, data requests, or to exercise your rights, please use:
Feedback form: https://sharkeyes.vercel.app/feedback/
Website: https://sharkeyes.vercel.app