Privacy Policy

Last Updated: January 25, 2026

Welcome to SharkEyes (https://sharkeyes.dev). We provide tools to protect web forms from bots, spam, and abuse. This Privacy Policy explains what data we collect, why we collect it, how we use it, who we may share it with, and your rights.

1. General Information

SharkEyes processes only the minimum data necessary to distinguish real users from automated scripts and to protect forms. We do not collect sensitive personal information such.

This policy applies to all products and services hosted on the domain sharkeyes.dev and related subservices.

2. Data We Collect

The following types of data may be collected when interacting with our forms or widget/service:

  • Mouse movements and clicks — only the fact that an event occurred (e.g., "click happened", "mouse moved"), without storing exact coordinates.
  • Keystrokes — only the fact a key was pressed, without recording the actual characters or combinations.
  • Screen size and pixel ratio — display parameters (width/height in pixels, density) used to identify the device and ensure widget functionality.
  • IP address and country/region — we store the IP in a generalized form and determine country/region, without storing exact geographic coordinates.
  • User-Agent, browser, and device platform — standard identification strings.
  • HTTP headers — headers used to evaluate requests.
  • Domain data (aud) — audience/domain data received in tokens or configuration.

3. Purpose of Data Collection

We use the collected data exclusively for the following purposes:

Bot detection and prevention — analyzing behavior (clicks, movements, time) to distinguish humans from bots.

Form protection and spam reduction — automatic risk assessment and blocking suspicious requests.

Service improvement — usage metrics aggregation and widget functionality monitoring across devices.

Security logs and incident investigation — temporary storage of logs to analyze security events and for debugging.

4. Legal Basis for Processing

We process data based on:

Legitimate interest: fraud prevention, security, and service integrity.

5. Data Retention

General telemetry and aggregated data are deleted after 24 hours if not related to security.

Security-related data is stored for one week and protected with additional measures including hashing.

Logs related to security incidents may be stored up to 2 weeks if necessary.

We apply data minimization — personal identifiers are removed and data aggregated wherever possible.

6. Data Sharing and Disclosure

We do not sell or share your data. Data sharing is limited to the following cases:

  • Cloud and hosting providers (e.g., Vercel) for service delivery.
  • Logging and monitoring providers, if required for service performance and security.
  • Legal authorities, if required by law.

In all cases, we aim to minimize shared data and use data protection agreements where possible.

7. Security

We implement technical and organizational measures to protect data: HTTPS/TLS encryption, least privilege access, hashing sensitive data, regular updates, and anomaly monitoring.

No system is completely secure, but in case of a breach, we will take necessary steps to notify affected users and relevant authorities as required by law.

8. User Rights

You have the right to:

  • Request a copy of your data.
  • Request correction of inaccurate data.
  • Withdraw consent for processing (e.g., stop receiving Telegram notifications).
  • Request deletion of personal data (as allowed by law and if it does not interfere with security investigations or legal obligations).

For all data-related requests (deletion, correction, copy), please use our feedback form.

9. Policy Updates

We may update this Policy from time to time. The last updated date is at the top. For significant changes, we will notify users dashboard notifications.

10. Contact

For questions, data requests, or to exercise your rights, please use:

Feedback form: https://sharkeyes.dev/feedback/

Website: https://sharkeyes.dev