Privacy Policy

This Privacy Policy document outlines the privacy measures of Glade (referred to as "Glade", "the service", "we", or "us"), in relation to our website ("the Website"), and any features, products, and online services (referred to as "services") provided by Glade. We value the privacy of our visitors and users. This Privacy Policy details the types of data and information that we collect and how we safeguard this data.

Glade provides services to help our customers detect and prevent fraud, VPN usage, proxy connections, and abuse on their platforms, including websites, applications, and online services.

In providing these services, Glade acts either as a data processor or a data controller, depending on the context, as outlined below.

We are fully committed to protecting the privacy of individuals and handling personal data responsibly and transparently.

For data collected during fraud prevention validation activities performed on behalf of our customers (e.g., IP addresses, user IDs, etc...), Glade acts as a data processor. Our customers, the service owners/operators, are the data controllers and determine the purposes and means of processing.

For data related to Glade's services, when we collect and process personal data for our own purposes, such as when you create an account on our site, or contact us for support, Glade acts as a data controller. In this case, we determine the purposes and means of processing personal data.

Depending on the service (IP detection, VPN blocking, proxy detection), the information we collect and process may differ. The following minimal data is collected:

• IP addresses for threat detection and geolocation
• User agent strings for device fingerprinting
• Request timestamps and response times
• Geolocation information derived from the public IP address
• ASN (Autonomous System Number) information for network identification

Please refer to the geolocation section to learn more about how we handle IP geolocation and what it means to privacy.

By accessing or using our verification services (e.g., IP detection, VPN blocking, etc...), you acknowledge and consent to the processing of the above-mentioned data as described, in accordance with the General Data Protection Regulation (GDPR). This data is processed solely for the purpose of providing the requested verification services and is handled on behalf of the data controller, as we act as a data processor under GDPR.

As a data processor, we do not directly handle requests from individuals regarding the processing of this data (e.g., access, rectification, or deletion requests). Such requests should be directed to the relevant data controller, who is responsible for managing your personal data. For more information about the data controller's identity and how to contact them, please refer to their privacy policy or contact them directly.

Your continued use of our services constitutes your agreement to this data processing. If you do not consent to the processing of the listed data, please refrain from using our verification services, rendering impossible the verification of your connection and hence the use of our customers' (the data controllers) services.

The processing of the above data is necessary to support our customers' legitimate interest (Article 6(1)(f) GDPR) in:

• Preventing fraudulent activity
• Detecting and blocking spammers, raiders, and abusive users
• Detecting and blocking VPN, proxy, Tor and other anonymization services
• Maintaining a secure and reliable environment for their services

Glade also pursues its own legitimate interests in securing its services and infrastructure.

• We will retain your data for as long as it is necessary to fulfill the purpose and legitimate interests for which it was collected, unless otherwise required by law.
• If formally instructed by the data controller, and where legally permitted, we will remove or anonymize the data.
• The data controller does not have the right to delete or remove your data if it also affects our or other customers' legitimate interest.

We do not accept or process direct requests to delete entries from our fraud prevention databases unless formally instructed by the data controller, and even then, we might not be able to comply with such requests if the data is being used by more than one customer, or our own legitimate interests are affected.

Deleting such records without authorization would defeat the legitimate interest pursued by our customers and undermine our ability to protect their services and infrastructure, hence we do not allow such deletion requests.

We may process and store data on servers located outside the European Economic Area (EEA). When applicable, appropriate safeguards will be in place to ensure the protection of your data and the compliance with applicable laws.

We currently process and store data on servers located in the following regions: United States, Europe.

We maintain technical and organizational measures appropriate to protect your data from unauthorized access, use, disclosure, alteration, or destruction, including:

• Access controls, such as firewalls, to prevent unauthorized access to our systems and data
• Encryption of data in transit and at rest
• Regular backups of data
• Physical security measures, such as access controls, to prevent unauthorized access to our systems and data

We use the IP address of the user to determine an approximate geographical location. This process is essential for detecting the use of VPNs, proxies, Tor networks, or other anonymization services, as part of our fraud prevention measures.

We do not have access to the user's exact location (e.g: GPS, browser location, etc...), nor do we infer or store precise geolocation data. The information is not provided directly by the user but is derived from their public sources obtained upon TCP/IP connection, specifically geofeed files published by Internet Service Providers (ISPs).

Our geolocation results are based on third-party databases, primarily IP2Location, IPInfo, and IPQualityScore, which aggregates publicly available information, such as ISP-assigned IP ranges. We use these databases to map IP addresses to a general country or region, but not to a specific address or user location.

No sensitive personal information such as a user's exact physical location, home address, or device geolocation is collected or stored by us. Geolocation is based solely on the public assignment of IP prefixes and is only used for legitimate interests such as fraud prevention, service security, and abuse mitigation.

We only share user data with carefully selected third-party service providers when it is necessary to deliver our services, process payments, maintain communications, or ensure the security and functionality of our platform. Data is shared under strict confidentiality agreements and in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

The categories of data and third parties involved are as follows:

• IP Detection Services: We use IP2Location, IPInfo, IPQualityScore, and ProxyCheck.io to determine IP reputation and geolocation for fraud prevention purposes.
• Email and Communications: We use SMTP services for email communications. Email addresses and any information you send to us by email are processed through secure systems.
• Infrastructure and Hosting: Our infrastructure providers may have technical access to certain metadata (such as IP addresses) for operational reasons. We ensure that any providers we use meet strict security and data protection standards.
• Database Services: We use PostgreSQL for data storage and Redis for caching, both with appropriate security measures.

We do not sell, rent, or otherwise disclose personal data to third parties for marketing purposes. Data sharing is limited strictly to what is necessary for the operation, security, compliance, and improvement of our services.

The legal entity responsible for the processing of data on the service is:

Contact:

[email protected]

If you have any questions about this privacy policy, please contact us: