Privacy Policy

1. Who We Are

CloakBioGuard is operated by WellnessLabs LLC. This Privacy Policy explains what information we collect, how we use it, and what rights you have when you use our site and services.

2. Data We Collect

We collect only the information needed to provide, secure, and improve the service:

• Account data: Google account identifier (sub), email address, and basic profile data if provided by Google.
• Payment data: Stripe checkout and payment metadata (for example, session ID, amount, package, payment status). We do not store full card numbers.
• Service usage data: credit balances, payment state, anti-abuse and rate-limit signals, and operational logs.
• Uploaded images: images you submit for scan or protection processing.

3. How We Process Images

When you upload an image, we process it to run scan and/or protection workflows and return results to you.

• Images are processed on Google Cloud infrastructure.
• We do not use customer images to train AI models.
• We do not create or store biometric templates intended for identity matching.
• Original and processed image artifacts are automatically removed after the retention window used for workflow completion and reliability.

4. Account-Based Credits

Purchased credits are linked to your signed-in account. Credits may not follow across accounts. We may store technical signals (such as device or request identifiers) for abuse prevention and system integrity.

5. How We Use Information

• Provide scan and protection services.
• Process payments and manage account credits.
• Detect fraud, abuse, and security issues.
• Comply with legal obligations and enforce our Terms.
• Send operational notifications you request (for example, protection lifecycle updates).

6. Sharing and Subprocessors

We do not sell personal information. We share data only with trusted service providers needed to operate the service, including:

• Google Cloud (hosting, processing, storage).
• Stripe (payment processing and fraud checks).
• Analytics and operational tooling providers used for product and reliability monitoring.

7. Data Retention

We retain different categories of data for different periods:

• Image artifacts: short-lived retention tied to processing workflows.
• Account and payment records: retained as needed for billing, fraud prevention, and compliance.
• Security and abuse logs: retained for operational defense and legal obligations.

8. Security

We use technical and organizational safeguards, including encryption in transit, controlled service access, and production security controls designed to reduce unauthorized access and misuse.

9. Your Rights and Choices

Depending on your jurisdiction, you may have rights to access, correct, delete, or receive a copy of personal data, and to object to certain processing. You may request account data updates or deletion by contacting us.

10. Children's Privacy

Our service is not directed to children under 13, and we do not knowingly collect personal data from children under 13.

11. International Transfers

If you access the service from outside the United States, your data may be processed in the United States or other jurisdictions where our providers operate.