Last Updated: March 16, 2026

1. Introduction & Identity of the Data Controller

Welcome to Phantom Kit. We take your privacy seriously and are committed to protecting your personal data. This Privacy Policy (“Policy”) explains how Phantom Kit (“we,” “our,” or “us”) collects, uses, shares, and protects information about you when you use our website, software, APIs, cloud features, documentation, and support services (collectively, the “Services”).

For the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR), we act as the Data Controller for the personal data collected in connection with the Services.

2. Scope and Applicability

This Policy applies to all users of the Phantom Kit Services, including individual users, team members, and enterprise customers. By accessing or using our Services, you acknowledge that you have read and understood this Policy. If you do not agree with our data practices as described below, please do not use the Services.

This Policy does not apply to third-party services, applications, or websites that you may access through Phantom Kit. The processing of data by those third parties is governed by their respective privacy policies.

3. Information We Collect

We collect various types of information to provide, secure, and improve our Services. The data we collect depends on how you interact with Phantom Kit and may include:

3.1 Account data

To create an account and provide our Services, we collect your email address, username, and password (stored in a hashed format). If you use optional profile features, we may collect your name or team alias.

3.2 Usage and telemetry data

We automatically collect diagnostic and usage information when you use the Software. This includes feature usage statistics, error logs, crash reports, workflow execution status, and performance metrics. This data helps us troubleshoot issues and improve the stability of our Services.

3.3 Payment data

When you purchase a subscription, payment information is processed securely by our third-party payment providers. We do not store full credit card numbers or cryptocurrency wallet private keys. We only retain billing records, transaction history, and subscription status.

3.4 Device and browser metadata

To ensure the correct functioning of our antidetect features and hardware correlation, we may collect technical metadata about the device you use to run the Phantom Kit application. This includes operating system version, hardware architecture, and IP address used to connect to our infrastructure.

3.5 Communications data

When you contact our support team, provide feedback, or communicate with us through any channel, we collect the contents of your messages, attachments, and your contact details to respond effectively.

3.6 Cookies and tracking technologies

Our website uses cookies and similar tracking technologies to maintain your session, remember your preferences (such as language), and analyze site traffic. For more details, please see Section 5 below.

4. How We Use Your Information

We use the information we collect for the following purposes, relying on the specified lawful bases under the GDPR (Article 6):

  • To provide and maintain the Services: Creating your account, authenticating your logins, syncing your profiles, and delivering customer support. (Lawful Basis: Performance of a Contract)
  • To process payments: Facilitating subscription billing and managing account limits. (Lawful Basis: Performance of a Contract)
  • To improve our Services: Analyzing usage trends, identifying bugs, and developing new features like enhanced fingerprinting techniques or automation nodes. (Lawful Basis: Legitimate Interests)
  • To communicate with you: Sending important administrative messages, security alerts, updates to our Terms of Use, and support responses. (Lawful Basis: Performance of a Contract / Legitimate Interests)
  • For marketing (with your consent): Sending promotional emails or newsletters about new features. You may opt-out at any time. (Lawful Basis: Consent)
  • To ensure security and prevent fraud: Detecting unauthorized access, preventing abuse of our infrastructure, and investigating violations of our Terms of Use. (Lawful Basis: Legitimate Interests / Legal Obligation)

5. Cookies & Tracking Technologies

We use cookies to ensure the basic functionality of our website and to enhance your user experience. These include:

  • Essential Cookies: Required for core site functionality, such as user authentication and security.
  • Preference Cookies: Used to remember your choices, such as your selected language locale and currency display preferences.
  • Analytics Cookies: Used in an aggregated, anonymized manner to understand how visitors interact with our website.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept essential cookies, you may not be able to use certain parts of our Services.

6. Sharing & Disclosure of Information

We do not sell your personal data. We only share your information in the following limited circumstances:

6.1 Sub-processors and third-party services

We engage trusted third-party service providers to assist us in operating our Services. These include:

  • Cloud hosting providers (for secure data storage and profile sync)
  • Payment processors (for billing and subscription management)
  • Customer support platforms (for managing help desk tickets)
  • Email delivery services (for transactional and verification emails)

These sub-processors are contractually bound to protect your data and only process it according to our instructions.

We may disclose your information if required to do so by law, court order, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a legal process.

6.3 Business transfers

If we are involved in a merger, acquisition, restructuring, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you of any change in ownership or policy.

7. International Data Transfers

Phantom Kit operates globally, and your data may be transferred to, stored, or processed in countries other than your own. When we transfer personal data originating from the European Economic Area (EEA), the UK, or Switzerland to countries that do not have an adequacy decision, we rely on legally approved transfer mechanisms, such as the Standard Contractual Clauses (SCCs), to ensure your data remains protected to the required standards.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law (such as for tax, accounting, or legal compliance).

  • Account Data: Retained for the duration of your active account. If you delete your account, we will securely delete or anonymize your data within 30 days.
  • Support Communications: Retained to assist with future inquiries and improve our service.
  • Usage Data: Aggregated or anonymized usage data may be retained indefinitely for analytical purposes.

9. Your Rights

Depending on your location, you have specific rights regarding your personal data.

9.1 GDPR Rights (For users in the EEA/UK)

  • Access: The right to request a copy of the personal data we hold about you.
  • Rectification: The right to request the correction of inaccurate or incomplete data.
  • Erasure (“Right to be Forgotten”): The right to request the deletion of your personal data under certain conditions.
  • Portability: The right to receive your data in a structured, machine-readable format.
  • Objection & Restriction: The right to object to or request the restriction of processing of your data, particularly for direct marketing.

9.2 CCPA Rights (For California Residents)

  • The right to know what personal information is collected, used, shared, or sold.
  • The right to delete personal information held by us.
  • The right to opt-out of the sale of personal information (Note: We do not sell your personal information).
  • The right to non-discrimination for exercising your CCPA rights.

9.3 How to exercise your rights

To exercise any of these rights, please contact our Data Protection Officer at privacy@phantomkit.io. We will respond to your request within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before fulfilling your request.

10. Children’s Privacy

Phantom Kit Services are not intended for or directed at children under the age of 16 (or 13, depending on the jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete such information. If you believe a child has provided us with personal data, please contact us immediately.

11. Security Measures

We implement robust technical and organizational measures designed to protect your personal data against accidental loss, unauthorized access, alteration, or disclosure. These measures include data encryption in transit and at rest, secure authentication protocols, and regular security audits. However, no internet transmission or electronic storage is 100% secure, and we cannot guarantee absolute security.

12. Third-Party Links & Services

Our Services may contain links to third-party websites or integrate with third-party tools. This Privacy Policy does not apply to those external services. We encourage you to read the privacy statements of any third-party websites you visit, as we are not responsible for their privacy practices.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by updating the “Last Updated” date at the top of this Policy and, where required, through direct communication via email or an in-app notice. Your continued use of the Services after the effective date of the revised Policy constitutes your acceptance of the changes.

14. Contact Information & DPO Details

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

By Email: privacy@phantomkit.io Data Protection Officer (DPO): dpo@phantomkit.io **Phantom Kit Privacy Team

If you are located in the EEA, you also have the right to lodge a complaint with your local supervisory authority if you believe our processing of your personal data violates applicable law.

For information regarding the rules governing the use of our software, please refer to our Terms of Use.