Privacy Policy
Last updated: 17 January 2026
1. Introduction
Host Engineering LTD ("we", "us", "our") operates KlaroSkope.com, a script deobfuscation platform for security professionals. We are committed to protecting your privacy and processing your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy explains how we collect, use, and protect information when you use our service.
2. No External AI Processing
We do NOT transmit your submitted samples or analysis data to any external artificial intelligence services, large language models, or third-party machine learning platforms.
All analysis is performed using our proprietary, self-hosted deobfuscation engine. We understand the sensitivity of malware samples and the confidentiality requirements of security operations. Your submissions are never sent to OpenAI, Anthropic, Google, Microsoft, or any other external AI provider.
3. Data Controller
The data controller for information collected through KlaroSkope.com is:
Host Engineering LTD
United Kingdom
Email: contact@klaroskope.com
4. Information We Collect
4.1 Account Information
When you create an account, we collect:
- Email address
- Name (if provided)
- Authentication credentials (securely managed)
- Subscription tier and billing information
4.2 Submission Data
When you submit files or scripts for analysis, we process:
- The submitted content (scripts, files, code snippets)
- Analysis results (decoded content, IOCs, quality scores)
- Submission metadata (timestamp, file size, file type)
Important: Submitted malware samples may contain sensitive information including credentials, internal network details, or proprietary data. You are solely responsible for ensuring you have authorization to submit such samples and for any consequences arising from their submission. We process this data solely for analysis purposes and accept no liability for the content of submissions.
4.3 Technical Data
We automatically collect:
- IP address (for security and rate limiting)
- Browser type and version
- Device fingerprint hash (for anonymous usage limits)
- Usage patterns and timestamps
5. Anonymization and Engine Improvement
To improve our deobfuscation engine, we may use anonymized data derived from submissions. This process involves:
- Complete anonymization: All personally identifiable information, account associations, IP addresses, and submission metadata are permanently stripped before any data is used for engine improvement
- Pattern extraction only: We extract obfuscation patterns and decoder chain sequences, not the actual content or payloads of your submissions
- No reconstruction possible: Anonymized data cannot be traced back to your account, organization, or original submission
- Statistical aggregation: Data is aggregated across thousands of samples to identify trends, never analyzed individually
You may opt out of contributing anonymized data to engine improvement by contacting contact@klaroskope.com. Opting out does not affect your access to the Service.
6. Air-Gapped Deployment (Operations Tier)
For organizations requiring absolute data isolation, we offer air-gapped on-premises deployment through our Operations tier.
Zero data egress guarantee: With an air-gapped deployment, not a single byte of your data leaves your controlled environment. The entire KlaroSkope engine runs within your infrastructure with no network connectivity to our servers or any external services.
- Suitable for classified environments (SCIF, IL4+, FedRAMP)
- No telemetry, analytics, or usage data collection
- No license phone-home or activation servers
- Complete offline operation
- Your data never touches our infrastructure
Contact contact@klaroskope.com for Operations tier inquiries.
7. Legal Basis for Processing
We process your data based on the following legal grounds under UK GDPR:
| Purpose | Legal Basis |
|---|---|
| Providing the analysis service | Contract performance (Article 6(1)(b)) |
| Processing payments | Contract performance (Article 6(1)(b)) |
| Security and fraud prevention | Legitimate interests (Article 6(1)(f)) |
| Anonymized engine improvement | Legitimate interests (Article 6(1)(f)) |
| Marketing communications | Consent (Article 6(1)(a)) |
8. Data Retention
We retain your data for the following periods:
- Account data: Until account deletion, plus 30 days
- Submission data: 90 days from submission, then automatically deleted
- Analysis results: 90 days, accessible via your dashboard
- Billing records: 7 years (UK legal requirement)
- Security logs: 12 months
- Anonymous usage fingerprints: 1 year
- Anonymized pattern data: Indefinitely (non-personal data)
You can request deletion of your personal data at any time by contacting contact@klaroskope.com. Anonymized data that has already been processed cannot be deleted as it is no longer associated with you.
9. Data Sharing and Processors
We use carefully selected third-party service providers to help deliver the Service. These providers are contractually bound to protect your data and process it only as instructed by us.
Our key processors include:
Cloudflare, Inc.
Purpose: Content delivery network (CDN), DDoS protection, DNS services, and edge computing infrastructure.
Data processed: IP addresses, request metadata, browser information for security and performance optimization.
Cloudflare Privacy Policy →Stripe, Inc.
Purpose: Payment processing and subscription management.
Data processed: Payment card details, billing address, email address. Note: We never see or store your full card number. Stripe handles all payment card data directly.
Stripe Privacy Policy →Clerk, Inc.
Purpose: User authentication and account management.
Data processed: Email address, name (if provided), authentication tokens and session data.
Clerk Privacy Policy →All providers listed above are committed to GDPR and UK GDPR compliance and maintain appropriate data protection measures.
Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs).
Important: We do NOT share submission data with these processors.
Submission data and analysis results are processed only on our self-hosted infrastructure and are never transmitted to authentication, payment, or content delivery providers. These processors only handle their specific functions, not your malware samples.
We do not sell your personal data to third parties. We do not share individual submission data with any external parties under any circumstances.
10. Your Rights
Under UK GDPR, you have the following rights:
- Right of access: Request a copy of your personal data
- Right to rectification: Correct inaccurate personal data
- Right to erasure: Request deletion of your personal data
- Right to restrict processing: Limit how we use your data
- Right to data portability: Receive your data in a machine-readable format
- Right to object: Object to processing based on legitimate interests
- Rights related to automated decision-making: Not applicable (we do not make automated decisions with legal effects)
To exercise any of these rights, contact us at contact@klaroskope.com. We will respond within one month.
11. Cookies and Tracking
We use essential cookies for:
- Authentication session management
- Security tokens and CSRF protection
- User preferences
We do not use advertising cookies, third-party tracking pixels, or analytics platforms that share data with advertisers. We do not participate in cross-site tracking or data broker networks.
For traffic measurement we use Cloudflare Web Analytics, which is privacy-first and cookieless. It sets no cookies, uses no cross-site identifier, and does not share your data with advertisers or data brokers. Because it stores nothing on your device, it requires no cookie consent.
12. Security
We implement appropriate technical and organizational measures to protect your data, including:
- TLS encryption for all data in transit
- Encryption at rest for stored data
- Network isolation for analysis containers
- Rate limiting and DDoS protection
- Regular security audits
- Access controls and audit logging
If you discover a security vulnerability, please report it to security@klaroskope.com.
No security guarantee: While we implement industry-standard security measures, no system is completely secure. We cannot and do not guarantee that your data will never be accessed, disclosed, altered, or destroyed by breach of our safeguards. You use the Service at your own risk.
13. Children's Privacy
KlaroSkope is a professional security tool not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will delete it promptly.
14. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by email or through a notice on our website. The "Last updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.
15. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom
Tel: 0303 123 1113
Website: ico.org.uk
16. Contact Us
For privacy-related inquiries or to exercise your rights, contact us at:
Email: contact@klaroskope.com