Privacy Policy

Last updated: 17 January 2026

1. Introduction

Host Engineering LTD ("we", "us", "our") operates KlaroSkope.com, a script deobfuscation platform for security professionals. We are committed to protecting your privacy and processing your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy explains how we collect, use, and protect information when you use our service.

2. No External AI Processing

We do NOT transmit your submitted samples or analysis data to any external artificial intelligence services, large language models, or third-party machine learning platforms.

All analysis is performed using our proprietary, self-hosted deobfuscation engine. We understand the sensitivity of malware samples and the confidentiality requirements of security operations. Your submissions are never sent to OpenAI, Anthropic, Google, Microsoft, or any other external AI provider.

3. Data Controller

The data controller for information collected through KlaroSkope.com is:

Host Engineering LTD
United Kingdom
Email: contact@klaroskope.com

4. Information We Collect

4.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Authentication credentials (securely managed)
  • Subscription tier and billing information

4.2 Submission Data

When you submit files or scripts for analysis, we process:

  • The submitted content (scripts, files, code snippets)
  • Analysis results (decoded content, IOCs, quality scores)
  • Submission metadata (timestamp, file size, file type)

Important: Submitted malware samples may contain sensitive information including credentials, internal network details, or proprietary data. You are solely responsible for ensuring you have authorization to submit such samples and for any consequences arising from their submission. We process this data solely for analysis purposes and accept no liability for the content of submissions.

4.3 Technical Data

We automatically collect:

  • IP address (for security and rate limiting)
  • Browser type and version
  • Device fingerprint hash (for anonymous usage limits)
  • Usage patterns and timestamps

5. Anonymization and Engine Improvement

To improve our deobfuscation engine, we may use anonymized data derived from submissions. This process involves:

  • Complete anonymization: All personally identifiable information, account associations, IP addresses, and submission metadata are permanently stripped before any data is used for engine improvement
  • Pattern extraction only: We extract obfuscation patterns and decoder chain sequences, not the actual content or payloads of your submissions
  • No reconstruction possible: Anonymized data cannot be traced back to your account, organization, or original submission
  • Statistical aggregation: Data is aggregated across thousands of samples to identify trends, never analyzed individually

You may opt out of contributing anonymized data to engine improvement by contacting contact@klaroskope.com. Opting out does not affect your access to the Service.

6. Air-Gapped Deployment (Operations Tier)

For organizations requiring absolute data isolation, we offer air-gapped on-premises deployment through our Operations tier.

Zero data egress guarantee: With an air-gapped deployment, not a single byte of your data leaves your controlled environment. The entire KlaroSkope engine runs within your infrastructure with no network connectivity to our servers or any external services.

  • Suitable for classified environments (SCIF, IL4+, FedRAMP)
  • No telemetry, analytics, or usage data collection
  • No license phone-home or activation servers
  • Complete offline operation
  • Your data never touches our infrastructure

Contact contact@klaroskope.com for Operations tier inquiries.

7. Legal Basis for Processing

We process your data based on the following legal grounds under UK GDPR:

PurposeLegal Basis
Providing the analysis serviceContract performance (Article 6(1)(b))
Processing paymentsContract performance (Article 6(1)(b))
Security and fraud preventionLegitimate interests (Article 6(1)(f))
Anonymized engine improvementLegitimate interests (Article 6(1)(f))
Marketing communicationsConsent (Article 6(1)(a))

8. Data Retention

We retain your data for the following periods:

  • Account data: Until account deletion, plus 30 days
  • Submission data: 90 days from submission, then automatically deleted
  • Analysis results: 90 days, accessible via your dashboard
  • Billing records: 7 years (UK legal requirement)
  • Security logs: 12 months
  • Anonymous usage fingerprints: 1 year
  • Anonymized pattern data: Indefinitely (non-personal data)

You can request deletion of your personal data at any time by contacting contact@klaroskope.com. Anonymized data that has already been processed cannot be deleted as it is no longer associated with you.

9. Data Sharing and Processors

We use carefully selected third-party service providers to help deliver the Service. These providers are contractually bound to protect your data and process it only as instructed by us.

Our key processors include:

Cloudflare, Inc.

Purpose: Content delivery network (CDN), DDoS protection, DNS services, and edge computing infrastructure.

Data processed: IP addresses, request metadata, browser information for security and performance optimization.

Cloudflare Privacy Policy →

Stripe, Inc.

Purpose: Payment processing and subscription management.

Data processed: Payment card details, billing address, email address. Note: We never see or store your full card number. Stripe handles all payment card data directly.

Stripe Privacy Policy →

Clerk, Inc.

Purpose: User authentication and account management.

Data processed: Email address, name (if provided), authentication tokens and session data.

Clerk Privacy Policy →

All providers listed above are committed to GDPR and UK GDPR compliance and maintain appropriate data protection measures.

Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs).

Important: We do NOT share submission data with these processors.

Submission data and analysis results are processed only on our self-hosted infrastructure and are never transmitted to authentication, payment, or content delivery providers. These processors only handle their specific functions, not your malware samples.

We do not sell your personal data to third parties. We do not share individual submission data with any external parties under any circumstances.

10. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate personal data
  • Right to erasure: Request deletion of your personal data
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Rights related to automated decision-making: Not applicable (we do not make automated decisions with legal effects)

To exercise any of these rights, contact us at contact@klaroskope.com. We will respond within one month.

11. Cookies and Tracking

We use essential cookies for:

  • Authentication session management
  • Security tokens and CSRF protection
  • User preferences

We do not use advertising cookies, third-party tracking pixels, or analytics platforms that share data with advertisers. We do not participate in cross-site tracking or data broker networks.

For traffic measurement we use Cloudflare Web Analytics, which is privacy-first and cookieless. It sets no cookies, uses no cross-site identifier, and does not share your data with advertisers or data brokers. Because it stores nothing on your device, it requires no cookie consent.

12. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • TLS encryption for all data in transit
  • Encryption at rest for stored data
  • Network isolation for analysis containers
  • Rate limiting and DDoS protection
  • Regular security audits
  • Access controls and audit logging

If you discover a security vulnerability, please report it to security@klaroskope.com.

No security guarantee: While we implement industry-standard security measures, no system is completely secure. We cannot and do not guarantee that your data will never be accessed, disclosed, altered, or destroyed by breach of our safeguards. You use the Service at your own risk.

13. Children's Privacy

KlaroSkope is a professional security tool not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will delete it promptly.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through a notice on our website. The "Last updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

15. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom

Tel: 0303 123 1113
Website: ico.org.uk

16. Contact Us

For privacy-related inquiries or to exercise your rights, contact us at:

Email: contact@klaroskope.com