Privacy Policy

We take your privacy seriously at Arkose Labs, Inc. and its affiliates (“Arkose Labs”). Please read this Privacy Policy to learn how we treat your personal data. By accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below.

Your use of the Services is at all times subject to our Terms of Use, which incorporates this Privacy Policy.

Table of Contents

• What this Privacy Policy Covers
• Categories of Personal Data We Collect
• Categories of Sources of Personal Data
• Our Commercial or Business Purposes for Collecting and Disclosing Personal Data
• How We Disclose Your Personal Data
• Tracking Tools, Advertising and Opt-Out
• Data Security
• Data Retention
• Personal Data of Children
• California Resident Rights
• Exercising Your Rights under CCPA and VCDPA
• Other State Law Privacy Rights
• European, UK and Swiss Data Subject Rights
• Contact Information

What this Privacy Policy Covers

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws.

Categories of Personal Data We Collect

The personal data we collect falls into the following categories:

• Profile or Contact Data — name, email, phone, company, job title.
• Device / IP Data — IP address, device identifiers, browser type, operating system, language, time zone.
• Web Analytics — pages viewed, referring URLs, links clicked, time on page.
• Authentication Data — account credentials and session tokens (where applicable).
• Service-specific Telemetry — behavioral and device signals used by Arkose products to detect bot and fraud activity, processed on behalf of our enterprise customers as a service provider / processor.
• Communication Records — messages you send to us via support, sales or contact forms.

We process Personal Data of our customers’ end users solely on behalf of, and in accordance with, our enterprise customers. With respect to those production services, you acknowledge that Arkose Labs is a “service provider” or “processor” under the CCPA and the GDPR / UK GDPR respectively.

Categories of Sources of Personal Data

• You — when you provide information directly to us through forms, surveys, contact requests, or as part of using our Services.
• Automatic collection — through cookies, pixels, and similar technologies when you use our website or services.
• Third parties — analytics providers, lead-generation partners, advertising partners, data suppliers, and customer-support vendors.

Our Commercial or Business Purposes for Collecting Personal Data

• Providing, customizing and improving the Services.
• Marketing and selling the Services.
• Corresponding with you in response to requests.
• Fraud protection, security and debugging.
• Meeting legal requirements and enforcing legal terms.

How We Disclose Your Personal Data

We disclose Personal Data to the following categories of recipients only when reasonably necessary: service providers (cloud hosting, analytics, support), advertising partners (with opt-out where required), business partners (e.g. resellers), legal advisors, and government authorities or law-enforcement when legally required.

We do not sell personal data, and we have not done so in the preceding 12 months.

Tracking Tools, Advertising and Opt-Out

We use cookies and similar technologies to make our website function, measure performance, and personalize content. You can manage cookie preferences via the cookie banner on arkoselabs.com, or via your browser settings. We honor the Global Privacy Control (GPC) signal where applicable.

Data Security

We employ administrative, technical and physical safeguards designed to protect Personal Data, including encryption in transit (TLS 1.3) and at rest (AES-256), least-privilege access controls, and 24/7 security monitoring. No security program is impenetrable; please report suspected vulnerabilities to security@arkoselabs.com.

Data Retention

We retain Personal Data only as long as needed for the purposes described above, to comply with legal obligations, resolve disputes, and enforce agreements. Detailed retention schedules apply by data category.

Personal Data of Children

Our Services are not directed to children under 16. We do not knowingly collect Personal Data from children under 16. If you believe we have collected such data, contact privacy@arkoselabs.com and we will delete it.

California Resident Rights

If you are a California resident, the CCPA and CPRA grant you rights including: the right to know, the right to delete, the right to correct, the right to opt-out of sale/sharing (Arkose does not sell), the right to limit use of sensitive personal information, and the right to non-discrimination.

Exercising Your Rights under CCPA and VCDPA

To exercise any of your rights, submit a verifiable request to privacy@arkoselabs.com. We respond within the timelines required by law. We may need to verify your identity before fulfilling the request.

Other State Law Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have substantially similar rights. The same contact channel applies.

European, UK and Swiss Data Subject Rights

If you are in the EU, UK, EEA or Switzerland, GDPR / UK GDPR grants you rights of access, rectification, erasure, restriction, portability, objection, and to lodge a complaint with your local supervisory authority. Lawful bases include contract, legitimate interests, consent and legal obligation, as applicable.

Contact Information

For questions about this Privacy Policy or our data practices, please contact:

• Email: privacy@arkoselabs.com
• Mail: Arkose Labs, Inc., Attn: Privacy, 1900 S. Norfolk St., Suite 310, San Mateo, CA 94403, USA

© 2026 Arkose Labs. All rights reserved.