Privacy Policy

Last updated: 21 April 2026

StyloBot is operated by Mostlylucid Ltd, a company registered in Scotland, United Kingdom. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

Mostlylucid Ltd is the data controller for personal data collected through stylobot.net and related services. Contact: [email protected].

2. What We Collect

  • Account information: email address, name, and organisation name when you sign up.
  • Billing information: processed and stored by Stripe; we do not store card numbers.
  • Usage data: domain names, request counts, detection events, and dashboard interactions.
  • Technical data: HMACed identifiers derived from values such as IP addresses, PII-stripped user agents, browser type, and operating system for security, diagnostics, parsing, and detection analytics.

3. Lawful Basis for Processing

  • Contract: processing necessary to provide the StyloBot service you subscribe to.
  • Legitimate interests: security monitoring, fraud prevention, and service improvement.
  • Consent: marketing communications (you can withdraw consent at any time).

4. How We Use Your Data

  • Providing and maintaining the StyloBot bot-detection service.
  • Processing payments and managing your subscription.
  • Sending transactional emails (invoices, security alerts, service updates).
  • Improving detection accuracy, parser quality, dashboard grouping, and service reliability.

5. Data Sharing

We share personal data only with:

  • Stripe -- payment processing.
  • Infrastructure providers (cloud hosting) -- under data processing agreements.

We do not sell personal data. We do not share data with advertisers.

6. Data Retention

Account data is retained while your subscription is active and for up to 12 months after cancellation for legal and accounting purposes. Detection telemetry uses HMACed identifiers and stripped user agents where needed for security analytics, and is aggregated or reduced within 90 days unless a customer configuration requires a different retention period.

7. International Transfers

Data may be processed outside the UK where our infrastructure providers operate. All transfers are protected by appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

8. Your Rights

Under UK GDPR you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

9. Complaints

If you are unsatisfied with our response, you may lodge a complaint with the Information Commissioner's Office (ICO).

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a prominent notice on our website.