Privacy Policy — ClickProbe
Zur deutschen FassungWho we are
ClickProbe is operated by kenaro GmbH, a German limited-liability company based in Frankenthal, Germany. Contact: privacy@clickprobe.ai.
What data we hold
Account data (name, email), billing data (via Stripe — we never see your card number), session artefacts (screenshots, DOM snapshots used by the AI to explore your app), and access logs.
Subprocessors
| Subprocessor | Purpose | Data categories | Transfer mechanism |
|---|---|---|---|
| Anthropic PBC (USA) | AI inference (screenshots + DOM snapshots) | Screenshots, DOM snapshots, session context | SCCs + EU Data Processing Addendum |
| MailJet (France) | Transactional email | Email address, email content | EU internal |
| Hetzner Online GmbH (Germany) | Hosting | Account data, session data, logs | EU internal, DE |
| Stripe Payments Europe Ltd. (Ireland) | Payment processing | Name, email, billing address (card data held by Stripe) | EU internal |
| Functional Software, Inc. — Sentry (EU region, Frankfurt) | Error tracking | Stack traces, HTTP request metadata, account ID (ULID), release SHA, user-agent | EU data residency (Frankfurt); SCCs for US parent |
| Grafana Labs (EU region Frankfurt) | Log aggregation (Loki) + on-call alerting | Structured JSON server logs (ts, level, service, account_id, session_id, msg), alert payloads | EU internal (Frankfurt); SCCs for US parent |
Data categories we process
Account data (email, name, password hash). Billing data (name, email, invoice address; card data held by Stripe). Exploration artefacts (screenshots, DOM snapshots, URL lists, session logs from the tested app). Proxy client tokens: when you run clickprobe-proxy login on a device, we store an access token and refresh token identifying that device as SHA-256 hashes — the plaintext never leaves your device; tokens expire after 90 days or when you revoke them. Telemetry data: error stack traces (Sentry EU), structured server logs (Grafana Cloud EU/Loki).
How long we keep it
Account data: 30 days after cancellation. Billing records: 10 years (German statutory requirement). Session artefacts: 90 days rolling. Error events (Sentry): 90 days. Server logs (Grafana Cloud EU / Loki): 30 days.
Your rights
Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Email privacy@clickprobe.ai. We respond within 30 days.
No tracking cookies
We use Plausible Analytics (EU-hosted, cookieless). No tracking cookies, no third-party ad networks, no fingerprinting.
International transfers
Anthropic (USA) receives screenshots and DOM snapshots for AI processing, covered by Standard Contractual Clauses (SCCs) and Anthropic’s EU Data Processing Addendum. Sentry and Grafana Labs process data within EU data centres (Frankfurt); SCCs cover their US parent companies.
Questions
privacy@clickprobe.ai. Supervisory authority: LfDI Rheinland-Pfalz (lfdi.rlp.de).