Privacy & how this works

Bot-detection for tracked links (email, web). technical docs

What this service does

This service helps a website/email sender know whether a link was opened by a real person or by an automated bot (email security scanners, link-preview bots, crawlers, headless browsers on datacenters). When a tracked link or page is loaded, we compute a fingerprint of the request to classify it as human vs bot — we are not interested in identifying you personally.

What is processed

Network fingerprint: JA4 (TLS) and JA4H (HTTP) — derived from how your client connects, not from your identity.
Request metadata: HTTP headers, declared User-Agent, approximate location (country/ASN from your IP), and a bot-likelihood score.
Browser profile (only if JavaScript runs): GPU, screen, timezone, and signals used to detect automation (headless, webdriver, software GPU…).

Privacy by design

IP minimisation: residential IP addresses are truncated (IPv4 → /16, i.e. the last 2 octets removed; IPv6 → /32) — we keep the network/ASN, not your exact address. We also anonymise the JA4/JA4H fingerprints and proxy headers for residential visitors. Datacenter IPs (bots, not persons) are kept to identify the bot operator.
Short retention: residential data is automatically deleted after 30 days.
EU hosting: data is stored on a server located in France (OVH).
Purpose limitation: data is used only for bot/abuse detection (legitimate interest, security), never sold.

Your rights (GDPR)

You can request deletion of the data associated with your IP. Your IP is currently stored as 216.73.216.194.

For access, rectification, or any other request, email contact@gottaphish.com.

Data controller / processor and full legal terms are defined with each website operator embedding this service. Questions: contact@gottaphish.com.