Privacy Policy

Last updated:

1. Who We Are

CledFind ("we", "our", "the service") is a consent-based browser device tracking utility. This Privacy Policy explains what data we collect, why we collect it, and how it is stored and protected.

2. Consent Is Mandatory

CledFind does not activate until the device owner explicitly reads and accepts the consent form on the home page. No data is collected, transmitted, or stored prior to that explicit consent action. By clicking "I Agree & Start Tracking," you confirm you are the legal owner of the device or have explicit authorization to track it.

3. Data We Collect

After consent, CledFind collects and transmits the following data to a secure server database:

• Geographic coordinates: Latitude and longitude, captured via the browser's Geolocation API (GPS) or IP-based geolocation as a fallback. We do not collect altitude, speed, heading, or address data.
• Device fingerprint (IMEI substitute): A unique identifier generated from non-personally-identifiable browser characteristics (canvas rendering, WebGL renderer string, screen metrics, timezone, platform, audio context). This fingerprint is not your device's hardware IMEI and cannot be used to identify you as an individual outside of the CledFind system.
• Timestamp: The server-side date and time when each location record is received.

We do not collect: your name, email address, phone number, photos, contacts, microphone audio, camera images, files, browsing history, or any other personal data.

4. How Data Is Stored

Location records are stored in a MySQL database on a cPanel-hosted server. The database is accessible only via the password-protected Owner Dashboard. Data is transmitted exclusively over HTTPS (TLS encryption in transit). The database is not publicly accessible and is protected by server-level firewall rules.

5. Local Storage on Your Device

CledFind stores the following data locally on your device:

• Your generated device fingerprint (in IndexedDB and localStorage) — used to maintain a consistent device identity across sessions.
• A consent flag (in IndexedDB and localStorage) — used to resume tracking on subsequent visits without requiring you to re-accept the consent form.
• Offline-cached location points (in IndexedDB) — temporarily stored when the device is offline, and automatically uploaded when connectivity is restored.

6. Background Processing

CledFind uses browser Service Workers, the Background Sync API, and (where supported) the Periodic Background Sync API to perform location updates every 5 minutes. This requires Notification permission, which the browser uses to determine whether a Service Worker may run in the background. You will receive a confirmation notification when CledFind is first activated. No unsolicited marketing or promotional notifications will ever be sent.

7. Data Retention

Location records are retained on the server indefinitely until manually deleted by the dashboard owner. You may request deletion of all records associated with your device fingerprint by contacting the service operator. Local device data can be removed at any time by clicking "Stop Tracking & Remove Data" on the CledFind home page, or by clearing your browser's site data in your browser settings.

8. Data Sharing

We do not sell, rent, license, or share your data with any third party for any purpose whatsoever. Your location data is accessible only to the authorized dashboard owner. We do not use your data for advertising, profiling, analytics resale, or any purpose other than device recovery.

9. Your Rights

• Right to withdraw consent: Click "Stop Tracking & Remove Data" at any time on the home page.
• Right to erasure: Contact the dashboard owner to request deletion of all server-side records.
• Right to access: You may request a copy of all data associated with your device fingerprint.
• Right to portability: Data can be exported in CSV or JSON format from the dashboard.

10. Security Measures

• All data transmission uses HTTPS/TLS.
• The PHP backend uses PDO prepared statements to prevent SQL injection.
• Rate limiting is enforced per IP address on the data ingestion endpoint.
• The dashboard login is protected by brute-force lockout (5 attempts = 15-minute block).
• Session cookies are set with HttpOnly, Secure, and SameSite=Strict flags.
• No sensitive error details are ever exposed in API responses.

11. Legal Use Only

CledFind is provided strictly for lawful, consent-based device self-tracking. Installing or activating CledFind on another person's device without their explicit, informed consent is illegal under computer fraud and privacy laws in most jurisdictions, including but not limited to the U.S. Computer Fraud and Abuse Act (CFAA), the UK Computer Misuse Act, the EU General Data Protection Regulation (GDPR), and equivalent laws worldwide. The service operator accepts no liability for illegal misuse of this software.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects when changes were last made. Continued use of CledFind after changes constitutes acceptance of the updated policy.

13. Contact

For data deletion requests, privacy questions, or to report misuse, please contact the service operator via the Owner Dashboard.