Privacy Policy

PayoutLab is a small affiliate review site. This page explains, in plain language, exactly what data is handled when you visit. If anything here is unclear, email contact@payoutlab.org and we'll do our best to explain.

Who we are

PayoutLab is an independent, non-commercial hobby project published by an individual based in Belgium. The site is not currently operated as a registered business and does not generate meaningful revenue. If that ever changes, this page will be updated to identify the legal entity responsible as the data controller.

For any data-protection question, the contact point is contact@payoutlab.org.

What we do NOT do

To get the most reassuring part out of the way first — we do not:

• Use any cookies of our own.
• Show ads or use advertising trackers (Google Ads, Meta Pixel, TikTok Pixel, etc.).
• Sell or share your personal data with anyone for marketing purposes.
• Run a newsletter, comment system, user accounts, or any form that asks you to enter personal details.
• Use AI, machine learning, or automated profiling to make decisions about you.

Because we don't set any cookies ourselves, you'll notice there is no cookie consent banner on this site. That is intentional and is compliant with the EU ePrivacy Directive — a banner is only required when a site sets non-essential cookies.

What is processed when you visit

Even without cookies, every website inevitably handles some data. Here is exactly what happens on PayoutLab.

Server logs (via Cloudflare)

The site is hosted on Cloudflare Pages, with Cloudflare also acting as our CDN and security provider. When you load a page, Cloudflare records standard server-log information: your IP address, browser type (user agent), the URL you requested, the referring URL, and a timestamp. This is used to deliver the page, block abusive traffic, and identify security incidents.

• Legal basis: legitimate interest (GDPR Art. 6(1)(f)) — keeping the site online and secure.
• Retention: Cloudflare retains these logs for a short period (typically up to 7 days) before discarding them. See Cloudflare's privacy policy.

Privacy-friendly analytics (via Umami Cloud)

We use Umami Cloud to count visits and see which pages are popular. Umami does not use cookies, browser storage, or any persistent identifier on your device. It briefly hashes your IP address and user agent on the server to count daily unique visitors, then discards both — no individual person can be re-identified from what is stored.

What Umami records, in aggregate:

• Pageview counts per URL
• Approximate country (derived from IP, before the IP is discarded)
• Browser type, operating system, device category (desktop / mobile / tablet)
• Referrer URL (which site linked you to us)

What Umami does not record: your full IP, your exact location, your name, email, any device fingerprint, or any activity on other sites.

• Legal basis: legitimate interest (GDPR Art. 6(1)(f)). Privacy-by-design analytics tools such as Umami are recognised by EU data protection authorities (including France's CNIL) as exempt from prior consent requirements.
• Retention: Umami Cloud retains aggregate data for the duration of our account. See Umami's privacy policy.

Email correspondence (via Cloudflare Email Routing)

If you email contact@payoutlab.org, your message is forwarded through Cloudflare Email Routing to a personal mailbox. Cloudflare processes the email's envelope (sender, recipient, subject, body) only for the time needed to forward it. The receiving mailbox is provided by Google, which processes the message under its own privacy terms.

• Legal basis: the necessity of responding to a communication you initiated, and our legitimate interest in operating a contact channel.
• Retention: we keep email correspondence only for as long as needed to resolve your enquiry, then delete it.

When you click an affiliate link

PayoutLab is monetised through referral links — see our affiliate disclosure. When you click a referral button (clearly marked "Try X" or similar), you leave PayoutLab and arrive at the partner's site (Swagbucks, Freecash, Honeygain, and so on). From that point on, the partner sets its own cookies and tracks your activity, including the fact that you arrived from PayoutLab.

We do not control what happens on a partner's site. Their data practices are governed by their own privacy policies, which we recommend reading before signing up. If you do not wish to be tracked by a partner, do not click their referral link — visit the partner's site directly instead.

The only data we receive back is aggregate commission information (e.g. "30 sign-ups this month") from the affiliate network. We never receive your name, email, or any other identifying information.

International data transfers

Our service providers (Cloudflare and Umami Cloud) are headquartered in the United States and may process data on servers located outside the European Economic Area. Both companies handle such transfers under the European Commission's Standard Contractual Clauses (SCCs) — the standard GDPR-approved mechanism for international transfers — and Cloudflare additionally adheres to the EU–US Data Privacy Framework.

Your rights under GDPR

As an EU resident, you have the following rights regarding any personal data we process about you:

• Right to access — request a copy of any data we hold about you.
• Right to rectification — ask us to correct inaccurate data.
• Right to erasure ("right to be forgotten") — ask us to delete data we hold.
• Right to restriction — ask us to pause processing while you contest something.
• Right to portability — receive your data in a portable format.
• Right to object — object to processing based on legitimate interest.
• Right to lodge a complaint with a supervisory authority. In Belgium, this is the Gegevensbeschermingsautoriteit / Autorité de protection des données — see gegevensbeschermingsautoriteit.be.

In practice, because we don't run user accounts or collect identifying information directly, we usually have nothing specific about you to access or delete. Most requests will be answered by us confirming that, plus pointing you to Cloudflare and Umami for their own controller-side requests if needed. To exercise any right, email contact@payoutlab.org. We will respond within 30 days, as required by law.

Children

PayoutLab is not directed at children under 16, and the apps we review have their own minimum age requirements. We do not knowingly process data from anyone under 16. If you believe a minor has been in contact with us, please email contact@payoutlab.org and we will investigate.

Security

The site is served over HTTPS only, with TLS provided by Cloudflare. Because we do not collect, store, or process identifying user data ourselves, there is no user database to breach. In the unlikely event of a security incident affecting personal data, we will notify the Belgian supervisory authority within 72 hours, as required by GDPR Article 33.

Changes to this policy

If we change how data is processed — for example by adding a new service, starting a newsletter, or registering as a commercial entity — this page will be updated and the "Last updated" date bumped. Significant changes will be flagged on the homepage for at least 30 days.

Questions

For anything privacy-related, contact contact@payoutlab.org.