brickwall is a bot verification service. when a visitor lands on a site that uses brickwall, they're briefly redirected to a challenge page hosted by us, then returned to the site they came from. this policy explains what we collect during that process and why.
when someone passes through a brickwall challenge, we log the following:
country — derived from the visitor's ip address at the time of the request. the ip itself is not stored.
detection result — whether the visitor was identified as a human, a known crawler, a headless browser, a vpn, or a tor exit node.
status — whether they passed, were blocked, or were flagged.
timestamp — when the request happened.
that's all that's recorded. ip addresses are used transiently during the request to run checks (rate limiting, tor detection, vpn detection) and are not written to the database.
browser fingerprinting is used during the challenge itself to detect automation tools. this data is not stored anywhere — it's used only to make a pass or block decision in the moment.
site owners can view their request log in the dashboard. the log shows country, detection result, status, and timestamp for each request to their site. nothing else. they cannot see ip addresses or any other identifying information.
the admin panel shows aggregate counts only — total users, total sites, total requests. it does not surface request details, ip addresses, or any visitor data. server logs are limited to errors, warnings, and port activity.
we use render for servers and for deploying this site. please read render's privacy policy.
when you register an account, we store your name, email address, and a hashed password. we also store the sites you add, your settings, and your request history.
we use an http-only session cookie (bw_session) to keep you logged in. this cookie is strictly functional and does not track you across other sites.
after passing a challenge, a signed verification token (JWT) is stored in the visitor's localStorage under a key scoped to your site. this token is used on return visits to skip the challenge. it contains the site id and an expiry time — nothing personal. it expires and is cleared based on the ttl set by the site owner (default 24 hours).
we don't share data with third parties. we don't use analytics, advertising, or tracking services. brickwall is currently hosted on render.
request logs are kept until you delete your site or account. deleting your account removes everything — your profile, all your sites, all associated request history.
if you have an account, you can delete it at any time from the dashboard. this permanently removes all data associated with your account. if you have other questions or requests about your data, contact us at hi@brickwall.onrender.com.
if we make meaningful changes, we'll update the date at the top of this page. we won't change how we handle existing data without giving notice first.
questions about privacy? reach us at hi@brickwall.onrender.com.