Check CPS Logo Check CPS
Log In

Privacy Policy

Last Updated: April 27, 2026

At Check CPS, we respect your privacy and are committed to fully explaining how we handle your personal data. This Privacy Policy (the "Policy") informs you how we process information about you on the website https://checkcps.com (the "Site").

1. Our Services and Scope of this Policy

The Site provides a suite of tools designed to test and improve your clicking speed and accuracy. Our primary service is the Click Speed Test (the "CPS Test"), which challenges you to click your mouse, trackpad or keyboard as fast as possible within a set time. The Site supports multiple test durations and may also offer additional tests or interactive features, such as double-click checks, spacebar counters, and typing tests (collectively, the "Services").

The data practices described in this Policy vary depending on how you use the Site, as a visitor or a registered user, and (should premium membership be introduced in the future) as a premium user, as described in Section 4.

This document describes the source and types of personal data we process, how we use that data, our legal basis for doing so, with whom we share it, and your rights and choices regarding your privacy.

2. Acknowledgment of the Policy

This Policy is provided to inform you of our data practices. Your use of the Site does not constitute consent to any processing that requires your explicit consent under applicable law; such consent is obtained separately where required.

If you do not agree with the processing activities described in this Policy, or if you do not wish to be bound by these practices, please refrain from accessing the Site or using the Services in any manner. Your continued interaction with our Services constitutes an acknowledgement of our data practices as outlined in this document.

3. Data Controller

The data controller for this Site is:

  • Legal Name: Check CPS, a sole proprietorship registered in the Republic of Turkey by Burak Özdemir.
  • Registered Country: Republic of Turkey
  • Operational Address: Calle Puerto 14, 5th floor, 29016, Málaga, Spain.
  • E-mail: support [at] checkcps [dot] com .

Check CPS is operated by a sole proprietor resident in Spain, an EU member state. For the purposes of the General Data Protection Regulation (GDPR), the controller's establishment is in Spain, and the competent supervisory authority for GDPR matters is the Spanish data protection authority (Agencia Española de Protección de Datos - AEPD), reachable at aepd.es. For matters governed by Turkish Law No. 6698 (KVKK), the competent authority is the Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu), reachable at kvkk.gov.tr.

4. Data Subjects

The scope of this Policy and the personal data we process depends on how you interact with the Site. Your user status determines what data is collected, where it is stored, and how it is used.

Visitors

Visitors may access and use the CPS Test and other features without creating an account. No account registration data is collected. Test results, click history, and high scores are stored locally in your browser via local storage and are never transmitted to our servers. Visitor scores are not eligible for public leaderboards, global rankings, or any competitive features. Because we have no server-side access to visitor data, our processing for this group is limited to server logs (collected automatically and mandatorily under Turkish Law No. 5651) and cookieless, anonymised analytics via Ahrefs. Local data is tied to your browser and device. It will be lost if you clear your cache or switch to a different device, and can be deleted at any time by clearing your browser cache.

Registered Users

Registered users create an account by providing an email address, username, and password, or by using a supported social login provider (currently Google), in which case we receive your email address and basic profile information (such as your name) from that provider as permitted by your privacy settings. We do not request, collect, or store your profile picture or avatar from any social login provider. Account data and verified test scores, settings, and history are transmitted to and stored on our servers (DigitalOcean infrastructure). This enables leaderboard participation, global rankings, and cross-device access to your history. Because scores are server-stored and verifiable, registered user scores are eligible for public leaderboards visible to all Site visitors. Our data processing for this group is broader: in addition to server logs and analytics, we process account registration data, server-stored scores, and account-related email communications such as verification messages and service notifications.

Premium Users

We do not currently offer a paid premium membership, and no premium user category exists as of the date of this Policy. We may, in the future, introduce an optional paid subscription that would allow registered users to remove advertisements and access exclusive features. If and when premium membership becomes available, all data practices applicable to registered users will apply equally to premium users. In addition, premium users would undergo a payment transaction processed exclusively by a third-party Merchant of Record (anticipated to be polar.sh). Check CPS would not directly handle or store payment card details or billing addresses; the billing relationship for subscription payments would be between you and the Merchant of Record. Premium status would be tied to your account and stored on our servers for as long as your subscription remained active. We will update this Policy before introducing premium membership, or before changing any Merchant of Record, so that you are informed in advance.

Children

The Site is not directed at children under the age of thirteen (13). We do not knowingly collect personal data from children under 13. If you are between 13 and 18 years of age, you may only use the Site under the supervision of a parent or legal guardian who agrees to be bound by our Terms of Service. If we become aware that we have collected personal data from a child under the age of 13, we will take steps to delete that data promptly. If you believe we may have collected data from a child under 13, please contact us at support [at] checkcps [dot] com .

5. Sources, Types, Purposes & Legal Basis of Personal Data Processing

We collect and process personal data through different methods depending on how you interact with our Site and Services. You can find the details about the source and type of the data we process, our purposes, and legal basis below:

Technical Server Logs (all users)

When you visit the Site, our server (Nginx) automatically collects certain technical information in log files. These technical server logs include your IP address, browser type, operating system, and timestamp of access.

These server logs are processed and stored to comply with our legal obligations under Turkish Law No. 5651 (Regulation of Publications on the Internet and Suppression of Crimes Committed by Means of Such Publications). In accordance with Law No. 5651, we are required to store these logs for at least one (1) year. Our legal basis is compliance with a legal obligation.

In addition, these server logs are processed to ensure the security and stability of the Site, detect and prevent DDoS attacks, identify malicious behavior, and troubleshoot technical problems. Our legal basis is legitimate interest since maintaining a secure platform is essential for our operations and your safety.

These logs are stored securely, are not used for marketing or analytics, and are only accessed for security investigations, to troubleshoot critical technical errors, or if required by a formal legal request from authorised government agencies. This data is stored within our DigitalOcean infrastructure. We use logrotate technology to ensure these logs are automatically deleted after the mandatory period of one (1) year.

Visitor Data (Local Storage)

When you use the Site as a visitor without logging in, your test results, click history, and high scores are stored locally on your device via your browser's local storage. We cannot access, see, or store this data on our servers. It remains entirely on your device. We process this locally stored data solely to display test results back to you within your browser session. Our legal basis is legitimate interest, as this processing is necessary for the Service to function. Visitor local storage data can be deleted at any time by clearing your browser cache.

Registered User Data (Server Storage)

If you are a registered user logged into your account, your scores, settings, and test history are transmitted to and stored on our servers (DigitalOcean infrastructure). This server-stored data enables leaderboard participation, global rankings, and cross-device access to your history. We process this data to provide leaderboard features, maintain your account, and display your scores and rankings to other users. Our legal basis is the performance of a contract. Registered users may delete their account and all associated server-stored data at any time through the account settings on the Site.

Account Registration Data

If you choose to create an account, we collect your email address, username, and password directly from you during registration. Passwords are stored in hashed form and are never held in plaintext. You may also register via a supported social login (currently Google), in which case we receive your email address and basic profile information (such as your name) from that provider, as permitted by your privacy settings on the relevant platform. We do not request, collect, or store your profile picture or avatar from any social login provider. Following registration, we process your email address to send an account verification message. Our legal basis for this processing is the performance of a contract. We store this data on our DigitalOcean infrastructure for as long as your account remains active. You may delete your account at any time through the Site's settings.

At the moment of registration, we also derive and store a two-letter country code associated with your account. This code is taken from the CF-IPCountry HTTP header that Cloudflare appends to requests reaching our servers, and is inferred from your IP address at that moment. The country code is used solely to display a country flag alongside your username on public leaderboards and global rankings, and is not used for profiling, analytics, advertising, or any automated decision-making. We do not store your IP address in connection with your account; only the resulting two-letter country code is retained for the duration of your account. Our legal basis for this processing is the performance of a contract; you may request erasure of this value by deleting your account.

Premium Users

We do not currently offer a paid premium membership. If and when premium membership is introduced in the future, payment processing will be handled exclusively by a third-party Merchant of Record (anticipated to be polar.sh). Check CPS will not directly handle or store your payment information (such as credit card details or billing address). Your billing relationship will be directly with the Merchant of Record. Our legal basis for such processing will be the performance of a contract. Please refer to the Merchant of Record's own privacy policy for details on how they process your payment data. For the retention period that would apply to subscription status data held by Check CPS once premium membership is available, see Section 9.

Analytics (Cookie-less)

We receive anonymous traffic data automatically via the Ahrefs Analytics integration. Unlike traditional analytics, this service is cookie-less. It does not track individual users across the web and does not store personal data that can identify you. It provides us only with anonymous, aggregated traffic statistics. As this data is anonymous and aggregated from the point of collection, it does not constitute personal data processing and no legal basis is required.

6. Third-Party Service Providers

To provide secure and sustainable service, we work with the following third parties:

DigitalOcean

DigitalOcean provides the hosting infrastructure on which the Site operates. For all users, DigitalOcean processes server logs containing IP addresses, browser type, operating system, and timestamps. For registered users, DigitalOcean also stores account data (email address, username), test scores, click history, and settings. If and when premium membership is introduced, DigitalOcean would additionally store subscription status. DigitalOcean servers are located in the United States. Our legal basis is the performance of a contract and legitimate interest. For details on how DigitalOcean handles data, please refer to DigitalOcean's Privacy Policy.

Cloudflare

Cloudflare helps protect the Site from malicious activity and speeds up content delivery. Cloudflare may process your IP address and technical device data to distinguish between real human visitors and malicious bots or automated attacks. Cloudflare is a US-based service; data processed through Cloudflare may be transferred to and processed in the United States. Our legal basis is legitimate interest, as this is necessary to protect the integrity of the Services. Cloudflare sets its own retention periods for this data; please refer to Cloudflare's Privacy Policy for details.

In addition, we use Cloudflare Turnstile on our account registration form to distinguish real human users from automated bots. Turnstile analyses technical device and browser signals (including, without limitation, HTTP request headers, user-agent strings, and client-side rendering behavior) in order to generate a verification token that is submitted with your registration and validated server-side against Cloudflare's verification endpoint. Cloudflare's broader bot-management infrastructure may also set short-lived first-party security cookies on your browser (such as __cf_bm, typically expiring after approximately thirty (30) minutes) for the sole purpose of bot mitigation and Site security. These operations are strictly necessary to prevent automated abuse and bot-driven account creation and, under GDPR and applicable cookie regulations, do not require your prior consent. Our legal basis for this processing is legitimate interest.

Google AdSense

We use Google AdSense to serve advertisements. Google uses cookies to serve ads based on your browsing history on this and other sites. Google processes online identifiers, including cookie IDs, device identifiers, and IP addresses. The purpose of processing is to display advertisements, prevent ad fraud, and limit the frequency of ads shown to you. Depending on your choice in the consent banner, this data may be used for personalised advertising. The legal basis for processing is your consent. This processing only occurs if you provide consent through the ad consent banner displayed on the Site. For details on how Google handles this data, please refer to Google's Privacy Policy.

  • Consent Management: We use Google's integrated CMP (Consent Management Platform). You can customize your ad preferences or revoke consent at any time through the ad settings overlay on the Site. Withdrawal of consent does not affect the lawfulness of any processing carried out on the basis of consent before its withdrawal. After you withdraw consent, Google will no longer use your data for personalized advertising on this Site.

Merchant of Record (Future Premium Membership)

We do not currently engage a Merchant of Record because no paid services are offered at this time. If and when we introduce premium membership, all payment transactions will be processed exclusively by a third-party Merchant of Record (anticipated to be polar.sh). The Merchant of Record will be the registered seller responsible for processing transactions and collecting applicable taxes. We will not directly handle or store your payment information (such as credit card details or billing address). Your billing relationship for subscription payments will be directly with the Merchant of Record. Any billing disputes or payment processing issues should be directed to the Merchant of Record. Our legal basis for this processing will be the performance of a contract. We reserve the right to change or substitute our Merchant of Record at any time, in which case we will update this Policy accordingly before the change takes effect. For details on how the Merchant of Record handles your payment data, please refer to its own privacy policy.

7. Cookies

Strictly Necessary Cookies (First-Party)

We set a limited number of first-party cookies that are strictly necessary for the Site to operate securely and to provide the features you request. These cookies do not track you across other websites, are not used for analytics, advertising, profiling, or behavioral targeting, and (under GDPR and applicable cookie regulations) do not require your prior consent. They include, without limitation:

  • check-cps-session (or as otherwise configured via the SESSION_COOKIE setting): a session identifier used to maintain your login state and to preserve server-side session data for the duration of the configured session lifetime (currently one hundred and twenty (120) minutes of inactivity).
  • XSRF-TOKEN: a Cross-Site Request Forgery (CSRF) protection token required to authenticate form submissions and state-changing requests made to our servers.
  • __cf_bm and related short-lived Cloudflare security cookies, described in Section 6 above, set in connection with Cloudflare's bot-management and Turnstile services for the sole purpose of Site security.

We do not set any first-party cookies for tracking, analytics, advertising, profiling, or behavioral purposes.

Third-Party Service Provider Cookies

As mentioned above, Google AdSense may set cookies for advertising purposes to serve ads based on your browsing history on this Site and elsewhere on the web. Such cookies are set only where you have provided consent through the ad consent banner displayed on the Site, and may be revoked at any time through the ad settings overlay.

You can opt-out of personalized advertising by visiting Google's Ad Settings. To understand how Google processes data through its partners, visit Google's Partner Policy page.

8. Sharing of Personal Data

We value your privacy and do not sell, rent, or trade your personal data with third parties for their marketing purposes. We only share personal data in the following circumstances:

  • Our hosting provider (DigitalOcean) stores and processes technical data (including IP addresses and server logs) and, for registered users (and, in the future, premium users), account data, scores, test history, and subscription status, solely to provide the infrastructure necessary to operate the Site. Our security provider (Cloudflare) processes IP addresses and technical device data solely to protect the Site against malicious traffic and attacks. Our legal basis for both is legitimate interest.
  • Google AdSense processes data upon your consent, as described in Section 6, to serve advertisements. This processing only occurs if you provide consent through the ad consent banner displayed on the Site.
  • If you are a registered user, your username and verified test scores may be displayed publicly on leaderboards and global rankings visible to all Site visitors. This sharing is a core function of the competitive features you opt into by creating an account and is carried out on the legal basis of the performance of a contract. You may withdraw from leaderboard participation by deleting your account.
  • No Merchant of Record currently processes payments because premium membership is not yet offered. If and when premium membership is introduced, a third-party Merchant of Record (anticipated to be polar.sh) will process subscription payments. At that time, only your chosen plan and account identifier will be passed to the Merchant of Record to initiate the transaction. Payment card details and billing addresses will be entered directly with the Merchant of Record and will never be transmitted to or stored by Check CPS.
  • Our authorized contractors or developers may access technical logs where necessary to investigate security threats (such as DDoS attacks) or troubleshoot critical system errors. Our legal basis is legitimate interest. All such parties are bound by strict confidentiality obligations.
  • If Check CPS undergoes a business transition such as a merger, acquisition, or sale of assets, your personal data (including server logs, account data, and stored scores) may be among the assets transferred. We will notify you of any such transition through the Site or by email before it takes effect, and we will require the acquiring entity to honor the terms of this Privacy Policy.
  • We may disclose your personal data to courts, law enforcement agencies, or government authorities where required by a lawful request, court order, or subpoena. Our legal basis for such disclosure is compliance with a legal obligation. We will attempt to notify you of any such request before complying unless we are legally prohibited from doing so.
  • We may use and disclose personal data to the extent necessary to protect the security and integrity of our Services and to enforce our rights under the Terms of Service. Our legal basis is legitimate interest.

9. Data Retention and International Transfers

Storage Location

Check CPS is a Turkish-registered sole proprietorship operated by a sole proprietor resident in Spain. Our technical infrastructure is provided by DigitalOcean, with servers located in the United States. In addition, the Site uses Cloudflare for security and content delivery; Cloudflare is a US-based service and data processed through Cloudflare may also be transferred to and processed in the United States. As a result, your personal data (including server logs, and for registered users, account data, scores, and test history) is transferred to and processed in the United States by both DigitalOcean and Cloudflare.

For users located in the European Union or European Economic Area, these transfers are carried out on the basis of Standard Contractual Clauses (SCCs) issued by the European Commission under GDPR Art. 46(2)(c), which provide appropriate safeguards for the protection of your personal data.

For users located in Turkey, these transfers are carried out on the basis that they are necessary for the performance of the contract between you and Check CPS, in accordance with KVKK Art. 9.

Data Retention Periods

Technical Server Logs (containing IP addresses and access data) are processed for security purposes and to comply with our legal requirements under Turkish Law No. 5651. In accordance with Law No. 5651, we are required to store these logs for a minimum of one (1) year. These logs are automatically deleted one (1) year using logrotate technology on DigitalOcean.

Local Storage Content containing (test results, click history, and high scores) stored by visitors without an account, are stored only on your device. We do not have a retention period for this data because we do not host it; it remains on your device until you choose to delete it or clear your browser cache.

Registered User Account Data and Server-Stored Scores (email address, username, test scores, settings, and click history) are stored on our DigitalOcean infrastructure for as long as your account remains active. Upon account deletion, we will permanently delete your personal data from our servers within thirty (30) days.

Premium Subscription Status is not currently collected or stored because premium membership is not yet offered. If and when premium membership is introduced, subscription plan identifiers and active/inactive status will be stored on our DigitalOcean infrastructure for as long as your subscription or account remains active. Following account deletion, subscription cancellation, or account termination by Check CPS for cause, such data will be retained for a period of one hundred and twenty (120) days to accommodate potential payment disputes and chargeback resolution, after which it will be permanently deleted. Payment card details and billing addresses will never be stored by Check CPS; they would be held exclusively by the applicable Merchant of Record.

Analytics via Ahrefs are anonymised and aggregated; they do not contain any personal data and may be kept indefinitely for historical traffic analysis.

10. Security

We employ organizational, technical, and administrative measures designed to protect your personal data against unauthorized access, destruction, accidental loss, unauthorized alteration, or abuse. We partner with leading providers like Cloudflare to protect the Site against DDoS attacks, malicious bots, and unauthorized access. For visitors using the Site without an account, test results remain in your browser's local storage and are not stored on our servers; the security of that data depends on the security of your device. For registered users, account data and server-stored scores are held on our DigitalOcean infrastructure, access to which is strictly limited to authorized personnel. We do not process or store payment card details at this time; if and when premium membership is introduced, all payment processing will be handled exclusively by a third-party Merchant of Record, and Check CPS will not directly store such details. Access to our server logs is strictly limited to authorized personnel and is used only for troubleshooting and security investigations.

11. Your Data Protection Rights

For information about the applicable legal framework and the competent supervisory authorities, see Section 3. GDPR applies as the primary governing regulation by virtue of the controller's establishment in Spain. KVKK applies additionally for users located in Turkey by virtue of the controller's registration in the Republic of Turkey. Where the two regimes overlap, we apply the higher standard.

Your right to access: You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data together with information about the categories of data held, the purposes and period of processing, and any recipients.

Your right to rectification: You have the right to request correction or updating of your personal data if it is inaccurate or incomplete.

Your right to erasure ("right to be forgotten"): You have the right to request deletion of your personal data in certain circumstances, such as where the data is no longer necessary for the purpose for which it was collected, or where you withdraw consent. We may be unable to fully comply where retention is required by applicable law or where a retention period set out in Section 9 has not yet expired. Please note that for data stored in your browser's local storage (visitor use), we have no server-side access and cannot erase it on your behalf; you must clear your browser cache. For server-stored account data, you may request erasure or delete your account directly through the Site's settings.

Your right to restriction of processing: You have the right to request that we restrict processing of your personal data in certain situations, such as where you contest the accuracy of the data or object to our processing on legitimate interest grounds.

Your right to data portability: Where we process your personal data by automated means on the basis of your consent or the performance of a contract, you have the right to receive that data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Your right to object to processing: You have the right to object to processing of your personal data where we rely on legitimate interest as our legal basis, including objections relating to profiling.

Your right to withdraw consent: Where we process your personal data on the basis of your consent (including consent to personalised advertising via Google AdSense) you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. You may withdraw advertising consent at any time through the ad settings overlay on the Site.

Your right not to be subject to solely automated decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects concerning you. Check CPS does not currently make decisions of this kind, but we note the right for completeness.

Your right to lodge a complaint: If you are unhappy with how we handle your personal data and have not received a satisfactory response from us, you have the right to lodge a complaint with the competent supervisory authority. As the controller is established in Spain, the lead supervisory authority under GDPR is the Agencia Española de Protección de Datos (AEPD), reachable at aepd.es. EU/EEA users may also lodge a complaint with the data protection authority of their own member state of residence. If you are located in Turkey, the competent authority is the Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu), reachable at kvkk.gov.tr.

12. Exercising Your Data Protection Rights

We respond to all requests to exercise data protection rights in accordance with the applicable law governing your situation. Under GDPR, we will respond without undue delay and in any event within one (1) month of receipt of the request. This period may be extended by a further two months where the request is complex or numerous, in which case we will notify you within the first month and explain the reason for the extension. Under KVKK, we will respond within thirty (30) days of receipt of the request. Where a request cannot be completed within this period due to complexity, we will notify you within the same period and provide an expected completion date. If a request is refused under either regime, you will be notified of the grounds for refusal within the applicable response period.

You may exercise your rights by contacting us at support [at] checkcps [dot] com . Please note that we may ask you to verify your identity before responding to such requests.

Requests are dealt with free of charge. However, where requests are manifestly unfounded, excessive, or repetitive in character, we reserve the right to charge a reasonable administrative fee or to decline to act on the request, in accordance with relevant laws.

13. Updates to this Policy and Notifications

We may change this Policy from time to time in response to changing legal, technical, or business developments. When we update this Policy, we will post the revised version on the Site and update the "last updated" date at the top of this page.

For minor changes that do not materially affect your rights or the way we process your data, posting on the Site constitutes sufficient notice. For material changes (including changes to the categories of data we collect, the purposes for which we process it, the legal bases we rely on, the third parties we share it with, or your rights under this Policy) we will notify registered users by email to the address associated with their account within a reasonable time before the changes take effect. Where required by applicable law, we will seek your consent before implementing any such change.

If you do not agree with the updated Policy, you must stop using the Site and may delete your account before the changes take effect. Your continued use of the Site after the effective date of any update constitutes acceptance of the revised Policy.

14. Translations of the Privacy Policy

The governing language of this Privacy Policy is English. Any translations provided are for reference only, and the English version shall prevail in the event of a conflict. Any communications related to this Policy, unless otherwise specified, shall be English.

15. Contact Information

If you have any questions or complaints about this Policy, or if you wish to exercise your rights under applicable data protection laws, please contact us in writing at support [at] checkcps [dot] com .