Privacy Policy

Redacted is a consumer personal-data removal service. We help individuals find their personal information on people-search and background-check websites and request that it be removed, acting as the individual's authorized agent under applicable US state privacy laws.

This Privacy Policy describes the personal information Redacted collects about you, how we use it, who we share it with, how we protect it, how long we keep it, and the rights you have over it. It applies to users of the Redacted website, web application, and any related services (collectively, the "Service").

By using the Service you acknowledge this policy. If you do not agree, do not use the Service.

We collect only what is necessary to find and remove your listings. Every field is justified in the intake form.

Personal identification data (PII you provide):

• —Full name and name variants / aliases: including maiden name, former names, and middle initials. Data brokers index listings under all known name variants.
• —Current and past addresses: data brokers aggregate by address history, and past addresses surface listings tied to old records.
• —Phone number(s): required by certain broker opt-out processes.
• —Email address: used for your account and required by some broker opt-out processes.
• —Date of birth: used to match your listings precisely and distinguish you from people with similar names.
• —Your authorization signature (Mandate): the legal instrument that grants us authority to act as your agent. Required; not optional.

Account and billing data:

• —Account email and password hash: for authentication.
• —Payment information: we do not store full card numbers. Payment is processed by our payment processor (see Sharing). We retain only a payment-method token and last-four digits.
• —Subscription status and billing history: to administer your plan.

Automatically collected data:

• —Server logs: IP address, browser type, pages visited, timestamps. Standard web-server access logs, retained briefly for security and debugging.
• —Non-PII audit log: a record of which removal requests were filed, when, to which broker, and with what result. This log does not contain your PII and is retained for service integrity (see Retention).

We use the information we collect solely to operate the Service:

• —To scan people-search and data-broker sites for listings that match your profile.
• —To match scan results to you with sufficient confidence before filing a removal request.
• —To submit authorized data-deletion requests to data brokers on your behalf, sending only the fields a given broker explicitly requires.
• —To verify that removal requests were honored by independently re-checking each source after the statutory window.
• —To run periodic re-scans and catch re-listings.
• —To communicate with you about your account, removals, and actions required from you.
• —To process your subscription payments.
• —To maintain service security, diagnose technical issues, and prevent abuse.

We do not use your personal information for advertising, profiling for marketing purposes, or any purpose unrelated to operating the Service.

Our primary legal basis for processing your personal information is the authorized-agent framework under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and equivalent provisions in other US state privacy laws (Virginia CDPA, Colorado CPA, Connecticut CTDPA, and others). Under these laws, a consumer may designate an authorized agent to exercise their data-deletion and data-access rights on their behalf.

When you sign the Mandate, you are formally designating Redacted as your authorized agent. All removal requests we file are submitted in that capacity. The Mandate is the legal instrument that obligates brokers to honor our requests; without it, brokers are not required to act.

We also process data on the basis of contractual necessity (to provide the Service you subscribed to) and legitimate interests (service security and integrity).

We share your personal information only to the minimum extent required to operate the Service. We do not sell your personal information. We do not share it for advertising or marketing.

Data brokers (for removal purposes only):

When filing a removal request, we share only the fields that a specific broker's opt-out process explicitly requires (typically a subset of: your name, address, and email). We log every field sent to every broker. Optional fields require your explicit per-use approval before we send them.

Service processors:

• —Payment processor: processes subscription payments on our behalf under their own PCI-DSS-compliant environment.
• —Transactional email provider: sends account and removal notifications on our behalf.
• —Infrastructure / hosting providers: our servers and databases run on cloud infrastructure that is contractually bound to data-processing terms.

All processors are bound by data-processing agreements. We do not permit them to use your information for their own purposes.

Legal requirements:

We may disclose information if required by law, court order, or to protect the rights, property, or safety of Redacted, our users, or the public.

The data you entrust to us (your name, address history, and contact information) is sensitive. Our technical controls include:

• —Envelope encryption: all PII is encrypted before it is written to storage, using a per-account data encryption key (DEK). The DEK itself is encrypted with a key encryption key (KEK) wrapped through Postgres pgcrypto.
• —Transit encryption: all data in transit uses TLS 1.2 or higher.
• —Access controls: PII access is limited to systems and personnel that require it to operate the Service. Access is logged and audited.
• —Blind indexes: searchable PII fields (e.g., name for matching) use keyed blind indexes so the plaintext is never exposed in queries.

No security measure is perfect. If you believe your account has been compromised, contact us immediately at [email protected].

We retain your personal information for as long as your account is active and for a reasonable period thereafter to handle any disputes, refund requests, or legal obligations.

Account deletion (crypto-shred):

When you delete your account, we destroy your per-account data encryption key. Because all your PII was encrypted with that key, the ciphertext remaining in storage becomes permanently unrecoverable. This is cryptographic deletion, not a soft-delete or an anonymization that could be reversed.

Non-PII audit log:

A non-PII audit log recording which removal requests were filed, to which brokers, and with what outcome is retained after account deletion. This log does not contain your name, address, or other identifying information. It is retained for service integrity, regulatory-compliance documentation, and to substantiate removal activity in the event of a dispute.

Depending on where you live, you may have the following rights under US state privacy law:

• —Right to know / access: request a copy of the personal information we hold about you.
• —Right to delete: request deletion of your personal information. You can do this directly by deleting your account, which triggers the crypto-shred described above.
• —Right to correct: request correction of inaccurate personal information we hold about you.
• —Right to data portability / export: request a machine-readable export of your removal history and account data.
• —Right to opt out of sale: we do not sell personal information; this right is not applicable, but we honor it as a matter of principle.
• —Right to non-discrimination: exercising any of these rights will not result in a change to your service level or pricing.

To exercise any of these rights, contact us at [email protected] or through the contact page. We will respond within the timeframes required by applicable law (typically 45 days, with a permitted extension).

We use a minimal set of cookies necessary to operate the Service: session cookies for authentication and CSRF protection. We do not use third-party advertising cookies or cross-site tracking pixels.

If we use analytics tooling, we configure it to not collect PII, to anonymize IP addresses, and to disable data sharing with the analytics provider's advertising products. We will update this section to name any analytics provider we deploy.

Redacted is a US-based service designed for US consumers asserting rights under US state privacy laws. Our servers are located in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States.

We do not currently offer a dedicated service for users in the EU, UK, Canada, or Australia, and we do not make representations about compliance with GDPR, UK GDPR, PIPEDA, or the Australian Privacy Act. If you are located in one of those jurisdictions, please consult the applicable law before using the Service.

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a minor, we will delete it promptly. If you believe we have inadvertently collected information about a minor, contact us at [email protected].

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify you by email or by a notice in the Service. Continued use of the Service after the effective date of a change constitutes acceptance of the updated policy.

Questions, requests, or concerns about this Privacy Policy or your personal data should be directed to:

Email: [email protected]

Contact form: redacted.example/contact