1 Introduction
Welcome to PrivacyCat. This Privacy Policy explains how PrivacyCat, LLC ("us", "we", or "our") collects, uses, and protects your information when you use our service at www.privacycat.us.
By using PrivacyCat, you agree to the collection and use of information in accordance with this policy. Our Terms of Service, together with this Privacy Policy, form your agreement with us.
This Privacy Policy is designed to comply with applicable privacy laws, including the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), New Jersey Data Protection Act (NJDPA), Delaware Personal Data Privacy Act (PDPA), Iowa Consumer Data Protection Act (ICDPA), and New Hampshire Privacy Act (NHPA).
2 Information We Collect
Categories of Personal Information
We collect the following categories of personal information as defined by applicable privacy laws:
| Information Category | Specific Data | Purpose | Source | Status |
|---|---|---|---|---|
| Identifiers | First and Last Name | Identify your records on data broker sites | You | Required |
| Contact Information | Email Address | Account access and service communications | You | Required |
| Contact Information | Phone Number | Required by some data brokers for opt-out verification | You | Required |
| Identifiers | Street Address, City, State, Zip Code | Required by data brokers to process opt-out requests | You | Required |
| Personal Characteristics | Age | Comply with age requirements and improve search accuracy | You | Required |
| Personal Characteristics | Date of Birth | Verify identity and match records accurately on data broker sites | You | Optional |
| Internet/Network Activity | IP address, browser type, device information | Service functionality, security, and analytics | Automatic | Automatic |
| Commercial Information | Subscription status, payment history | Billing and account management | You/Stripe | If Paid |
Automatically Collected Data
We automatically collect certain technical information to improve our service:
- IP address and browser type
- Device information and operating system
- Pages visited and time spent on our site
- Referring website information
- Service usage patterns and preferences
Sources of Personal Information
- Directly from you: Account registration, profile updates, customer support interactions
- Automatically from your device: Technical information when you use our services
- Third-party service providers: Payment processing information from Stripe
3 How We Use Your Information
We use your information for the following business purposes:
Primary Service Purposes
- Scan data broker websites to find your personal information
- Submit opt-out and deletion requests on your behalf
- Verify your identity with data brokers when required
- Track and report on removal request status
- Provide customer support and respond to your inquiries
Account and Service Management
- Create and maintain your account
- Process payments and manage subscriptions
- Send service updates, security alerts, and important notices
- Provide technical support and troubleshooting
Legal and Compliance
- Comply with legal obligations and regulatory requirements
- Protect our rights, property, and safety
- Detect and prevent fraud or security threats
- Respond to legal requests and court orders
Analytics and Improvement
- Analyze service usage to improve functionality
- Monitor system performance and reliability
- Develop new features and services
- Generate anonymized analytics and reports
What We Don't Do
- Sell or rent your personal information to third parties
- Share your data with third parties for their marketing purposes
- Use your information for advertising or tracking across websites
- Create profiles for commercial or promotional purposes unrelated to our services
4 Information Sharing and Disclosure
We do not sell personal information. We may share your information only in the following limited circumstances:
Service Providers
We work with trusted third-party service providers who help us deliver our services:
- Stripe: Secure payment processing (limited to payment data only)
- Firebase (Google): User authentication and database services
- Google Cloud Platform: Secure infrastructure and data storage
- Webflow: Website hosting and content management
- DataImpulse: Proxy services for anonymous data broker scanning
- GitHub Actions: Automated scanning and opt-out request processing
- Google Workspace: Business email and customer support communications
All service providers are contractually required to:
- Protect your data according to industry standards
- Use your information only as necessary to provide their services
- Not sell or share your personal information
- Delete your information when services are terminated
Legal Requirements
We may disclose your information when required by law or to:
- Comply with valid legal process (subpoenas, court orders)
- Protect our rights, property, or safety
- Prevent fraud or cybersecurity threats
- Respond to emergency situations involving danger to persons
Business Transfers
In the event of a business transfer (merger, acquisition, bankruptcy), your information may be transferred. We will provide notice before your information becomes subject to different privacy practices.
5 Data Retention
We retain your personal information only as long as necessary for the purposes outlined in this policy:
| Information Type | Retention Period | Reason |
|---|---|---|
| Account information | While account is active | Provide ongoing services |
| Scan results and screenshots | Replaced with each new scan | Show current status only |
| Opt-out confirmations | Retained permanently while account active | Proof of completed removals |
| Payment records | 7 years after transaction | Legal and tax compliance |
| Support communications | 3 years after resolution | Service improvement and legal protection |
| Technical logs | 90 days | Security and performance monitoring |
When you delete your account, all personal information is permanently removed from our systems within 30 days, except where we have a legal obligation to retain certain records.
6 Your Privacy Rights
Consumer Rights Under State Privacy Laws
Depending on your state of residence, you may have the following rights regarding your personal information:
Right to Know
Request information about what personal data we collect, use, share, and sell about you.
Right to Delete
Request deletion of your personal information, subject to certain legal exceptions.
Right to Correct
Request correction of inaccurate personal information we maintain about you.
Right to Data Portability
Request a copy of your personal information in a portable format.
Right to Opt-Out
Opt out of the sale or sharing of your personal information (not applicable to PrivacyCat as we don't sell data).
Right to Non-Discrimination
You will not face discrimination for exercising your privacy rights.
How to Exercise Your Rights
To exercise any of these rights, you can:
- Email us at privacy@privacycat.us with your request
- Use your account settings to update or delete information
- Contact our support team at support@privacycat.us
Verification Process
To protect your privacy, we will verify your identity before processing rights requests by:
- Confirming your email address associated with your account
- Asking you to provide information that matches our records
- Using additional verification methods for sensitive requests
Response Timeline
- We will acknowledge your request within 10 business days
- We will respond to your request within 45 days (may be extended by 45 days if needed)
- Deletion requests will be processed within 30 days
- All responses are provided free of charge
Do Not Track
We respect Do Not Track signals and do not track users across third-party websites when a Do Not Track signal is detected.
7 Data Security
Security Measures
- Encryption: All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3
- Access Controls: Limited access with multi-factor authentication and role-based permissions
- Infrastructure: Secure cloud infrastructure with 24/7 monitoring
- Regular Audits: Periodic security audits and vulnerability assessments
- Employee Training: Regular security training for all personnel with access to personal data
- Incident Response: Comprehensive incident response plan for data breaches
Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will:
- Notify you via email within 72 hours of discovery
- Provide details about what information was involved
- Explain the steps we're taking to address the breach
- Offer guidance on steps you can take to protect yourself
- Notify relevant authorities as required by law
8 Children's Privacy
We allow individuals aged 13-17 to use our service with verifiable parental or guardian consent. We do not knowingly collect information from children under 13.
Enhanced Protections for Children
In compliance with COPPA and state privacy laws:
- Users under 13 are prohibited from creating accounts
- Users 13-17 require parental consent before account creation
- We collect only the minimum information necessary for our services
- Parents can review, modify, or delete their child's information
- We do not use children's information for marketing or behavioral advertising
Parental Rights
Parents or guardians can:
- Review their child's personal information
- Request deletion of their child's account and data
- Refuse to allow further collection of their child's information
- Contact us at support@privacycat.us for any child privacy concerns
If you believe a child under 13 has provided us with personal information, please contact us immediately at support@privacycat.us, and we will delete that information promptly.
9 Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make changes:
- We'll notify you via email at least 30 days before material changes take effect
- We'll post the updated policy on our website with a new "Last updated" date
- We'll provide a summary of key changes in our notification
- Continued use after changes means acceptance of the new policy
- You can request previous versions of this policy by contacting us
If you disagree with any changes, you may delete your account before the changes take effect.
10 International Data Transfers
PrivacyCat is based in the United States and primarily serves US customers. Your information is processed and stored in the United States.
If you are accessing our services from outside the United States, please be aware that:
- Your information will be transferred to and processed in the United States
- US data protection laws may differ from those in your country
- We implement appropriate safeguards to protect your information during transfer
- By using our services, you consent to this transfer and processing
11 Legal Compliance and Disclosures
Required Disclosures
- Sale of Personal Information: We do not sell personal information and have not sold personal information in the past 12 months
- Sharing for Cross-Context Behavioral Advertising: We do not share personal information for cross-context behavioral advertising
- Sensitive Personal Information: We do not process sensitive personal information beyond what is necessary for our services
- Automated Decision-Making: We do not use automated decision-making or profiling that produces legal or significant effects
Business-to-Business Customers
For business customers who may need Data Processing Agreements (DPAs) under GDPR or other regulations, please contact us at legal@privacycat.us to discuss your compliance requirements.
12 Contact Information
If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us:
Privacy Officer: PrivacyCat, LLC
Email: support@privacycat.us
Address: 2313 Stetzer Rd, Bucyrus, OH 44820
We are committed to resolving privacy concerns promptly and will respond to all inquiries within 10 business days.
