Privacy Policy

This Privacy Policy describes how Incogni Inc. (registered at 506 S Spring St #13308 Los Angeles, CA 90013, the United States of America) (‘Incogni’, ‘we’) processes your personal data (used interchangeably as personal information) when you visit www.incogni.com (‘Site’) and use Incogni services (‘Service’). This Privacy Policy is amended from time to time at our discretion, so be sure to check this page periodically as the information provided here may change. We will inform you separately in case we make any important changes to this Privacy Policy.

1. What personal data do we collect and why?

We collect the bare minimum of your personal data, e.g. the information needed for account creation, payment processing, customer support and similar purposes.

1.1 Cookies and device information

When you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as "Device Information".

We collect Device Information using cookies. Cookies are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit https://www.allaboutcookies.org.

We use the Device Information that we collect to help us to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns). The legal basis for processing your data for this purpose is our legitimate interest to analyze and improve the performance of our Site, as well as to assess the success of our marketing campaigns (Art. 6(1)(f) of the GDPR).

We use cookies as described in the table below.

Cookie name	Cookie expiry	Provenance	Purpose	Cookie category
_inco-* _icgn* _incgn*	Never	Incogni	Required for application to run.	Necessary
collect	Session	Third party (Google)	Used to send data to Google Analytics about the visitors device and behavior. Tracks the visitor across devices and marketing channels.	Analytical
_gcl_au	Never	Third party (Google)	Used by Google Analytics to understand user interaction with the website.	Analytical
OTZ	2 years	Third party (Google)	Used by Google Analytics that provides an aggregate analysis of website visitors.	Analytical
SOCSCONSENT	13 months	Third party (Google)	Used by Google Analytics to store a users state regarding their cookies choices on Google Analytics side.	Analytical
AEC	6 months	Third party (Google)	Ensure that requests within a browsing session are made by the user, and not by other sites.	Analytical
_incgn_hoff	Session	Third party (Tune)	Used by Tune to re-engage visitors that are likely to convert to customers based on the visitors online behavior across websites.	Analytical
1P_JAR	1 month	Third party (Google Ads)	Collects statistics on website usage and measures conversions.	Marketing
NID	6 months	Third party (Google Ads)	Used to show Google ads in Google services for signed-out users.	Marketing
DV	1 day	Third party (Google Ads)	Collects statistics on website usage.	Marketing
ads/ga-audiences	Session	Third party (Google Ads)	Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitors online behavior across websites.	Marketing
__cf_bm	1 day	Third party (Cloudflare)	Used to read and filter requests from bots	Necessary
paddle_session	1 day	Third party (Paddle)	Used to store some paddle session identifier	Necessary
_sp_id	2 years	Third party (Snowplow)	Stores user information that is created when a user first visits a site and updated on subsequent visits.	Analytical
_sp_ses	30 minutes	Third party (Snowplow)	Used to identify if the user is in an active session on a site or if this is a new session for a user (i.e. cookie doesn't exist or has expired).	Analytical
sp	1 year	Third party (Snowplow)	Stores a server-side collector generated unique identifier for a user that is sent with all subsequent tracking event events.	Analytical

1.2. Creation of your account

If you decide to use our Service, you will need to create a user account by entering your email address and a password. We will keep your email, email verification date, date of account creation and encrypted password. We refer to this information as "Account Information". The legal basis for processing your data for this purpose is a contract with you (Art. 6(1)(b) of the GDPR).

1.3. Provision of Incogni Service

To fully use our Service, you will need to provide your full name and address information (country, state, city, ZIP code, address) and their entry date, as well as your authorization for us to act on your behalf when submitting data erasure requests. In addition, Incogni gives you the opportunity to add up to three different addresses, email addresses, phone numbers into your account. You will be able to use our Services for all of these different data sets you provided.

Note that we will retain a copy of the authorization along with the information provided in it and the creation/modification date. In some cases data brokers ask for additional personal data for user verification (such as date of birth, phone number, middle name or date of birth) and we will only be able to complete data removal if you provide such information. To keep you updated about the data deletion requests, we will keep the information about the status of these requests, the names of data brokers, as well as the removal ID.

Additionally, we process your email address to communicate with you about our Service, to ask you some questions and to provide our Service. The legal basis for processing your data for this purpose is performance of a contract with you (Art. 6(1)(b) of the GDPR).

1.4. Customer support

We also keep communication with you regarding the Service provided and issues that arise when rendering the Service. Personal data processed for this purpose is inquiry ID, your name, date of the inquiry and content of the inquiry. The legal basis for processing your data for this purpose is your consent (Art. 6(1)(a) of the GDPR) and a contract with you (Art. 6(1)(b) of the GDPR).

1.5. Payment processing

As for payment related information, our payment processing partners collect usual data necessary for payment processing and/or refund requests (subscription ID, subscription creation date, validity date, transaction date, payer’s IP address, credit card number, credit card owner’s full name, in some jurisdictions also personal identity code, passport or identity card number and/or residence address). The processing and transfer of such data is based on our contract with you (Art. 6(1)(b) of the GDPR).

1.6. Dispute resolution

We may have to protect our legitimate interests and legal rights in case there is a dispute between you and us. In these cases we may be required to collect and store a limited amount of certain information: email address, subscription information, legal documents, communication with you and other information related to the disputed situation. Please note that we do not collect and store this information by default. We only store this information in cases when a dispute has been raised, a court proceeding, legal claim or other legal action has been or is likely to be initiated.

2. Sharing your personal information

We do not sell your personal information. For example, we share it with our partners who help us deliver our Service.

We share your personal information with the following recipients:

Customer support service provider Zendesk, Inc. (United States)

Payment service provider Paddle.com Market Limited (United Kingdom)

Storage and infrastructure service providers, such as Amazon Web Services, Inc. (United States)

Marketing service providers, such as Mailchimp (United States) and Tune Inc. (United States)

Information security service providers, such as Cloudflare, Inc. (United States) and Sentry (United States)

Analytics service providers, such as Snowplow Analytics Limited (United Kingdom). We use Snowplow Analytics to help us understand how our customers use the Site - you can read more about how Snowplow uses your personal information here: https://snowplow.io/privacy-policy/.

Finally, we may also share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights. In case we do so, the legal basis for processing data is our legitimate interest to defend our rights and interests in case of a dispute (Art. 6(1)(f) of the GDPR).

When your data is transferred outside the European Economic Area (EEA), we apply appropriate safeguards to ensure that your personal data is transferred and processed in line with the applicable privacy laws. The measures include signing Standard Contractual Clauses approved by the European Commission and taking into account the adequacy decisions issued by the European Commission.

3. Your rights

You have certain privacy rights regarding the collection and processing of your data that can be exercised by contacting us.

You can access your personal information or receive a copy of it by contacting us.

You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information where it is technically possible.

You can demand the correction of inaccurate personal information and, subject to the nature of the collection and use, the completion of incomplete personal information (right to rectification).

You can request the deletion of your personal information specified in Clause 1, unless, we are legally required or we have a legal basis to maintain certain personal information.

If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

You have the right to complain to a data protection authority.

If you wish to implement any of the above-mentioned rights, please contact us at support@incogni.com.

4. Data retention

We store your personal data for a minimum period of time before deleting it permanently.

We apply different retention periods depending on the purpose for which your personal information is processed as detailed above.

Cookies are stored in line with the retention periods described in section 1.1 above.

Personal data needed to provide the Service (sections 1.2, 1.3 and 1.5) is stored for no longer than 12 months after the termination of providing our Service or until you ask us to delete it and there are no legal restrictions for us to do so.

Personal data needed to provide customer support (section 1.4) is stored for 2 years.

If we need to defend our rights and interests in case of a dispute (section 1.6), personal data is stored for 2 years or until the dispute is ultimately resolved or a final decision by a competent authority is made, whichever occurs latest.

5. Contact us

For more information about our privacy practices, or if you have questions, please contact us by email at support@incogni.com.

Our EU representative details:

Surfshark B.V., KvK number: 81967985, address: Kabelweg 57, 1014BA Amsterdam, the Netherlands, VAT number NL862287339B01, email address: support@incogni.com.

Last updated: 01/10/2023