Privacy Policy

1. What personal information do we collect and why?

We collect the bare minimum of your personal data, e.g. the information needed for account creation, payment processing, customer support and similar purposes.

1.1 Cookies and device information

When you browse the Website, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Website, and information about how you interact with the Website. We refer to this automatically-collected information as "Device Information".

We collect Device Information using cookies and pixels. Cookies and pixels are data files that are placed on your device and often include an anonymous, unique identifier.

We use the Device Information that we collect to help us to improve and optimize our Website (for example, by generating analytics about how our customers browse and interact with the Website, and to assess the success of our marketing and advertising campaigns) and Services. The legal basis for processing your data for this purpose is our legitimate interest in analyzing and improving the performance of our Website and Service, as well as assessing the success of our marketing campaigns (Art. 6(1)(f) of the General Data Protection Regulation (‘GDPR’) and UK Data Protection Act 2018 (‘UK GDPR’)) and your consent (Art. 6 (1) (a) of the GDPR and the UK GDPR).

We use cookies as described in the table below.

1.2. Creation of your account

If you decide to use our Service, you will need to create a user account by providing your identifier (email address) and a password. We will store the following information: your email address, the verification date of this email address, the date of account creation and your encrypted password. We collectively refer to this information as ‘Account Information’. The legal basis for processing your Account Information is the performance of a contract with you (Art. 6(1)(b) of the GDPR and the UK GDPR).

1.3. Provision of Incogni Service

To fully use our Service, you will need to provide certain personal identifiers in your account, including your full name, address details (country, state, city, ZIP code, and street address), and, optionally, your date of birth. Additionally, you must authorize us to act on your behalf when submitting data erasure requests. Incogni also allows you to add up to three different sets of addresses, email addresses, and phone numbers (for USA residents only) to your account. You can use our Services for all the different data sets you provide. The legal basis for processing your data for this purpose is the performance of a contract with you (Art. 6(1)(b) of the GDPR and the UK GDPR).

Note that we will retain a copy of your authorization, along with the information provided in it, such as your full name and address, as well as the dates of creation and modification. In some cases, data brokers may ask for additional personal data for user verification, such as your date of birth, phone number, middle name or social media account link. We will only be able to complete personal information removal in such cases if you provide such information. To keep you informed about the data deletion requests, we will keep information about the status of these requests, the names of the data brokers, and the removal IDs. The legal basis for processing your data for this purpose is the performance of a contract with you (Art. 6(1)(b) of the GDPR and the UK GDPR).

You may also provide us with links to web pages on which your personal information is posted so that we can provide you with customized removal of your personal information (depending on your subscription). The links and information on the web pages may contain more personal information than your full name, email address, and postal address. Please be aware that we process information provided on the web pages for the purpose of providing customized data removal services. The legal basis for processing your data for this purpose is the performance of a contract with you (Article 6(1)(b) of the GDPR and the UK GDPR).

Additionally, we process your email address to communicate with you regarding our Service. This includes sending you updates on the status of data removal requests, informing you about changes to our terms of service or privacy policy, and notifying you about new features of our Service. We may also use your email address to ask you questions and to facilitate the provision of our Service. The legal basis for processing your data for this purpose is the performance of a contract with you (Art. 6(1)(b) of the GDPR and the UK GDPR) and legitimate interest (Art. 6(1) (f) of the GDPR and the UK GDPR).

1.4. Subscription management and payment processing

When you subscribe to the Incogni Service, we will collect certain subscription information, including the payment provider (such as Paddle, Surfshark, Nord or PayPal) subscription ID, subscription creation date, validity date, subscription status, subscription update status, subscription type and any changes to the subscription type. The processing of such data is based on our contract with you (Art. 6(1)(b) of the GDPR and the UK GDPR).

As for payment-related information, our payment processing partners collect the standard data necessary for processing payments and handling refund requests. This includes the subscription ID, subscription creation date, validity date, transaction date, payer’s IP address, credit card number, and credit card owner’s full name. In some jurisdictions, a personal identity code, passport or identity card number and/or residential address may also be collected. The processing and transfer of this data are based on our contractual relationship with you (Art. 6(1)(b) of the GDPR and the UK GDPR).

1.5. Refer a friend

When you participate in our Refer a Friend Program (‘Program’), a unique referral link will be generated for you, which will be accessible through the Program widget in your account.

To track referrals, determine eligibility for referral rewards, and calculate these rewards, we will collect information such as the date when the Referred Customer purchased a subscription, the subscription status of the Referred Customer, the Referral Reward the Referrer is entitled to, the number of Referred Customers (friends of the Referrer) who subscribed, and the total amount of money earned. The legal basis for processing this information for the purpose of implementing the Program is the contracts with the Referrer and Referred Customer (Art. 6(1)(b) of the GDPR and the UK GDPR).

To facilitate and process the payment of Referral Rewards, Cello, as the Service Provider (data processor) for Incogni, will collect the Referrer's personal information, including full name, bank account number, country, and payout details (such as currency and sum), depending on the chosen payout method. The Referrer will need to provide this information to Cello via the Program widget.

1.6. Customer support

We also keep communication with you regarding the Service provided and issues that arise when rendering the Service. For this purpose, we process personal information such as the inquiry ID, your name, your email address, the date and content of the inquiry, and your evaluation of the customer support service. The legal basis for processing your data for this purpose is our contract with you (Art. 6(1)(b) of the GDPR and the UK GDPR) and our legitimate interest (Art. 6(1)(f) of the GDPR and the UK GDPR).

1.7. Data exposure report

If you use our Data exposure report service we will collect personal identifiers such as your full name, email address, and address (state and city). Once the scan is complete, we will send you a report detailing which data brokers and people search sites have exposed your personal information. The legal basis for processing your data for this purpose is our contract with you (Art. 6(1)(b) of the GDPR and the UK GDPR).

1.8. Filling the form for business

If you fill out the form for business inquiries, we will process your personal information, including your full name, email address, and phone number, to offer you services from our B2B solution company, Ironwall (360Civic Inc.). The personal information and any other details provided in this form will be forwarded to Ironwall (360Civic Inc.,) to contact you for the purpose of providing the service. The legal basis for processing your data for this purpose is to take steps at your request prior to entering into a contract (Art. 6(1)(b) of the GDPR and the UK GDPR).

1.9. Dispute resolution

We may have to protect our legitimate interests and legal rights in case there is a dispute between you and us. In these cases, we may be required to collect and store a limited amount of certain information: email address, subscription information, legal documents, communication with you and other information related to the disputed situation. Please note that we do not collect and store this information by default. We only store this information in cases in which a dispute has been raised, a court proceeding, legal claim or other legal action has been or is likely to be initiated.

1.10. Interacting on Social Networks

When you interact with us through our accounts on social network websites, such as Facebook, X, Reddit, and LinkedIn ("Social Networks"), we collect basic engagement metrics, such as likes, comments, shares, and upvotes. We use this information to tailor content and enhance the user experience.

Additionally, when you contact us or engage with us on Social Networks, we process your personal identifiers, which may include your first and last name or your pseudonym, along with any information you provide during your interactions with our Social Networks (e.g., commenting, sharing, and rating).

The legal basis for processing this information is our legitimate interest in improving our services and engaging with our community (Art. 6(1)(f) of the GDPR and the UK GDPR).

Please note that we do not control the use or storage of the information that you have posted to any Social Networks. This information is collected and processed by the Social Networks for their own purposes, including marketing. For more information, please see the Social Networks’ privacy policies.

2. Sharing your personal information

We do not sell your personal information and have not done so in the past 12 months or at any time in the past.

We collaborate with several trusted partners (data processors) to deliver and enhance our Service and share your personal information with them for business purposes necessary for each partner to fulfill their role.

We share your personal information with the following recipients (data processors):

• Customer support service software provider Zendesk, Inc. (United States), the personal information we share with them is the inquiry ID, your name, email address, the date of the inquiry, and the content of the inquiry.
• Payment service provider Paddle.com Market Limited (United Kingdom), the personal information they collect is subscription ID, subscription creation date, validity date, transaction date, payer’s IP address, credit card number, credit card owner’s full name, and, in some jurisdictions, also personal identity code, passport or identity card number and/or residential address.
• Storage and infrastructure service providers, such as Amazon Web Services, Inc. (United States), at their services we store your personal information such as first name, last name, address information (country, state, city, postal code, street address) and the date it was entered, phone number (if entered), subscription ID, subscription creation date, expiration date, and other personal information.
• Marketing service providers:
• Mailchimp (United States), we share with them your email address.
• Tune Inc. (United States) is a marketing service provider that helps us track the sources of traffic to our Website. We share technical information with Tune Inc., such as affiliate link tracking ID, IP address, browser type, country, operating system, etc.
• Information security service providers, such as Cloudflare, Inc. (United States) and Sentry (United States), with which we share technical information, including IP addresses, which are used to derive location data, device information such as browser type, version, operating system, etc.
• Analytics service providers, such as Snowplow Analytics Limited (United Kingdom). We use Snowplow Analytics to help us understand how our customers use the Website, we share with them data like the unique user ID set by Incogni, IP address, country, city, visit session index and device and operating system data such as device type, operating system, screen size, etc.

Finally, we may also share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights. In case we do so, the legal basis for processing data is our legitimate interest in defending our rights and interests in case of a dispute (Art. 6(1)(f) of the GDPR and the UK GDPR) and legal obligation if we get a request from a government institution (Art. 6(1)(c) of the GDPR and the UK GDPR).

When your data is transferred outside the European Economic Area (EEA), we apply appropriate safeguards to ensure that your personal data is transferred and processed in line with the applicable privacy laws. The measures include signing Standard Contractual Clauses approved by the European Commission and considering the adequacy of decisions issued by the European Commission.

3. Your privacy rights

You have certain privacy rights regarding the collection and processing of your data that can be exercised by contacting us at support@incogni.com.

The California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, “CCPA”) entitles California residents to certain rights. To the extent the CCPA applies to our processing of your personal information, you are entitled to the following rights:

• Right to Access/Know. You have the right to request what personal information we have collected, used, disclosed, and sold about you, unless doing so proves impossible or would involve disproportionate effort.
• Right to Deletion. You have the right to request the deletion of your personal information that we collect or maintain, subject to certain exceptions. For example, if we are required by law to retain the information that you are asking to be deleted, we would not be able to delete the information until we are legally permitted to do so.
• Right to Correct. You have the right to correct inaccurate personal information that we collect or maintain.
• Right to Opt Out of Sale/Sharing. You have the right to opt out of the sale or sharing of your personal information to third parties for behavioral advertising. We do not sell your personal information.
• Right to Non-Discrimination. You have the right to not receive discriminatory treatment if and when you exercise your privacy rights under the CCPA.

If you are a California or any USA state resident and wish to exercise your privacy rights, you may submit a request via email to support@incogni.com.

Individuals in the European Union and United Kingdom are entitled to certain rights concerning their personal data under the GDPR and the UK GDPR. To the extent these laws apply to our processing of your personal data, you are entitled to the following rights:

• The right to access your personal data or receive a copy of it by contacting us.
• The right to correct any inaccurate personal data and, subject to the nature of the collection and use, the completion of incomplete personal information (right to rectification).
• The right to delete your personal data specified in this Privacy Policy, unless we are legally required or we have a legal basis to maintain certain personal information.
• The right to restrict processing of your personal data, if you believe that your personal data is inaccurate, that our processing is unlawful, or that we do not need your personal data for a specific purpose, you have the right to request that we restrict the processing of this personal data. You also have the possibility to request that we stop processing your personal data while we assess your request.
• The right to object to the processing of your personal data when that processing is based on our legitimate interests. To exercise this right, you must reference your personal circumstances that justify the objection.
• The right to data portability. You have the right to request that we transfer the personal data you have provided to us to another organization or directly to you. This right applies only under the following conditions: (i) you have provided your personal data to us; (ii) the processing is based on your consent or is necessary for the performance of a contract; and (iii) the processing is conducted by automated means.
• You have the right to complain to a data protection authority. If you are located in the UK, you have the right to lodge a complaint with the Information Commissioner’s Office. If you are located in the EU, you have the right to lodge a complaint with the relevant Supervisory Authority.
• If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. You have the right to complain to a data protection authority. If you are located in the UK, you have the right to lodge a complaint with the Information Commissioner’s Office. If you are located in the EU, you have the right to lodge a complaint with the relevant Supervisory Authority.

If you wish to implement any of the above-mentioned rights, please contact us at support@incogni.com.

Please note that you will need to pass through the account verification process so that we can verify you are the owner of the account before taking further action on your request.

4. Data retention

We store your personal data for a minimum necessary period needed for a concrete purpose before deleting it permanently.

We apply different retention periods depending on the purpose for which your personal information is processed as detailed above.

Cookies are stored in line with the retention periods described in section 1.1 above.

Personal data needed to provide the Service (sections 1.2, 1.3, 1.4, 1.5 and 1.8) is stored for no longer than 12 months after the termination of providing our Service or until you ask us to delete it and there are no legal restrictions preventing us from doing so. Please be aware that our payment service providers might store your personal information longer than us for legal purposes.

Personal information needed to provide customer support (section 1.6) is stored for 2 years.

If we need to defend our rights and interests in case of a dispute (section 1.9), personal data is stored for 2 years or until the dispute is ultimately resolved or a final decision by a competent authority is made, whichever occurs later.

5. Contact us

For more information about our privacy practices, or if you have questions, please contact us by email at support@incogni.com.