Privacy Policy

GoStealth is a privacy-protection service. Privacy is not a feature for us — it is the product. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our service at gostealth.io.

We designed the Service to minimize the data we hold about you. Any information we collect has a specific, documented purpose.

Account information

When you register, we collect your email address, name, and optionally a phone number. To scan data brokers, you may choose to provide additional identifying details (address history, aliases). This is the data you intentionally share so we can find it on broker sites.

Payment information

Payments are processed by Stripe. We never see or store your full card number. We receive only a billing identifier and a masked last four digits.

Usage data

We log pages you visit within the Service, scans you run, and removal requests you submit, so we can operate the Service and show you your history.

Device and technical data

We collect limited device information (browser type, operating system, IP address) to secure your account, detect abuse, and troubleshoot issues.

We use your information to:

• Scan data brokers and submit removal requests on your behalf
• Operate, maintain, and improve the Service
• Communicate with you about your account, scans, and changes to the Service
• Process payments and prevent fraud
• Comply with legal obligations
• Protect the security of the Service and our users

We do not sell your personal information. We share it only with the following categories of recipients, and only as needed to deliver the Service:

• Data brokers: we submit the specific fields required by each broker to process a removal request on your behalf
• Stripe: payment processing and subscription billing
• Email provider: sending account and transactional emails
• Hosting and infrastructure providers: operating our servers and databases
• Legal and compliance: when required by law, court order, or to protect rights and safety

We retain your account information for as long as your account is active. If you delete your account, we scrub your personal information from our active systems within 30 days, except where retention is required by law or for legitimate business purposes (such as billing records and fraud prevention).

Backup copies may persist for a limited period before being overwritten in the normal course of our backup rotation.

Depending on where you live, you may have the following rights regarding your personal information:

• Access — request a copy of the information we hold about you
• Correction — ask us to correct inaccurate or incomplete data
• Deletion — ask us to delete your data
• Portability — receive your data in a portable format
• Restriction — limit how we process your data
• Objection — object to processing based on legitimate interest
• Withdraw consent — where processing is based on consent

To exercise these rights, contact privacy@gostealth.io. We will respond within the timeframes required by applicable law.

If you are located in the EEA, UK, or Switzerland, this section applies to you.

Data controller. GoStealth is the controller of personal data collected through the Service. Contact details: privacy@gostealth.io.

Legal basis for processing. We process your personal data on the following bases:

• Contract: to provide the Service you have signed up for
• Consent: where you have given us permission (e.g., marketing emails)
• Legitimate interest: to secure the Service, prevent fraud, and improve our product
• Legal obligation: to comply with applicable law

Right to lodge a complaint. You have the right to lodge a complaint with your local supervisory authority if you believe we have not handled your data in accordance with the law.

If you are a California resident, the California Consumer Privacy Act gives you the following rights:

• Right to know what personal information we collect, use, and share
• Right to delete personal information we have collected from you
• Right to opt out of sale of your personal information
• Right to non-discrimination for exercising your CCPA rights

We do not sell your personal information as defined by the CCPA, and we have not done so in the past 12 months.

To exercise any of these rights, email privacy@gostealth.io.

The Service is not directed to children under 13 (or under 16 in jurisdictions where that is the applicable minimum age). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

GoStealth operates globally. Your information may be transferred to and processed in countries other than where you reside, including the United States. Where required, we use appropriate safeguards such as Standard Contractual Clauses to protect your data during international transfers.

We use industry-standard security measures to protect your data:

• Encryption at rest for database records
• TLS encryption for all data in transit
• Bcrypt hashing for account passwords
• SHA-256 hashing for refresh tokens
• Regular security reviews and dependency audits
• Access controls and audit logging

No system is perfectly secure. If we become aware of a security incident affecting your data, we will notify you in accordance with applicable law.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service at least 30 days before the changes take effect.

For privacy-related questions or to exercise your rights, contact us at privacy@gostealth.io.

Data Protection Officer [PLACEHOLDER]: [DPO NAME], reachable at the same email address. This entry must be reviewed before publishing.