How we handle your data.

Scan input data. When you run a free scan, we collect your first name, last name, city, state, and optionally your email address. This data is used solely to query data broker sites on your behalf.

Account data. If you create an account (for paid plans), we store your email address, name, and authentication credentials via our identity provider (Clerk).

Payment data. Payment information is processed and stored by Stripe. We do not store credit card numbers, bank account details, or other financial instruments on our servers.

Usage analytics. We use PostHog for privacy-first product analytics. We do not sell analytics data. Session recordings use data masking to exclude personal information.

Cookies and similar technologies. We use strictly necessary cookies for authentication and session management, and optional analytics cookies that you can disable in your browser. We do not use advertising cookies or cross-site tracking pixels.

What we never collect. We do not collect Social Security numbers, government identification numbers, financial account numbers, biometric data, health records, or the content of your messages.

We use the information we collect to:

• Run privacy exposure scans across supported data broker sites
• Generate evidence-backed reports showing where your data appears
• Submit lawful opt-out and data deletion requests on your behalf
• Monitor for re-listings and alert you when data reappears
• Process payments and manage your subscription
• Send transactional emails about your scan results, removals, and account
• Improve our service through aggregated, anonymized usage analytics

We do not use your personal information to train machine learning models. We do not sell your data. We do not share your data with advertisers.

We share your personal information only with:

• Data brokers — only the minimum information needed to identify and remove your listing (as part of the opt-out/removal process you authorized)
• Stripe — for payment processing
• Clerk — for authentication and identity management
• Resend — for transactional email delivery
• Vercel — our web hosting provider (infrastructure only)
• Cloudflare — our API and MCP server hosting provider
• Neon — our managed PostgreSQL database provider
• SerpAPI and Have I Been Pwned — for public-data signal detection and breach lookups during scans
• PostHog — for anonymized product analytics

We do not sell your personal information. We do not share it with advertisers or data brokers for marketing purposes. Each subprocessor listed above is bound by a written data processing agreement that restricts use of your data to the purposes described in this policy.

DeleteMyTrace exposes a limited, read-only set of tools via the Model Context Protocol (MCP) so that AI assistants (such as ChatGPT) can run privacy scans, list monitored data brokers, return privacy scores, and provide opt-out instructions on your behalf.

When you use DeleteMyTrace through an AI assistant:

• The AI assistant provider (e.g., OpenAI) sees the inputs you send and the tool outputs we return, subject to that provider's privacy policy
• We receive only the inputs the assistant sends us (typically first name, last name, city, state, and optionally email) to run the requested tool
• We do not log the full conversation, only the tool request and response needed for operational integrity
• Our public MCP tools are read-only — they cannot modify your account, trigger payments, or submit removals

If you invoke DeleteMyTrace through a third-party AI assistant, please also review the privacy policy of that assistant's provider.

Free scan data is retained for 30 days to allow you to review your report, then automatically deleted. Paid account data is retained for the duration of your subscription plus 90 days. Operational logs (request timestamps, error traces without PII) are retained for up to 90 days for security and troubleshooting, then deleted. You can request deletion of all your data at any time by contacting us at privacy@deletemytrace.com.

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Opt out of data sales (we do not sell data, so this is already satisfied)
• Opt out of targeted advertising (we do not do this either)
• Receive a portable copy of your data in a machine-readable format
• Lodge a complaint with your local data protection authority

California residents have additional rights under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the California DELETE Act.

EU, UK, and Swiss residents have rights under the GDPR/UK GDPR, including the right to restrict or object to processing.

To exercise any of these rights, contact us at privacy@deletemytrace.com. We will respond within 30 days (or 45 days where permitted by law). You will not be charged for exercising your rights and we will not retaliate or deny service.

DeleteMyTrace operates from the United States. If you access our services from outside the United States, your information will be transferred to, stored, and processed in the United States. For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on the Standard Contractual Clauses or other lawful transfer mechanisms to protect your data.

DeleteMyTrace is intended for use by adults aged 18 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us at privacy@deletemytrace.com and we will promptly delete it.

Our Family Add-On allows a subscribing adult to manage privacy scans for household members, including minors. The subscribing adult is responsible for having the authority to manage those members' data and for obtaining any required parental consent.

We use industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, principle-of-least-privilege for internal access, and periodic security reviews. API keys and secrets are stored in provider-managed secret stores (Cloudflare Workers Secrets, Vercel Environment Variables) and are never committed to source control.

No system is perfectly secure. If we become aware of a breach affecting your personal information, we will notify you and the appropriate regulators as required by applicable law.

We may update this policy as our services evolve or as required by law. Material changes will be announced via email to registered users and via a notice on this page for at least 30 days before taking effect. The "Last updated" date at the top of this page always reflects the most recent revision.

For questions about this privacy policy, to exercise your data rights, or to submit a privacy complaint, contact us at privacy@deletemytrace.com.

Data controller: DeleteMyTrace, California, USA.