Privacy Policy

1. Introduction

Delist.ai ("we," "us," "our") is a data broker scanning and removal service. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website and services at https://delist.ai.

We built Delist.ai to protect your privacy — and we hold ourselves to the same standard.

2. Information We Collect

Information you provide

• Name, city, and state (required for scanning)
• Phone numbers, email addresses (optional, improves scan accuracy)
• Birth year (optional, for identity verification)
• Home addresses (optional, for exposure scanning)
• Payment information (processed by Stripe — we never store card numbers)

Information collected automatically

• Basic usage analytics via Plausible (a cookie-free, privacy-first analytics platform)
• No personal data is collected by our analytics
• No tracking cookies are set
• No third-party advertising trackers are used

3. How We Use Your Information

• To scan data broker and people-search sites for your personal information
• To submit opt-out and removal requests on your behalf
• To monitor for re-listings of your data
• To send you scan results, removal updates, and account notifications
• To process payments for subscription services

We do NOT use your information for:

• Advertising or marketing to third parties
• Building profiles or behavioral tracking
• Selling, licensing, or sharing with data brokers or any third party
• Training AI models or machine learning systems

4. How We Protect Your Information

Encryption at rest: Your personal information is encrypted using AES-256-GCM before being stored in our database. It is stored as encrypted binary data — even with direct database access, your information would be unreadable.

Temporary decryption: When running a scan or submitting a removal, your data is decrypted momentarily in memory, used for the specific operation, and immediately discarded. It never persists as plaintext on disk.

Encryption in transit: All data transmitted between your browser and our servers is encrypted via TLS.

Access controls: Database access is restricted to localhost only. No external connections are accepted. Our infrastructure uses strict access controls and automated security updates.

No human access: The entire scan and removal process is fully automated. No employee, contractor, or support agent has access to your personal information.

5. Browser Extension ("Spam Analyzer")

Our Chrome extension allows users to check suspicious text, links, and webpages for phishing, scams, and social engineering threats. This section describes the extension's data practices specifically.

What the extension sends

• When you right-click selected text and choose "Spam Analyzer", the selected text and the page URL are sent to our API for analysis.
• When you right-click a link, the link URL is sent to our API for analysis.
• When you click "Analyze current page," the visible text content of the page (up to 8,000 characters) and the page URL are sent to our API for analysis.

What the extension does NOT do

• Does not run on any page unless you explicitly trigger an analysis
• Does not read your browsing history
• Does not collect emails, passwords, form inputs, or keystrokes
• Does not track which websites you visit
• Does not send any data in the background without your action
• Does not use cookies or tracking identifiers

Local storage

• Analysis history (verdict, threat level, summary, and timestamp) is stored locally in your browser only. It is never sent to our servers.
• A one-time onboarding flag is stored locally to remember that you've seen the welcome screen.

Permissions

• contextMenus: To add the right-click "Spam Analyzer" menu items.
• activeTab: To read the current page text only when you click "Analyze current page."
• scripting: To extract page text when you explicitly request page analysis.
• storage: To save your local analysis history in the browser.

6. Data Sharing

We share your information only in the following limited circumstances:

• With data broker sites, solely to submit opt-out requests on your behalf (this is the core service)
• With Stripe, to process payments (Stripe handles all payment data under their own privacy policy)
• With Mailgun, to send transactional emails (scan results, removal updates, account notifications)
• If required by law, court order, or legal process

We never share your data with advertisers, analytics companies, data brokers (except for removal requests), or any other third party.

7. Data Retention

• Active accounts: Your encrypted profile and scan history are retained while your account is active.
• Free scans: Anonymous scan results are retained for 24 hours, then automatically deleted.
• Account deletion: When you delete your account, we permanently destroy your encrypted profile, all scan history, removal records, and associated data. There is no retention period.
• Payment records: Transaction records required for tax and accounting purposes are retained as required by law.

8. Your Rights

You have the right to:

• Access your personal information (viewable in your dashboard)
• Correct inaccurate information (editable in your profile settings)
• Delete your account and all associated data (available in dashboard settings)
• Opt out of marketing emails (we don't send marketing emails — only transactional notifications)

If you are a California resident, you have additional rights under the CCPA, including the right to know what personal information we collect and the right to request deletion. To exercise these rights, contact us at privacy@delist.ai.

9. Cookies

We do not use cookies. Our analytics platform (Plausible) is fully cookie-free and collects no personal data. Session authentication uses secure, httpOnly tokens — not tracking cookies.

10. Children's Privacy

Delist.ai is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us at privacy@delist.ai and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page. Your continued use of the service after changes constitutes acceptance.

12. Contact

For questions about this Privacy Policy or our data practices:

• Email: privacy@delist.ai
• General support: support@delist.ai