Privacy Policy

1. Introduction

Delist.ai ("we," "us," "our") is a privacy removal service. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website and services at https://delist.ai.

We built Delist.ai to protect your privacy — and we hold ourselves to the same standard.

2. Information We Collect

Information you provide

• Name, city, and state (required for scanning)
• Phone numbers, email addresses (optional, improves scan accuracy)
• Birth year (optional, for identity verification)
• Home addresses (optional, for exposure scanning)
• Payment information (processed by Stripe — we never store card numbers)

Information collected automatically

• Basic usage analytics collected first-party — cookie-free, with no third-party analytics platform
• No personal data is collected by our analytics
• No tracking cookies are set
• No third-party advertising trackers are used

3. How We Use Your Information

• To scan data broker and people-search sites for your personal information
• To submit opt-out and removal requests on your behalf
• To monitor for re-listings of your data
• To send you scan results, removal updates, and account notifications
• To process payments for subscription services

We do NOT use your information for:

• Advertising or marketing to third parties
• Building profiles or behavioral tracking
• Selling, licensing, or sharing with data brokers or any third party
• Training AI models or machine learning systems

4. How We Protect Your Information

Encryption at rest: Your personal information is encrypted using AES-256-GCM before being stored in our database. It is stored as encrypted binary data — even with direct database access, your information would be unreadable.

Temporary decryption: When running a scan or submitting a removal, your data is decrypted momentarily in memory, used for the specific operation, and immediately discarded. It never persists as plaintext on disk.

Encryption in transit: All data transmitted between your browser and our servers is encrypted via TLS.

Access controls: Database access is restricted to localhost only. No external connections are accepted. Our infrastructure uses strict access controls and automated security updates.

Automated processing: The scan and removal process is automated, so your data is decrypted only in memory for the job at hand and never browsed casually. Access to systems that touch your information is tightly limited to the people who keep the service running.

5. Browser Extension ("Spam Analyzer")

Our Chrome extension allows users to check suspicious text, links, and webpages for phishing, scams, and social engineering threats. This section describes the extension's data practices specifically.

What the extension sends

• When you right-click selected text and choose "Spam Analyzer", the selected text and the page URL are sent to our API for analysis.
• When you right-click a link, the link URL is sent to our API for analysis.
• When you click "Analyze current page," the visible text content of the page (up to 8,000 characters) and the page URL are sent to our API for analysis.

What the extension does NOT do

• Does not run on any page unless you explicitly trigger an analysis
• Does not read your browsing history
• Does not collect emails, passwords, form inputs, or keystrokes
• Does not track which websites you visit
• Does not send any data in the background without your action
• Does not use cookies or tracking identifiers

Local storage

• Analysis history (verdict, threat level, summary, and timestamp) is stored locally in your browser only. It is never sent to our servers.
• A one-time onboarding flag is stored locally to remember that you've seen the welcome screen.

Permissions

• contextMenus: To add the right-click "Spam Analyzer" menu items.
• activeTab: To read the current page text only when you click "Analyze current page."
• scripting: To extract page text when you explicitly request page analysis.
• storage: To save your local analysis history in the browser.

6. Data Sharing

We share your information only in the following limited circumstances:

• With data brokers and people-search sites, solely to submit removal requests on your behalf (this is the core service)
• With Stripe, to process payments (Stripe handles all payment data under their own privacy policy)
• With Mailgun, to send transactional emails (scan results, removal updates, account notifications)
• If required by law, court order, or legal process

We never share your data with advertisers, analytics companies, data brokers (except for removal requests), or any other third party.

7. Data Retention

• Active accounts: Your encrypted profile and scan history are retained while your account is active.
• Free scans: The details you enter for a free scan (name, email, phone, and location) and the scan results are encrypted at rest and automatically deleted within 24 hours if you don't create an account or subscribe.
• Paid removals: If you subscribe, the information needed to file and verify opt-out requests is retained, encrypted, for as long as your subscription is active — so we can keep removing your data and catch re-listings. You can delete it any time from your dashboard.
• Account deletion: When you delete your account, we permanently destroy your encrypted profile, all scan history, removal records, and associated data. There is no retention period.
• Payment records: Transaction records required for tax and accounting purposes are retained as required by law.

8. Your Rights

You have the right to:

• Access your personal information (viewable in your dashboard)
• Correct inaccurate information (editable in your profile settings)
• Delete your account and all associated data (available in dashboard settings)
• Opt out of marketing emails (we don't send marketing emails — only transactional notifications)

Depending on your state of residence, you may have additional rights under state privacy laws. Contact us at privacy@delist.ai to exercise them.

9. Cookies

We do not use cookies. Our usage analytics are first-party and fully cookie-free, collect no personal data, and rely on no third-party analytics platform. Session authentication uses secure, httpOnly tokens — not tracking cookies.

10. Children's Privacy

Delist.ai is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us at privacy@delist.ai and we will delete it promptly.

11. Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of that transaction as permitted by law and/or contract. In such event, we will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page. Your continued use of the service after changes constitutes acceptance.

13. Contact

For questions about this Privacy Policy or our data practices:

• Email: privacy@delist.ai
• General support: support@delist.ai