Trust
We exist to pull your data off the broker market. We don't sell it, share it, or use it for anything other than running the opt-outs you signed up for. We collect what we need to do the job and nothing else. Below is what that means in practice.
What we promise
We will never sell your data. We will never share it with marketing partners or ad platforms. We will never use an "anonymized" or "aggregated" copy of your data for anything outside running your opt-outs. If we ever have a security incident that touches your data, we will tell you inside 72 hours — even if the law doesn't require it.
Audits and attestations
We are a small team. We have not yet completed a formal SOC 2 or ISO 27001 audit (third-party security audits, the standard checkboxes large vendors carry). We will when our customer base requires it, and we'll list the auditor and date here when it happens. If your department or organization needs vendor approval before signing, we'll walk through our practices on a call.
Who we share data with to run the service
We use Google Cloud Platform for hosting and data storage; Firebase for login; Mailgun for transactional email; Stripe for payments. That's the full list — no other vendors touch your data. We do not use third-party analytics, tracking pixels, or session replay tools on the authenticated parts of the site.
Compliance
We honor CCPA / CPRA delete requests for California residents and equivalent privacy-law deletion requests for residents of other states. We are working toward formal HIPAA compliance for healthcare-organization customers — if you're a hospital evaluating us, ask and we'll share where we are. We don't claim certifications we don't have.