← Back to Home

Privacy Policy

Last Updated: January 2025 | Effective Date: [INSERT_DATE]

1. Introduction & Scope

TraxinteL, Inc. ("Company," "we," "us," "our") is committed to protecting your privacy and ensuring transparency in how we collect, process, store, and safeguard your personal information. This Privacy Policy explains our data practices and your rights under the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

This policy applies to all users of TraxinteL.com (the "Service"), regardless of jurisdiction. If you are a resident of the European Union, United Kingdom, or California, specific provisions of this policy apply to you (see Sections 16-17).

2. Data Controller & Responsible Parties

Data Controller (GDPR): TraxinteL, Inc., a New York corporation, is the Data Controller responsible for processing your personal data.

Contact Information:

TraxinteL, Inc.
Privacy & Data Protection Team
Email: [email protected]
Data Protection Officer: [INSERT_DPO_NAME & EMAIL]
[INSERT_PHYSICAL_ADDRESS]
[INSERT_PHONE_NUMBER]

Subprocessors & Vendors: We partner with the following vendors who process your data on our behalf:

  • Amazon Web Services (AWS): Cloud hosting, data storage, and processing
  • Stripe, Inc.: Payment processing and billing
  • Resend: Transactional email delivery
  • Vercel Analytics: Anonymous, GDPR-compliant usage analytics

All subprocessors comply with GDPR Standard Contractual Clauses (SCCs) and maintain appropriate security standards.

3. Information We Collect

3.1 Information You Provide Directly

  • Account Information: Full name, email address, password (hashed), phone number (optional)
  • Search Data (Target Information): Photographs, names, usernames, email addresses, phone numbers, social media handles, biographical details, dates of birth, notes, and contextual clues
  • Supporting Documents: Screenshots, identification documents, correspondence, or other evidence uploaded for investigation context
  • Payment Information: Billing address, payment method (processed by Stripe; we do not store full card details)
  • Communication Data: Support emails, feedback, complaints, or inquiries
  • Profile Data: Age, gender, relationship to Target, reason for search, professional affiliation

3.2 Information Automatically Collected

  • Internet Protocol (IP) Address: Your device's IP address for security and fraud prevention
  • Device & Browser Information: Operating system, browser type, device model, unique device identifiers
  • Usage Data: Pages visited, time spent on each page, clicks, searches performed, reports generated
  • Session Cookies: Temporary identifiers for authentication and session management
  • Login & Access Logs: Timestamps of login attempts, successful logins, account access, and data changes
  • Geolocation Data: Approximate location derived from IP address (city/region level, not precise GPS)

3.3 Third-Party Data (Limited)

We do not purchase or source personal data from data brokers. However, we may receive information from:

  • Public records and databases (for Target information)
  • Social media platforms (via public APIs when available)
  • Publicly indexed web content
  • Third-party fraud detection services

3.4 Automated Processing & AI/ML

We use machine learning algorithms and automated decision-making systems for:

  • Confidence Scoring: Algorithmic matching of search results with Target identities
  • Fraud Detection: Automated flags for suspicious account activity or searches
  • Result Ranking: ML-based prioritization of findings by relevance and confidence
  • Duplicate Detection: Identifying potential duplicate profiles or accounts

You have the right to request human review of any automated decisions affecting you (see Section 16 - GDPR Rights).

4. Legal Basis for Processing (GDPR)

We process your personal data under the following GDPR legal bases (Articles 6 & 9):

  • Contract (Article 6(1)(b)): Processing necessary to fulfill your account and service agreement
  • Consent (Article 6(1)(a)): You consent when you provide search data, create an account, or check consent checkboxes
  • Legitimate Interest (Article 6(1)(f)): Security, fraud prevention, preventing abuse, system improvements
  • Legal Obligation (Article 6(1)(c)): Compliance with tax laws, payment regulations, law enforcement requests
  • Vital Interests (Article 6(1)(d)): Protection of life or safety in emergencies

For sensitive data (biometric data, if any), we rely on your explicit consent and legitimate interests in security.

5. How We Use Your Data

5.1 Service Delivery

  • Creating and managing your account
  • Processing search requests and Target information
  • Generating investigation reports and findings
  • Delivering monitoring alerts and notifications
  • Updating your dashboard and investigation history

5.2 Payment & Billing

  • Processing payments and subscription renewals
  • Billing and invoice generation
  • Fraud detection and payment verification
  • Refund processing and dispute resolution

5.3 Customer Support & Communication

  • Responding to support inquiries
  • Technical assistance and troubleshooting
  • Sending account notifications and updates
  • Service announcements and policy updates

5.4 Security & Fraud Prevention

  • Detecting and preventing unauthorized access
  • Monitoring for suspicious or abusive activity
  • Preventing fraud, money laundering, and identity theft
  • Investigating and responding to security incidents
  • Implementing and testing security measures

5.5 Service Improvement & Analytics

  • Analyzing usage patterns (anonymized)
  • Improving search accuracy and result relevance
  • Identifying service issues and bugs
  • A/B testing and feature optimization
  • Aggregate statistical analysis (no individual tracking)

5.6 Legal & Regulatory Compliance

  • Responding to lawful government requests (with legal review)
  • Tax reporting and financial record-keeping
  • Compliance with GDPR, CCPA, and privacy laws
  • Protecting against legal liability and claims

5.7 What We Do NOT Do

  • We do NOT sell your data to third parties for marketing or profit
  • We do NOT use your data for behavioral profiling or advertising
  • We do NOT contact or notify Targets about searches
  • We do NOT combine your data with other companies' databases (except subprocessors)
  • We do NOT use data for political profiling, discrimination, or surveillance

6. Data Retention Schedule

We retain personal data only as long as necessary for the purposes listed in Section 5. Specific retention periods:

  • Account Data: Retained while your account is active. Deleted 90 days after account closure (GDPR compliance period for requests).
  • Deep Search Data (Target Information & Reports): Retained for 6 months from the date of search. Deleted thereafter unless you request extension or save the report offline.
  • Continuous Monitoring Data: Retained while your subscription is active, plus 30 days after cancellation. Deleted thereafter.
  • Payment Information: Retained by Stripe for minimum 3-7 years per PCI-DSS and tax regulations. Card data is never stored by us (Stripe stores tokenized references only).
  • Login & Security Logs: Retained for 90 days, then deleted.
  • Analytics Data: Anonymized and aggregated; retained indefinitely.
  • Legal/Law Enforcement Requests: Retained as required by law, typically 1-3 years.
  • Backups: Encrypted backups may be retained for up to 30 days for disaster recovery; then deleted.

You may request deletion of your data at any time, and we will honor requests within 24-48 hours unless legally required to retain it.

7. Data Protection & Security Measures

We implement industry-standard security controls to protect your personal data:

  • Encryption at Rest: AES-256 encryption for all stored data in our databases and cloud infrastructure
  • Encryption in Transit: TLS 1.3+ encryption for all data transmitted between your device and our servers
  • Password Security: Passwords are hashed using bcrypt with salt; we never store plaintext passwords
  • Access Controls: Strict role-based access; employees access only data necessary for their role
  • Multi-Factor Authentication (MFA): Available for additional account security
  • Data Isolation: Each user's data is isolated and not accessible to other users
  • Audit Logging: All data access is logged and monitored for suspicious activity
  • Intrusion Detection: Automated detection of unauthorized access attempts
  • Regular Security Audits: Third-party penetration testing and vulnerability assessments
  • Incident Response Plan: Protocol for detecting and responding to data breaches within 24 hours

Data Breach Notification: If a security breach occurs, we will notify affected users and authorities within 72 hours as required by GDPR.

8. Data Sharing & Subprocessors

General Principle: We do NOT sell, rent, or share your personal data with third parties for marketing or profit.

Data Sharing ONLY Occurs For:

  • Subprocessors: Service providers (AWS, Stripe, Resend, Vercel) who process data under strict Data Processing Agreements (DPAs) compliant with GDPR Article 28.
  • Legal Compliance: Law enforcement or government agencies (only with valid warrant, court order, or subpoena; we will challenge overly broad requests).
  • Business Transfers: In the event of merger, acquisition, or bankruptcy, data may be transferred as part of business assets (with prior notice to you).
  • Your Consent: When you explicitly authorize us to share data with a third party.

8.1 Subprocessor Details

Amazon Web Services (AWS): Cloud infrastructure provider. Your data is encrypted in transit and at rest. AWS is certified under AWS Data Protection Addendum (DPA).

Stripe, Inc.: Payment processor. Payment card data is handled by Stripe only; we receive tokenized references. Stripe maintains PCI-DSS Level 1 compliance.

Resend: Email service provider for transactional emails (password resets, confirmations). Data is not retained beyond email delivery.

Vercel Analytics: Privacy-friendly analytics (no cookies, no user tracking). Data is anonymized and aggregated.

9. International Data Transfers

If you are located in the EU/EEA or UK, your data may be transferred to the United States or other countries for processing. These transfers are made under the following safeguards:

  • Standard Contractual Clauses (SCCs): All data transfers are governed by GDPR-approved SCCs between FindThemOnline and its subprocessors.
  • Encryption & Data Minimization: Data is encrypted before transfer; only minimum necessary data is transferred.
  • Supplementary Measures: We evaluate additional safeguards (encryption, access controls) to ensure adequate protection.

You have the right to challenge international transfers if you believe they violate GDPR. Contact us for a copy of our SCCs.

10. Cookies & Tracking Technologies

We use minimal, privacy-friendly cookies:

  • Essential Cookies: Required for login sessions, CSRF protection, and basic functionality. No user consent required.
  • Analytics Cookies: Anonymized usage data (via Vercel Analytics). You can opt-out without impacting functionality.
  • No Advertising Cookies: We do NOT use cookies for behavioral tracking, profiling, or third-party ads.

You can disable cookies via browser settings, though this may impact Service functionality. We respect Do Not Track (DNT) headers.

11. Third-Party Links & Services

The Service may contain links to third-party websites (social media, public records databases, etc.). This Privacy Policy does NOT cover third-party services. We recommend reviewing their privacy policies before providing your information.

12. Children's Privacy (COPPA)

The Service is intended for users 18 and older. We do NOT knowingly collect personal data from children under 18. If we discover that we have collected data from a minor, we will delete it immediately.

Parents or guardians who believe we have collected data from a minor should contact [email protected] immediately.

13. Policy Updates

We may update this Privacy Policy to reflect new features, technologies, or legal requirements. Material changes will be posted on this page with 30 days' notice. Your continued use of the Service constitutes acceptance of updated policies.

14. Contact & Data Requests

For privacy questions, concerns, or to exercise your rights:

TraxinteL, Inc.
Privacy & Data Protection Team
Email: [email protected]
[INSERT_PHYSICAL_ADDRESS]
[INSERT_PHONE_NUMBER]

We will respond to all requests within 24-48 hours.

15. Complaint & Escalation

If you believe your privacy rights have been violated, you may:

  • Contact us at [email protected] to resolve informally
  • Lodge a formal complaint with your national Data Protection Authority (see Section 16 for EU/UK contacts)
  • Pursue legal action in your jurisdiction

16. GDPR Rights (EU, UK, EEA Users)

If you are located in the European Union, United Kingdom, or European Economic Area, you have the following rights under GDPR Articles 12-22:

16.1 Right of Access (Article 15)

You have the right to request a copy of all personal data we hold about you, including how it is processed and your lawful basis for processing.

16.2 Right to Correction (Article 16)

You have the right to request correction of inaccurate, incomplete, or misleading data. You can update most of your information via your account dashboard.

16.3 Right to Erasure (Article 17) - "Right to be Forgotten"

You have the right to request deletion of your personal data in the following circumstances:

  • Data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and no other legal basis exists
  • You object to processing and no compelling legitimate interest exists
  • Data has been unlawfully processed
  • You are a child and data was collected based on consent

Exceptions: We may retain data if required by law, for legal claims, or for public interest purposes.

16.4 Right to Restrict Processing (Article 18)

You have the right to restrict processing of your data while you contest its accuracy, object to processing, or await our determination.

16.5 Right to Data Portability (Article 20)

You have the right to receive your data in a structured, commonly used, machine-readable format (CSV, JSON) and to transmit it to another organization.

16.6 Right to Object (Article 21)

You have the right to object to processing based on our legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate interests or legal obligations.

16.7 Rights Related to Automated Decision-Making (Article 22)

You have the right to request human review of automated decisions (confidence scoring, fraud flags) that significantly affect you. You may request explanation of the logic, significance, and consequences of automated processing.

16.8 Withdrawal of Consent (Article 7)

Where we rely on your consent for processing, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of past processing.

16.9 How to Exercise GDPR Rights

To exercise any GDPR right, submit a request to:

[email protected]
Subject: "GDPR Right Request: [Type of Right]"

Include:

  • Your full name and email address associated with your account
  • Specific right you are exercising
  • Details of the request
  • Your signature or electronic confirmation

We will respond within 30 days (or 90 days for complex requests). We may request proof of identity to prevent unauthorized access.

16.10 Right to Lodge a Complaint

You have the right to lodge a complaint with your national Data Protection Authority:

  • EU: Your country's Data Protection Authority (DPA)
  • UK: Information Commissioner's Office (ICO) at ico.org.uk
  • EEA: Your country's relevant data protection authority

17. CCPA Rights (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

17.1 Right to Know (CCPA § 1798.100)

You have the right to request what personal information we collect, the purposes, and the sources. We will provide this information within 45 days.

17.2 Right to Delete (CCPA § 1798.105)

You have the right to request deletion of personal information we have collected about you, with limited exceptions (legal compliance, contractual necessity, etc.).

17.3 Right to Opt-Out of Sale or Sharing (CCPA § 1798.120)

You have the right to opt-out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. FindThemOnline does NOT sell your personal information. We do not engage in behavioral advertising or third-party marketing.

17.4 Right to Correct (CCPA § 1798.106)

You have the right to request correction of inaccurate personal information.

17.5 Right to Limit Use & Disclosure (CCPA § 1798.121)

You have the right to limit how we use your personal information to only what is necessary to provide the Service.

17.6 Right to Non-Discrimination (CCPA § 1798.125)

We will not deny you goods or services, charge different prices, or provide different quality of service based on your exercise of CCPA rights.

17.7 How to Exercise CCPA Rights

To exercise your CCPA rights, submit a request to:

[email protected]
Subject: "CCPA Rights Request"

Include your name, email, and specific right you are requesting. We will respond within 45 days.

17.8 Authorized Agent

You may authorize an agent to submit CCPA requests on your behalf. The agent must have power of attorney or written authorization, and we may verify the authorization.