Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Password (stored as a salted hash — we never store plaintext passwords)
• Google account identifiers if you choose to sign in with Google
• Account preferences and settings

Billing Information

If you subscribe to a paid plan, we collect:

• Payment method details (processed and stored by our third-party payment processor — we do not store full card numbers)
• Billing address
• Transaction history and invoices

Search Data

When you perform searches, whether through an account or through guest or demo access, we log or process the request details needed to provide history where available, enforce limits, prevent abuse, and audit usage:

• Search queries and query type, including guest and demo search queries, usernames, names, emails, phone numbers, addresses, domains, IP addresses, password or hash lookup terms, and other supported fields
• Search parameters, filters, and selected data sources
• Result counts, request status, timestamps, and search type
• For guest or demo searches, the query, IP address, and verification or rate-limit signals needed to operate the feature safely

Usage Data

We automatically collect:

• IP address
• Browser type and version
• Pages visited and features used
• Device information
• Approximate network, location, and locale information derived from your request

Attribution and Verification Data

We may collect first-party attribution data, including referring site, landing page, UTM parameters, and advertising click IDs, to understand how users found Fingerprint. We also use anti-abuse and verification signals, including Cloudflare Turnstile tokens, IP address, user agent, and login or password-reset attempt metadata.

• Attribution cookies expire after 30 days
• Signup attribution may be stored with your account record
• Verification data is used to prevent fraud, spam, and unauthorized access

2. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve the Fingerprint platform
• Process your search queries and deliver results
• Apply lawful-use, eligibility, rate-limit, and abuse-prevention requirements
• Maintain audit trails for compliance purposes
• Prevent abuse, fraud, and unauthorized access
• Communicate service updates and security notices
• Comply with legal obligations

We do not sell personal information to third parties, build advertising profiles, or train machine learning models on your search queries.

3. Data Sources

Fingerprint provides lookup tools that may include public web account discovery, people-search data, and breach or exposure data supplied by third-party data providers. Public web results are based on information that is publicly available online. Data-search results may include records supplied by third-party providers that identify where information appeared in known datasets.

We do not:

• Access private or password-protected accounts
• Circumvent security measures or access controls
• Hack, breach systems, or use social engineering to obtain data
• Access data that requires authentication to view

FCRA Notice: Fingerprint is not a consumer reporting agency as defined by the Fair Credit Reporting Act (FCRA). Information provided by Fingerprint does not constitute a consumer report and may not be used to determine eligibility for credit, insurance, employment, housing, or any other purpose regulated by the FCRA. For more information, see Section 2 of our Terms of Service.

4. Rights of Data Subjects (Individuals in Search Results)

If your personal information appears in Fingerprint search results and you would like it removed from Fingerprint, you may submit an opt-out request. We respect individual privacy and will process verified removal requests in a timely manner.

To request removal of your information:

• Send us a message through the contact page with the information you would like removed.

We will process verified removal requests within 30 days. Note that Fingerprint returns information from public and third-party sources — removal from Fingerprint does not remove your information from the original source.

5. Data Security

We implement the following security measures:

• Encryption in transit— all connections are encrypted between your device and our servers
• Password hashing— account passwords are stored as salted bcrypt hashes; we never store plaintext passwords
• Network isolation— the database is firewalled to accept connections only from our application server
• Access controls— internal access to data is restricted on a need-to-know basis
• Secure sessions— authentication tokens are stored hashed, scoped with httpOnly and Secure cookies, and revocable

6. Data Retention

• Account data— retained while your account is active. To request closure of your account, contact us. On closure we deactivate the account and revoke active sessions. Certain records (including email, signup metadata, and search history) may be retained where needed for platform integrity, fraud prevention, billing, dispute resolution, legal obligations, and compliance purposes, or until you specifically request deletion.
• Search history— retained with your account while the account remains active. You may request deletion of search history by contacting us through the contact page.
• Guest and demo search records— retained as needed for abuse prevention, service integrity, auditing, and legal compliance.
• Attribution data— first-party attribution cookies expire after 30 days. Signup attribution may be retained with your account record for internal measurement, fraud prevention, and support.
• Aggregated analytics— may be retained indefinitely in de-identified form.

7. Third-Party Sharing

We do not sell, rent, or trade your personal information. We may share data with:

• Service providers— infrastructure, hosting, database, payment, email, security verification, and support providers who process data on our behalf.
• Search and data providers— public web, people-search, breach-data, and other lookup providers when needed to process your searches and return results.
• Legal compliance— when required by valid legal process (subpoena, court order, or applicable law). We will notify you where legally permitted and appropriate.
• Business transfers— in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality protections.

8. Your Rights (Platform Users)

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Delete your account and request removal of personal data
• Export your data in a portable format
• Object to certain data processing activities
• Opt out of the sale or sharing of your personal information (see Section 9 below)

To exercise any of these rights, contact us.

9. State Privacy Rights (CCPA / CPRA and Other State Laws)

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or another state with applicable consumer privacy legislation, you have additional rights regarding your personal information:

• Right to know— you may request details about the categories and specific pieces of personal information we have collected about you
• Right to delete— you may request deletion of personal information we have collected, subject to certain legal exceptions
• Right to opt out— you may opt out of the “sale” or “sharing” of your personal information as defined by applicable law
• Non-discrimination— we will not discriminate against you for exercising your privacy rights

We do not sell personal information of our platform users for monetary consideration. To the extent that making search results available to other users constitutes “sharing” under applicable law, individuals whose information appears in search results may submit opt-out requests as described in Section 4 above.

To submit a verifiable consumer request, contact us with “Privacy Rights Request” in the subject line. We will respond within 45 days.

10. Cookies and Similar Technologies

We use first-party cookies and similar storage for:

• Session authentication
• Security (CSRF protection)
• User preferences
• Attribution, including referral, landing page, UTM, and click ID data

We do not use third-party advertising cookies.

11. International Data Transfers

If you access our service from outside the United States, your data may be transferred to and processed in the United States. We use appropriate safeguards for such transfers where required by applicable law.

12. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 or allow anyone under 18 to register or use the Service, including guest or demo searches. If we become aware that we have collected personal information from a minor without appropriate parental or guardian consent, we will take steps to delete that information promptly.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us so that we can take appropriate action to remove that information from our systems.

We do not knowingly solicit data from, market to, or allow use by anyone under 18. If you are under 18, do not use the Service or provide any personal information to us.

13. Governing Law

This Privacy Policy is governed by the laws of the State of Wyoming, United States, consistent with our Terms of Service.

14. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or a prominent notice on our platform where required or appropriate. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

15. Contact

For privacy-related questions or requests, use the contact page.