Scanning your connection...
Default PrivacyDefault Privacy
Transparency Report

What we hold, where it lives, and who else can see it.

Everything we store about you, every third party we send it through, and how we respond when law enforcement asks for it. One page. No marketing language.

Report date: May 20, 2026

Operational snapshot

  • Warrant canaryCurrent
  • Government requests fulfilled0
  • Confirmed data breaches0
  • Ad / analytics trackingNone

Warrant Canary

What is true today

The statements below are kept current. Some categories of legal order can prevent us from updating them — that is why the absence of an update is itself the signal.

Current

As of May 20, 2026

As of May 20, 2026, none of the assertions below have changed. If this section ever stops updating, treat the silence as the message and seek independent confirmation before relying on the older statements.

We have not received a National Security Letter.
We have not received a gag order preventing us from acknowledging legal process for customer data.
We have not been compelled to add government monitoring or interception code to our systems.
We have not confirmed an intrusion that exposed stored customer data.

In plain language

A warrant canary is a way to tell you something has changed when a court order says we can't say so directly. If a statement above ever disappears without explanation, treat the absence as the answer.

This is separate from the records we keep to register your LLC. Forming a company requires real name and address information that we retain and that we will produce in response to valid legal process. For details on what that means in practice, read the Privacy Policy.

Business Model

We charge for services. We do not sell data about you.

Most free privacy tools pay for themselves by selling what they learn about the people using them. We don't. The free tools on this site exist so you can use them without becoming the product. Paid services cover the cost of running the company.

Free Tools

No account required. Each tool's data handling is listed below in the exposure surface table.

Paid Services

LLC formation, data removal, audits, and concierge programs. Listed prices, no hidden upsell.

Customer Data

Your account exists so you can use our services. It is not bundled, scored, or sold to data brokers.

At a Glance

Headline numbers

Detailed retention and processor disclosures are below.

Government requests fulfilled

0

We will challenge requests we believe are overbroad.

Customer records disclosed

0

Confirmed breaches

0

Ad / tracking pixels

None

No Google Analytics, Facebook Pixel, or LinkedIn Insight.

Data Practices

Retention schedule

Neon Postgres holds the records below unless another store is named. Payment data lives with Stripe.

Data inventory

What we store, how long it lives, and which processor holds it when it isn't our database.

Data typeWhere it livesRetention
Account identifiers (email, optional DERO address)NeonUntil you delete your account.
Login sessionsNeonUntil logout or scheduled rotation.
Magic link tokensNeonRoughly 15 minutes, then expired.
Passkey credentialsNeonUntil you delete your account.
LLC formation recordsNeonRetained for legal and regulatory recordkeeping.
Paid privacy audit resultsNeon72-hour rolling window, then deleted.
Privacy scanner results (public tool)NeonUp to 48 hours, then deleted.
AI assistant conversationsNeonRolling 7-day cleanup.
Stripe link + billing metadataNeon + StripeLinked to your account until deletion. Card and bank details live with Stripe per their policy.
Public tools directoryNeonRetained indefinitely. Reference material, no personal data.

Trust Model

Where the limits actually sit

We sell privacy, but trust requires saying out loud where the architecture ends and legal process resumes.

Public tools

What each tool exposes

None

Browser Exposure

Runs entirely in your browser. Location lookups use ipapi.co; results are not stored.

None

Password Check

Runs in your browser using k-anonymity. Only a partial hash leaves your device.

None

DNS Leak Test

Runs entirely in your browser. We never see the result.

None

Threat Model

Runs in your browser. Your answers stay on your device.

Brief

Metadata Stripper

Your file is processed in memory and discarded as soon as the cleaned copy is returned.

Cached

Privacy Scanner

The URL you submit and its results are cached for up to 48 hours, then deleted.

Transient

Email Security / WHOIS

The address or domain you submit is used to run the lookup and is not retained as a profile.

None

Tools Directory

No personal profile. Routine searches are not logged for marketing.

Paid formation

Anonymous LLCs are architectural, not cryptographic

Forming an LLC is legal work, not encryption. State registries require a real person on file. Anonymous LLC structures keep your name off the public registry where state law allows — but we hold the records needed to respond to regulators, banks, and lawful court orders.

What we hold

  • The legal name and address required to file your LLC
  • Stripe billing records linked to your account

What stays off public filings

  • Member and manager names on state filings where law allows substitution
  • Your home address — we list the registered agent address instead

Dependencies

Every third party we use

These companies see some of your data while doing their job. We list them here so nothing about the stack is hidden.

Operational processors

A short summary of each. We can provide a full DPIA or SOC report on request for diligence work.

Infrastructure

Hosting
Bare-metal VPS we operate. Application and routing logs rotate on a fixed schedule.
Neon
Our database host. Data is encrypted at rest. Neon has provider-level access and can be served with legal process directly.
Stripe
Payments. Card and bank account details live with Stripe; we store only the link to your Stripe customer record.

Feature-plane services

ipapi.co
Maps your IP to a coarse city/region for the Exposure tool. Your browser calls them directly — we don't proxy it.
OpenStreetMap
Map tiles for the Exposure tool. No tracking pixels.
Venice.ai
Powers AI-assisted features when you enable them. Your prompts leave our servers for inference.
Resend
Sends magic-link login emails only. No marketing campaigns run through this.
Have I Been Pwned
Checks whether your password or email appears in known breaches using k-anonymity. Only a partial hash is sent.

We don't run Google Analytics, Facebook Pixel, or LinkedIn Insight. If that ever changes, this page is updated before the new tracking script ships.

Tools directory sources

The open community lists we started from. Each links back to the original so you can review the upstream.

Awesome Privacy
Community-curated privacy tool inventory
KYCnot.me
Merchants reviewed for KYC posture — informs our crypto coverage
DuckDuckGo Favicon Proxy
Loads website favicons without calling Google's servers

Things we will never do

What we don't build is part of the product. Listing it makes the boundary public.

  • Sell customer data to anyone
  • Use persistent advertising identifiers
  • Run hidden session recording
  • Share customer profiles with ad networks
  • Keep permanent IP logs for behavioral scoring
  • Require social login (Google / Facebook) by default
  • Require a phone number to sign in
  • Add tracking scripts not disclosed here

Incident playbook

No system is perfect. If we ever have a material breach, the following commitments take effect.

  1. 1.Notify affected accounts within 72 hours of confirming the scope.
  2. 2.Publish what happened, what was exposed, and when — in plain language.
  3. 3.Coordinate with Stripe and other processors if billing data was affected.
  4. 4.Publish a post-incident report showing what we changed in response.
  5. 5.Prevent the same failure from happening again — not just write an apology.
No active breach on record
Report a concern