Privacy Policy

Redact (redact.dev) is a privacy company. We believe the tools you use to protect your privacy shouldn't compromise it. That principle guides every decision we make about your data.

This privacy policy describes how Redact Holdings, Inc. ("Redact", "redact.dev", "we", "us", "our") collects, uses, and handles the information you ("the user", "you", "your") provide to us. This policy is effective as of March 10, 2026, and was last updated on March 10, 2026. We review and update this policy at least once every twelve months.

What we collect and why

If you use Redact for free

• Email address - to create and manage your account, and to communicate with you about the service
• Ad click information (optional) - if you arrived via an ad, which ad you clicked (see Advertising below), used solely to measure advertising effectiveness

If you pay for Redact

Everything listed above, plus:

• Billing information - collected and processed directly by our payment processors (see Payment services we use); we do not receive or store your full payment card or bank details

If you use the Databroker Removal or OSINT Scan features

If you choose to use these features, their functionality necessitates the Redact application submitting your information to various data brokers and breach detection services to determine your exposure. As such, you may have to temporarily provide access to us, so that we can scan and remove your information in a extremely limited fashion as defined below in the "How Redact Works" section. This may include your:

• Full name
• Usernames
• Email addresses
• Current and past addresses
• Phone numbers
• Year of birth
• Names of relations

How Redact works

Redact provides three main services. Each one handles your data differently:

1. Social Media & Messaging Deletion

Redact is a program you install on your device (desktop or mobile) that works as a modified web browser. You log in to services like social media websites through this program. Your login credentials, message content, and other identifying information are private between you and the service you log in to. Redact's servers NEVER see this information, nor is any infrastructure in place to capture such data. The only data sent to Redact is anonymized usage information and crash/debugging data.

2. Databroker Removals

Redact automates removing your information from "databroker" or "people finder" websites. You enter your personal information into the program, and it contacts various databrokers to check if your data is listed. If it is, the Redact program attempts to complete the opt-out process on your behalf, directly on your device.

Some databrokers require email confirmation to complete a removal. In these cases, Redact's servers will temporarily process the incoming confirmation email so the program can complete the deletion automatically. This email access is used for no other purpose, is encrypted at rest, and exists solely to click confirmation links when a databroker requires it.

3. OSINT & Breach Scanning

Redact integrates with third-party tools and providers to show you where your data may be exposed. For example, if you provide your email address, Redact will query various services to check for exposed information.

In some cases, the request must be authenticated and paid for by Redact, which means our servers will temporarily receive the results. When this happens, Redact encrypts the data, relays it to your device, and then deletes the relayed data from our servers/services. This only occurs for services where it is technically required. Redact does not use, read, or retain any of this information beyond the moment of delivery. This is also limited to the specific queries you send.

Advertising

Redact advertises on platforms like Google Search and Reddit to attract new users. When we advertise, we use tracking links to determine whether an ad is working.

(for example: redact.dev/?source=reddit&keyword=delete)

When you click an Advertisement that Redact placed or purchased on a third party platform, we set a cookie indicating that you came from that ad. If you later purchase Redact, we use this cookie to determine that the sale resulted from the ad click. Our use of this information is as minimal as possible. We do not share any of your personal information with advertising platforms, analytics providers, or any other third parties for advertising purposes.

What we do not do

We want to be explicit:

• We do not sell your personal information. In addition, we have never sold personal information in the past, and we have no plans to ever do so.
• We do not share your personal information for cross-context behavioral advertising.
• We do not share, view, or have access to your passwords or messages, posts, or DMs. Ever.
• We do not share your information with advertising platforms.

What we share

We share your data only in the following limited circumstances:

• To perform the services you requested - carrying out databroker removals and OSINT scans involves the Redact application submitting your information to the sites we're removing you from or scanning against and sometimes approving or clicking confirmation emails. Their usage of this data is governed by their own privacy policies.
• With our payment processors - to process payments and prevent fraud (see Payment services we use).
• If required by law - we will comply with valid legal process, such as a subpoena or court order.

We do not sell, rent, or trade your personal information to third parties.

How long we keep your data

• Account information (email address): retained for as long as your account is active, and deleted when you delete your account.
• Billing and payment records: retained as required for tax, legal, and accounting purposes.
• Databroker removal and OSINT scan data: processed temporarily and destroyed immediately after the removal or scan is complete. Not retained.
• Confirmation emails processed for databroker removals: processed temporarily, encrypted at rest, and deleted after the confirmation is complete.
• Crash and debugging data: retained for as long as necessary to diagnose and resolve issues, then deleted.
• Communications you send us (support emails, etc.): retained indefinitely for record-keeping.

How we protect your data

We use industry-standard security measures to protect your data, including encryption at rest and in transit. Data that passes through our servers for databroker removals and OSINT scanning is encrypted and destroyed after processing.

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Your rights

Depending on where you live, you may have specific legal rights regarding your personal information. We respect these rights. You may:

• Access - request a copy of the personal information we hold about you.
• Correct - request that we correct inaccurate personal information.
• Delete - request that we delete your personal information. When you delete your account, we immediately remove the information you provided from our active systems. Payment records and emails you've sent to us may be retained as described above.
• Portability - request a copy of your data in a commonly used, machine-readable format.
• Opt out - opt out of the sale or sharing of your personal information. We do not sell or share your personal information, so there is nothing to opt out of, but we honor this right in principle and will comply if our practices ever change.
• Limit use of sensitive information - request that we limit how we use sensitive personal information. The sensitive data you provide for databroker and OSINT features is already used only for the specific purpose you requested and is not retained.

To exercise any of these rights, email us at privacy@redact.dev. We will respond to verifiable requests within 45 days. If we need more time, we will let you know.

We will never discriminate against you for exercising your privacy rights. We will not deny you service, charge you a different price, or provide you with a different level of service because you exercised any of the rights listed above.

Cookies

Redact uses cookies only in the following limited ways:

• Essential operation cookies - we use cookies necessary for the basic operation of the program, such as keeping you logged in to your account.
• Ad attribution cookie - if you arrive via an ad, we set a first-party cookie to record which ad you clicked. This cookie expires after 90 days.

We do not use third-party tracking cookies, analytics cookies, or any cookies for behavioral advertising. We do not participate in cross-site tracking.

Children's privacy

Redact is not directed at children under the age of 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@redact.dev.

Payment services we use

Apple (App Store) - If you purchase Redact through the Apple App Store, Apple processes your payment. Apple collects your billing information directly and does not share your full payment details with us. Apple's use of your data is governed by Apple's Privacy Policy.

Google (Google Play) - If you purchase Redact through the Google Play Store, Google processes your payment. Google collects your billing information directly and does not share your full payment details with us. Google's use of your data is governed by Google's Privacy Policy.

Stripe - If you purchase Redact through our website, Stripe may process your payment. Stripe collects your billing information directly and does not share your full payment card or bank details with us. Stripe may provide us with antifraud information such as risk scores and IP location as part of standard fraud prevention. Stripe's use of your data is governed by Stripe's Privacy Policy.

PayPal - If you choose to pay via PayPal, PayPal processes your payment. PayPal collects your billing information directly and does not share your full payment details with us. PayPal may provide us with antifraud information as part of standard fraud prevention. PayPal's use of your data is governed by PayPal's Privacy Policy.

Primary services we use

The following is a non-exhaustive list of third-party services used in our infrastructure. This list is provided for transparency and does not imply that your personal data is shared with or processed by each of these services.

Cloudflare - Website hosting, analytics, security, and application services. See cloudflare.com for details.

Hetzner - Dedicated server infrastructure.

Google - Analytics, advertising, email, and additional workspace services. See workspace.google.com for details.

Mailgun - Email deliverability.

Osint.Industries - Breach and OSINT scanning services.

Datadog, Chartmogul, Dash0 - Storage and analysis of crash logs and application metrics.

Statsig, Posthog - Analytics and A/B testing to help determine better functionality and conversion.

2captcha - Automated captcha solving service, used for Databrokers and OSINT/Breach scans so users do not have to click a Captcha themselves.

Sentry.io - Application performance monitoring and alerts.

Atlas Support - User support.

Slack - Internal team communications.

Discord - User community.

Discourse - Community forums at community.redact.dev.

Twitter/X - User support, user communication, and advertising.

Linear - Internal issue tracking and project management.

International users

Redact is operated from the United States. By using Redact, you understand that your data may be subject to United States laws, which may differ from the laws of your country.

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data protection laws, you may have additional rights under those laws. We process your data based on your consent (which you provide when you create an account and use our services) and on the basis of contractual necessity (to provide the services you've requested). You may withdraw your consent at any time by deleting your account.

Changes to this policy

We review this policy at least once every twelve months and will update it if our practices change. When we make changes, we will update the effective date at the top of this page. If we make material changes, we will notify you by email or by a prominent notice on our website.

Governing Law; Venue; Waiver of Jury Trial and Class Actions

Unless applicable data protection / privacy laws provide otherwise, (a) the Privacy Policy is governed by the laws of the State of California, (b) you hereby agree that any dispute or claim raised or made by you against us relating to the Privacy Policy shall be subject to arbitration before a single arbitrator in Miami, Florida in accordance with the Commercial Arbitration Rules of the American Arbitration Association and (c) you hereby waive all rights to bring or maintain any court action, jury trial or any class claim, class action, class arbitration, or other representative action, claim or proceeding against us in a court of law.

Questions? Concerns? Email us at privacy@redact.dev.

For contact or legal information, please see our Terms of Service or our legal information page.