Privacy Policy

Legal Disclaimer: This Privacy Policy is a template. For production use, please have this reviewed by a legal professional to ensure compliance with GDPR, CCPA, and other applicable privacy regulations.

Last updated: 12/23/2025

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, make a purchase, or contact us. This includes:

  • Email addresses (for authentication and communication)
  • Payment information (processed securely through Stripe - we do not store payment card details)
  • Account usage data (credits, verification history)
  • IP addresses (for free lookup tracking and security)

Legal Basis (GDPR Article 6): We process your data based on: (1) Contract performance (providing the service), (2) Legitimate interests (security, fraud prevention), and (3) Your consent (where applicable).

2. How We Use Your Information

We use the information we collect to provide, maintain, and improve our services, process transactions, and communicate with you.

3. Data Storage and Security

Your data is stored securely using Supabase. We implement appropriate technical and organizational measures to protect your personal information in accordance with GDPR Article 32 (Security of Processing).

Data is stored within the European Economic Area (EEA) where possible. When data is processed outside the EEA, we ensure adequate safeguards are in place as required by GDPR.

4. Third-Party Services

We use third-party services including Supabase (authentication and database), Stripe (payments), and twitterapi.io (data source). These services have their own privacy policies.

5. Your Rights (GDPR/CCPA)

Under applicable data protection laws, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing of your personal data
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us. We will respond within 30 days.

6. Data Retention

We retain your personal data only for as long as necessary to provide our services and comply with legal obligations under German law and GDPR:

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Payment records: Retained for 10 years as required by German tax law (GoBD - Grundsätze zur ordnungsmäßigen Führung und Aufbewahrung von Büchern, Aufzeichnungen und Unterlagen in elektronischer Form sowie zum Datenzugriff).
  • IP addresses (free lookups): Stored in memory only, cleared on server restart. Not persisted long-term.
  • Verification history: Not stored - only displayed temporarily in your session.

You can request deletion of your account and associated data at any time, subject to legal retention requirements.

7. Data Breaches

In the event of a data breach that may affect your personal information, we will:

  • Notify the relevant supervisory authority (in Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit) within 72 hours as required by GDPR Article 33
  • Notify affected users without undue delay if the breach poses a high risk to their rights and freedoms, as required by GDPR Article 34
  • Document all breaches and our response measures

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data in accordance with GDPR requirements.

Our service providers (Supabase, Stripe, twitterapi.io) may process data in various locations. We ensure all transfers comply with GDPR and applicable German data protection laws.

9. Cookies

We use cookies for authentication and session management. See our Cookie Policy for more details.

10. Supervisory Authority

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority. In Germany, this is:

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn, Germany
Website: www.bfdi.bund.de

11. Contact

For questions about this Privacy Policy or to exercise your rights under GDPR, please contact us at: privacy@xtrustradar.com

(Note: Update this email address with your actual contact information before production deployment)