Privacy Policy

Effective Date: Monday August 20, 2025

1. Introduction

PrivacyHawk, Inc. (“PrivacyHawk,” “we,” “us,” or “our”) is committed to protecting the privacy and security of personal data. We are transparent about the personal data we collect, the purposes for which we process it, and the rights you have in relation to your data.

Protecting privacy is the reason our company exists — and we start with how we handle your data ourselves.

This Privacy Policy applies to all personal data collected from or about you through your use of our services, including our mobile application (“App”), website, and related services (together, the “Services”).

We operate under the following principles:

• Data minimization: We collect and store the minimum amount of personal data needed for our Services.
  
• Transparency: We are clear about what personal data we hold and how we use it.
  
• Privacy by design & by default: Privacy is embedded into our Services from the outset.
  
• User control: You have control over the personal data we hold and can exercise your data protection rights at any time.
  
• We do not sell personal data or share it for cross-context behavioural advertising.

2. Data Controller & EU/UK Representative

For users in the European Economic Area (“EEA”) and the United Kingdom (“UK”), PrivacyHawk, Inc. is the data controller of your personal data.

3. Categories of Personal Data We Collect

a. Information you provide directly

Note: Information you provide depends on feature usage within the product; not all of the below data is collected for every user. 

• Identification data: Name and email address
  
• Demographic data: Age and city during signup. You may optionally provide address, phone number, and date of birth for identity verification with certain companies.
  
• Communication data: Content of messages you send to us (e.g., support, surveys, feedback).
  
• Billing data: Minimal billing information if processed via our website (via Stripe). Billing via app stores (Apple/Google) is handled by them directly.
  
• Social media data: Information you provide via interactions with our social media pages.
  
• Identity protection identifiers: Optional hashed identifiers (e.g., social security number, tax ID) used for dark web scans.
  

b. Information collected automatically

• Data broker scan results: Publicly available personal data exposures.
  
• Email scan results: Sender domains from emails (not full emails, contacts, or credentials).
  
• Log & device data: IP address, browser type, device type, OS, date/time of requests, and how you interact with our Services.
  
• Usage data: Features used, actions taken, frequency/duration of activity.
  
• Location data: Approximate location derived from IP (not stored).
  
• Email open/click data: Via tracking pixels in emails.
  

4. Legal Bases for Processing (EU/UK Users)

Under the EU GDPR and UK GDPR, we process your personal data on the following legal bases:

• Performance of a contract: To provide the Services you request, including opt-out requests, account management, and billing.
  
• Legitimate interests: To conduct scans, prevent fraud, secure our systems, improve Services, and respond to enquiries.
  
• Consent: For marketing communications and for any non-essential cookies or tracking technologies (see Section 7). You may withdraw consent at any time.
  

5. Purposes of Processing

We use your personal data to:

• Identify companies holding your data and assist with deletion/opt-out requests.
  
• Verify your identity and contact details.
  
• Authenticate your access to the Services.
  
• Personalize your experience.
  
• Process payments and maintain billing records.
  
• Respond to your enquiries.
  
• Send administrative notices and updates.
  
• Improve our Services and develop new features.
  
• Prevent fraud and secure our systems.
  
• Comply with legal obligations.
  

6. Sharing of Personal Data

We share your personal data only as necessary and with safeguards in place:

• Service providers: For payment processing, hosting, analytics, customer support, and security.
  
• Legal compliance: Where required to comply with legal obligations or respond to lawful requests.
  
• Business transfers: In connection with mergers, acquisitions, or similar transactions.
  
• With your consent: Where you explicitly agree to sharing.
  

We do not sell personal data or share it for cross-context behavioural advertising.

7. Cookies & Similar Technologies

We use cookies and similar technologies to operate our Services.

• Essential cookies are necessary for the functioning of the Services.
  
• Preference cookies store your settings and preferences.
  
• Performance cookies help us improve the Services by analysing usage patterns.

8. International Transfers

We store and process personal data in the United States.

Where we transfer personal data from the EEA/UK to the US, we implement safeguards such as Standard Contractual Clauses (SCCs) under the EU GDPR and the International Data Transfer Addendum (IDTA) under the UK GDPR. Copies of these safeguards are available on request.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this Policy and comply with legal obligations.

10. Your Rights (Global)

All users, regardless of location, have the right to:

• Access your personal data.
  
• Rectify inaccurate data.
  
• Erase your personal data (“right to be forgotten”).
  
• Restrict processing.
  
• Data portability.
  
• Object to processing based on legitimate interests.
  
• Withdraw consent at any time.
  

You can exercise your deletion right via the App or by emailing support@privacyhawk.com. All other rights can be exercised by emailing support@privacyhawk.com. We may request proof of identity before responding.

11. Marketing Communications

We may send you marketing emails if you have opted in or if permitted by law. You can unsubscribe at any time via the link in each email.

12. Security

We use highly secure, industry best practices to protect personal data and take security extremely seriously. No system is completely secure, but we work hard to minimize risks.

13. Children’s Data

Our Services are not directed at children under 13, and we do not knowingly collect data from them.

14. U.S. State Privacy Rights (Including California Residents)

Certain U.S. states — including California, Colorado, Connecticut, Utah, and Virginia — provide their residents with specific rights regarding their personal information. If you are a resident of one of these states, this section explains those rights and how to exercise them.

a. Categories of personal information we collect

The categories of personal information we collect are described in Section 3 and may include:

• Identifiers (e.g., name, email address)
  
• Personal information described in Cal. Civ. Code §1798.80(e) (e.g., phone number, billing information)
  
• Internet or other electronic network activity information (e.g., usage data, device data)
  
• Geolocation data (approximate location)
  
• Inferences drawn from other information to create a profile
  

b. Purposes of collection

We collect personal information for the purposes described in Section 5.

c. Categories of third parties to whom we disclose personal information

We disclose personal information to the categories of recipients described in Section 6.

d. Sale and sharing of personal information

We do not sell personal information or share it for cross-context behavioural advertising as those terms are defined in the California Consumer Privacy Act (as amended by the CPRA).

e. Sensitive personal information

We do not use or disclose sensitive personal information for any purpose other than those permitted by applicable state privacy laws, including the CPRA.

f. Your state privacy rights

Depending on your state of residence, you may have the right to:

• Know the categories and/or specific pieces of personal information we have collected about you.
  
• Access and obtain a copy of your personal information.
  
• Request correction of inaccurate personal information.
  
• Request deletion of your personal information.
  
• Restrict or limit the use of sensitive personal information (if applicable).
  
• Opt out of the sale or sharing of personal information.
  
• Appeal a decision we make regarding your privacy rights request.
  

We will not discriminate against you for exercising any of your state privacy rights.

g. How to exercise your rights

You can make a privacy rights request by:

• Emailing support@privacyhawk.com
• Submitting a request via the App
  

We will verify your identity before processing your request, which may include requesting additional information from you or your authorised agent.

This section reflects our practices for the 12 months preceding the Effective Date of this Privacy Policy and will be updated annually as required by applicable state laws.

15. Changes to This Policy

We may update this Policy from time to time. Changes will be posted with a new “Effective Date.”

16. Contact Us

PrivacyHawk, Inc.
Email: support@privacyhawk.com
EU/UK Representative: support@privacyhawk.com

‍