Privacy Policy

1. Introduction

Lysio Ltd ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our data broker removal service ("Service"). We understand the irony and importance of protecting your privacy while helping you protect your privacy from data brokers.

2. Information We Collect

2.1 Personal Information You Provide

• Account Information: Email address, full name, company name, LinkedIn profile
• Contact Details: Address, phone number (when required for removal requests)
• Payment Information: Billing details processed securely through Stripe
• Authorization Documents: Legal authorizations for us to act on your behalf

2.2 Information We Collect Automatically

• Usage Data: How you interact with our Service
• Device Information: IP address, browser type, operating system
• Cookies: Essential cookies for Service functionality
• Email Monitoring: Analysis of emails received at your dedicated removal address

3. How We Use Your Information

We use your information to:

• Provide Our Service: Monitor data brokers and send removal requests on your behalf
• Process Payments: Handle subscription billing and payments
• Communications: Send service updates, removal confirmations, and support responses
• Legal Compliance: Comply with legal obligations and protect our rights
• Service Improvement: Analyze usage patterns to improve our Service
• Security: Detect and prevent fraud, abuse, and security issues

4. Data Broker Monitoring Process

Our core service involves monitoring data brokers for your personal information:

• We search 1000+ known data broker websites using your provided information
• When we find your data, we automatically submit removal requests
• We monitor for re-listing and submit additional requests as needed
• We track the status and effectiveness of removal requests
• We provide you with regular reports on our activities and results

5. Information Sharing and Disclosure

We do NOT sell, trade, or rent your personal information. We may share your information only in these limited circumstances:

5.1 Data Broker Communications

We share your information with data brokers ONLY for the purpose of requesting removal of your data from their systems. This is the core function of our Service and is done with your explicit authorization.

5.2 Service Providers

• Supabase: Database hosting and user authentication
• Stripe: Payment processing
• Vercel: Website hosting and infrastructure

5.3 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, property, or safety.

6. Data Security

We implement industry-standard security measures:

• Encryption: All data is encrypted in transit and at rest
• Access Controls: Strict access controls and authentication
• Regular Audits: Regular security assessments and updates
• Secure Infrastructure: SOC 2 compliant hosting providers
• Minimal Data: We collect only the information necessary for our Service

7. Data Retention

We retain your information:

• Active Accounts: For as long as your account is active and during your subscription
• After Cancellation: For 90 days to allow for reactivation
• Legal Requirements: As required by law for tax and legal purposes
• Removal Requests: Records of removal requests for 7 years for legal compliance

8. Your Rights and Choices

Under applicable privacy laws (GDPR, CCPA), you have the right to:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your information
• Objection: Object to certain types of processing
• Withdraw Consent: Withdraw authorization for our Service

9. Cookies and Tracking

We use cookies for:

• Essential Functions: User authentication and Service functionality
• Analytics: Understanding how our Service is used (anonymous data)
• Security: Protecting against fraud and abuse

You can control cookies through your browser settings, though disabling essential cookies may affect Service functionality.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable privacy laws.

11. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will notify you of any material changes via email or through our Service. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@notmailbox.com
Data Protection Officer: dpo@notmailbox.com
Address: Lysio Ltd, London, United Kingdom

For GDPR-related inquiries, you also have the right to lodge a complaint with your local data protection authority.