Privacy Policy

1. Overview

ProfileFinder ("we," "us," or "our") operates the ProfileFinder website and public-profile search service, including face search and username lookup tools. This Privacy Policy describes how we collect, use, store, and share information about you when you use our Service, and explains the choices you have regarding that information.

2. Information We Collect

Information You Provide

• Account information: Email address and hashed password when you register. We do not collect your real name, date of birth, or any other identifying details;
• Payment information: Billing details are collected and processed entirely by our third-party payment provider. We never see, receive, or store your full card number or bank details;
• Communications: Any messages you send us via email or support channels;
• Uploaded images: Photos you submit for face searches — see Section 3. These are never stored.

Information Collected Automatically

• Log data: IP address, browser type, operating system, referring URL, pages visited, timestamps, and error logs — retained for up to 90 days for security and fraud prevention, then deleted;
• Session data: Authentication tokens required to keep you logged in;
• Usage data: Aggregate, anonymised metrics such as feature usage counts — not tied to individual searches or identities;
• Cookies: Session and preference cookies as described in Section 8.

Information From Third Parties

• Payment processors: Our payment provider shares purchase confirmation and transaction status with us so we can credit your account;
• Search pipeline results: Our third-party search providers return links to publicly available web pages. These result links are temporarily surfaced to you in your session. We do not permanently store the content of those third-party pages, nor any biometric or facial data derived from your query.

3. Biometric & Facial Data

To be explicit about our data practices with respect to biometric information:

• We do not collect or store biometric identifiers as defined by the Illinois Biometric Information Privacy Act (BIPA) or similar state laws;
• We do not derive a facial geometry template, faceprint, or voiceprint from any uploaded image;
• Uploaded images are never used to train AI models;
• Uploaded images are never shared with any party beyond what is strictly necessary to execute your requested search;
• We do not retain uploaded images on our servers after the search completes.

If you are a resident of Illinois, Texas, Washington, or another jurisdiction with specific biometric privacy laws, our described practices are designed to avoid triggering consent and retention obligations under those laws. If you have concerns specific to your jurisdiction, contact us at profilefindersupport@gmail.com.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To execute searches, display results, manage your credit balance, and generate reports;
• Account management: To authenticate you, manage your account settings, and communicate with you about your account;
• Payment processing: To facilitate purchases through our payment provider;
• Safety & fraud prevention: To detect and prevent abuse, enforce our Acceptable Use Policy, and protect the safety of users and third parties;
• Legal compliance: To comply with applicable laws, respond to lawful requests from public authorities, and enforce our Terms of Service;
• Service improvement: To analyze aggregate, anonymized usage patterns to improve the Service — we do not use your search queries or uploaded images for this purpose;
• Communications: To send transactional emails (receipts, password resets, security alerts). We will only send marketing communications with your explicit consent.

5. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

• Service providers: We share data with carefully vetted third-party vendors who assist us in operating the Service (hosting, payments, search API) under contracts that prohibit them from using your data for their own purposes;
• Legal requirements: We may disclose information if required to do so by law, subpoena, court order, or other governmental authority, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email or a prominent notice on our website;
• With your consent: We may share information for any other purpose with your explicit prior consent.

We do not share your search history, uploaded images, or account data with data brokers, advertisers, or any party for commercial profiling purposes.

6. Data Retention

We retain different categories of data for different periods:

• Account data (email, hashed password, credit balance): Retained for the lifetime of your account, plus 30 days after deletion to allow for account recovery;
• Uploaded photos: Never retained — permanently discarded upon search completion. No copy is held on our servers at any point;
• Server & access logs: Retained for 90 days for security and fraud prevention, then automatically deleted;
• Payment records: Retained for 7 years as required for financial record-keeping compliance. These records contain transaction amounts and dates — not payment card details, which we never receive;
• Legal hold: Data subject to a legal hold or regulatory inquiry is retained until the matter is resolved, regardless of the above schedules.

7. Security

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These include:

• TLS 1.3 encryption for all data in transit;
• AES-256 encryption for sensitive data at rest;
• Role-based access controls limiting employee access to personal data;
• Regular security audits and penetration testing;
• Bcrypt password hashing — we never store passwords in plain text.

Despite these measures, no security system is impenetrable. In the event of a data breach affecting your information, we will notify you as required by applicable law.

8. Cookies & Tracking

We use the following types of cookies:

• Strictly necessary: Session authentication cookies required for you to log in and use the Service — these cannot be disabled;
• Functional: Preference cookies that remember your settings (e.g., dashboard view options);
• Analytics: Anonymized usage analytics (e.g., page views, feature usage) to improve the Service. We use privacy-respecting analytics that do not fingerprint individual users.

We do not use advertising cookies or third-party tracking pixels. You can manage or disable non-essential cookies through your browser settings. Disabling cookies may affect Service functionality.

9. California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you specific rights regarding your personal information:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, our business purposes for collecting it, and the categories of third parties with whom we share it;
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions;
• Right to Correct: You may request correction of inaccurate personal information;
• Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is required, but you may send a request to confirm this;
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information (including biometric data) for purposes beyond service delivery;
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, submit a verifiable consumer request to profilefindersupport@gmail.com. We will respond within 45 days. You may authorize an agent to submit requests on your behalf with written authorization.

10. EU & UK Residents (GDPR)

If you are a resident of the European Economic Area (EEA) or United Kingdom, the General Data Protection Regulation (GDPR) and UK GDPR give you additional rights:

• Lawful basis: We process your data under the following legal bases: (a) contract performance — to deliver the Service you requested; (b) legitimate interests — fraud prevention and security; (c) legal obligation — compliance with applicable law; (d) consent — for optional communications;
• Right of access (Article 15): You may request a copy of your personal data;
• Right to rectification (Article 16): You may request correction of inaccurate data;
• Right to erasure (Article 17): You may request deletion of your data under certain conditions;
• Right to restrict processing (Article 18): You may request we limit how we use your data;
• Right to data portability (Article 20): You may request your data in a machine-readable format;
• Right to object (Article 21): You may object to processing based on legitimate interests;
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise GDPR rights, contact our Data Protection contact at profilefindersupport@gmail.com. You also have the right to lodge a complaint with your local supervisory authority.

11. Minor Subject Protection

Regardless of who is using our Service, it must never be used to search for information about minors (persons under 18). Any search we detect targeting a minor will result in immediate account suspension and the search will be voided. If you believe our Service has been misused in connection with a minor, contact us immediately at profilefindersupport@gmail.com.

12. International Data Transfers

ProfileFinder is operated from the United States. If you are accessing the Service from outside the US, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For transfers from the EEA to the US, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission where required. By using the Service, you consent to this transfer.

13. Your Rights & Choices

Regardless of where you live, you have the following options:

• Access: You may request a copy of the personal data we hold about you (email address and credit balance) by emailing profilefindersupport@gmail.com;
• Correction: Update your email address via your account settings;
• Deletion: Delete your entire account via Settings → Delete Account. We hold so little personal data that account deletion is the only deletion action typically required;
• Marketing opt-out: Unsubscribe from any marketing email using the link in the email footer;
• Cookie preferences: Manage non-essential cookies via your browser settings;
• Result suppression: If your likeness appears in search results on our platform and you want it suppressed, see our DMCA & Opt-Out page. Note that we do not control or host the underlying third-party content.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by sending an email to your registered address and/or posting a notice on our website at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

15. Contact & DPO

For privacy inquiries, data subject requests, or complaints:

• Privacy email: profilefindersupport@gmail.com
• General support: profilefindersupport@gmail.com
• Response time: We aim to respond to all privacy requests within 30 days (45 days for CCPA requests).