What we know about you. Which is very little.

We collect the minimum needed to make the service work and to keep it honest. Specifically:

• When you submit a report or tip — the report type, an optional short comment, and a one-way cryptographic hash of your IP address. The hash lets us prevent the same person from flooding a number with identical reports; it cannot be reversed back into an IP. We do not store your raw IP with the report.
• When you create an account — your email address and a public display name. Account creation is delegated to a third-party identity provider that handles sign-in by email or social login; we never see or store your password.
• When you use our API — we record the number of requests per API key so we can enforce rate limits and bill accurately on paid plans. We do not record the specific numbers you looked up.
• Server access logs — standard web logs (IP, path, response code, timestamp) retained for up to 30 days for abuse prevention and performance monitoring. Not sold, not shared.

A short list of things you might expect a phone-intelligence service to collect, that we do not:

• The specific numbers you look up, if you aren't signed in. Lookups from guest browsers are not retained against any identifier.
• Your browsing behavior across sites. We don't embed third-party ad trackers, pixels, or analytics fingerprints.
• Your phone contacts, address book, or call history. We have no app that could collect these and no browser API that could.
• Your password. Authentication goes through a hosted identity provider; the credential never touches our servers.
• Your payment card. If you upgrade, payment is completed through our payment provider; we receive a subscription status, not card details.

Three purposes only:

1. To run the service. Showing you results, saving your report, counting your API calls.
2. To keep it safe. Rate-limiting abusive IPs, blocking bots, investigating security incidents.
3. To improve the product. Aggregate numbers — how many lookups per day, what countries they cluster in, what reports come in — feed decisions about what to build. No individual-level analysis.

We work with a small set of service providers to run the site — the same kind of providers any modern web service uses. Each is bound by contract to process data only on our instructions and only for the stated purpose:

• A hosting provider that runs our application servers and database.
• An identity provider that handles sign-in, so we don't have to store passwords.
• A network-edge provider that protects the site from denial-of-service attacks and abusive traffic.
• An error-monitoring provider that captures stack traces when something breaks, so we can fix it quickly.
• A payment provider, if and when you subscribe to a paid plan.

We never sell personal data. We never share it with advertisers. If the law requires us to disclose data (a valid court order, a subpoena we have no legal grounds to refuse), we disclose the minimum required and notify you where we are legally permitted to do so.

• Community reports and tips — retained indefinitely. They're public signals that other visitors rely on. The content you submit is visible to everyone looking up that number.
• Account data — retained until you delete your account. After deletion, your content is unpublished from your profile and we retain a minimal archival record (hashed identifiers, not your personal data) to stop abuse via repeated sign-up/delete cycles. Public reports you authored remain visible but are disassociated from your profile.
• Server logs — up to 30 days, then rotated out automatically.
• API usage records — up to 13 months, for billing and analytics.

Depending on where you live, you may have legal rights over your personal data — under GDPR (EU/UK), CCPA (California), LGPD (Brazil), or similar laws. We honor them regardless of jurisdiction. You can:

• See what we have. Request a copy of the personal data we hold about you.
• Correct it. Ask us to fix anything that's wrong or out of date.
• Delete it. Ask us to erase your account and associated data. You can also delete your account directly from your settings.
• Object or restrict. Ask us to stop a specific use of your data.
• Take it with you. Request your data in a machine-readable format.
• Remove a number page. If a public number page names you or describes you, use our removal form. We review every request within 72 hours.

Email [email protected] for anything not covered by the self-serve options. We respond within 14 days, typically within 48 hours.

We use a small number of cookies, all functional:

• A session cookie, set when you sign in, so the site knows it's you on the next page. Cleared when you log out.
• A CSRF token that stops other websites from submitting forms on your behalf — a standard security measure.
• A short-lived cookie from our bot-protection provider that helps distinguish humans from automated traffic on sensitive forms. Not used for advertising or profiling.

No tracking cookies, no ad cookies, no cross-site fingerprinting. Because we don't do any of that, we don't need a cookie consent banner under most laws — the cookies we set are strictly necessary for the service to function.