Skip to content
Sleuthly
Draft , pending legal review. This page is not legal advice.

Privacy Policy

Last updated: 2026-05-24

This Privacy Policy explains how Sleuthly LLC, a U.S. limited liability company (“Sleuthly,” “we,” “us”) collects, uses, shares, and protects personal data in connection with the Sleuthly website and services. We process only data that is already publicly available, and we cite the source of every result. Self-checks run on your consent; third-party searches run on a defined legal basis. You can remove yourself from our index for free, at any time, via /opt-out.

1. Data controller and contacts

The data controller is Sleuthly LLC, a U.S. limited liability company. You can contact us about privacy at info@sleuthly.io.

  • Registered address: [registered address]
  • Data Protection Officer (if appointed): [DPO contact, if required]
  • EU/UK representative (GDPR Art. 27, if appointed for a controller established outside the EU/UK): [Art. 27 representative]

2. Categories of data we process

  • Publicly available third-party data aggregated from public sources (e.g., names, public profiles, public posts, public web pages, and images that are already public).
  • Data you provide as a user: your email, search queries, query images you upload for a self-check, and [payment data, Phase 1].
  • Technical data: device, browser, and usage data (see our Cookie Policy).

3. Sources of data (GDPR Art. 14)

Some data is not collected directly from you. Where we process data about a person obtained from sources other than that person, those sources are public sources such as: [list of public source categories] (e.g., publicly accessible websites, public social profiles, public registries, and search indexes). We do not bypass logins, scrape private areas, or fabricate identities.

4. Purposes and legal bases

We process personal data for two distinct activities, each with its own legal basis:

(a) Self-check (search about yourself)

Legal basis: consent (GDPR Art. 6(1)(a)). You ask us to find your own public footprint; you can withdraw consent at any time.

(b) Third-party search

Legal basis: [legal basis to be defined] (e.g., legitimate interest under GDPR Art. 6(1)(f), subject to a balancing test/LIA). Where results could touch special categories of data (GDPR Art. 9), this activity is subject to a Data Protection Impact Assessment and an Art. 9 assessment, and is not published until those are resolved.

5. Retention

We keep personal data only as long as necessary for the purposes above, then delete or anonymize it.

  • User account / email: [retention period]
  • Search queries and query images: [retention period]
  • Indexed public data: [retention period] (removed on opt-out)
  • Logs kept for abuse prevention/security: [retention period]

6. Recipients and processors

We share personal data only with service providers acting as processors under a data processing agreement, including hosting (Vercel, Render), our payment processor (Phase 1), and enrichment/API providers. Full list: [list of processors and DPAs].

7. International transfers

Some processors may be located outside your country (including the United States). Where personal data is transferred internationally, we rely on appropriate safeguards such as [transfer mechanism, e.g. SCCs].

8. Your rights

Depending on your jurisdiction, you may have the right to access, rectify, erase, restrict, or object to processing, and to data portability. To exercise these rights, contact info@sleuthly.io or use /opt-out to remove yourself from our index for free, without an account. California residents: see Do Not Sell or Share.

9. Complaints

If you are in the EU/UK, you have the right to lodge a complaint with your supervisory authority (e.g., your national Data Protection Authority). Competent authority: [competent supervisory authority].

10. Changes to this policy

We may update this policy. We will revise the “last updated” date above and, where required, notify you of material changes.