Privacy Policy
1. Information We Collect
We collect information you provide directly to us and information generated as you use Securelli.
Information you provide:
- Account information: Email address and password when you create an account.
- Protection profile: Your name, address, phone number, age, and other personal details you enter in the "My Profile" section. This information is used exclusively by Efface to locate and remove your data from broker sites.
- Payment information: We use Stripe to process payments. Securelli never stores your credit card number, CVV, or full billing details — Stripe handles all payment data.
- Communications: Any messages you send us via email or contact forms.
Information collected automatically:
- Usage data: Pages visited, features used, and time spent on the platform.
- Technical data: Browser type, operating system, IP address, and device identifiers.
- Cookies: We use essential cookies to keep you logged in and remember your preferences. We do not use advertising cookies or sell cookie data.
2. How We Use Your Information
We use information we collect only for the following purposes:
- To operate Securelli: Running your account, processing payments, and delivering the features you've subscribed to.
- Data removal (Efface): Your protection profile data (name, address, age, etc.) is used exclusively by the Efface bot to submit opt-out requests to data broker sites on your behalf. It is not used for any other purpose.
- To improve the service: Aggregated, anonymized usage patterns help us fix bugs and improve features.
- To communicate with you: Sending account confirmations, billing receipts, and service updates. We do not send marketing emails unless you've opted in.
- Legal compliance: Responding to lawful requests from law enforcement or regulators when legally required.
We do not:
- Sell your personal information to any third party.
- Use your profile data for advertising or marketing profiling.
- Share your information with data brokers (the entire point of our service is the opposite).
3. Efface — Our Data Removal Bot
Efface is Securelli's proprietary data removal system, built entirely in-house. Here's exactly how it handles your data:
What Efface does with your profile:
Your name, address, phone number, and age are used to search data broker sites for your specific listing. When found, Efface submits opt-out requests on your behalf.
What Efface does not do:
- Efface does not submit your data to data broker sites for any purpose other than removal requests.
- Efface does not sell or share your profile data with any third party.
- Efface does not store screenshots or copies of your data broker listings beyond what is needed to track removal progress.
Retention:
Your protection profile data is stored securely in our database and is retained as long as your account is active. You can delete your profile data or your entire account at any time. Upon account deletion, all profile data is permanently erased within 30 days.
4. Vulnerability Game
The Vulnerability Game is a privacy awareness tool that estimates how exposed someone's public data profile is.
How it works:
- Names and optional information you enter into the game are scored locally in your browser using our scoring algorithm.
- If you provide an email address, it is sent to HaveIBeenPwned (HIBP) — a trusted, independent breach notification service — to check whether that email has appeared in known data breaches.
- We proxy HIBP requests through our server to protect your HIBP API key, but the email itself is forwarded to HIBP's API.
What we do not store:
- Game inputs (names, emails, dates of birth, locations) are not saved to our database.
- Game scores and results are not associated with your account or stored after your session ends.
HaveIBeenPwned: When you use the email breach check feature, your email is processed by HIBP under their own privacy policy at https://haveibeenpwned.com/Privacy.
5. Data Sharing & Third Parties
We share your information only in the following limited circumstances:
Stripe (Payment Processing)
We use Stripe to process subscription payments. Stripe receives your payment information, billing name, and email address. Stripe's privacy policy is available at https://stripe.com/privacy.
Supabase (Database & Authentication)
Our database and authentication infrastructure is hosted on Supabase, which is SOC 2 Type II compliant. Your account and profile data is stored on Supabase's servers. Supabase's privacy policy is at https://supabase.com/privacy.
HaveIBeenPwned (Breach Data)
When you use the breach check feature in the Vulnerability Game, the email address you provide is sent to HaveIBeenPwned to check against their breach database.
Legal Requirements
We may disclose information when required by law, court order, or government regulation, or to protect the rights, safety, or property of Securelli, our users, or the public.
We will never:
- Sell your personal data to data brokers, advertisers, or any third party.
- Share your protection profile data with any company other than those listed above.
6. Your Rights
Regardless of where you live, Securelli gives you full control over your data:
Access: You can view all data associated with your account by visiting your dashboard.
Correction: Update your profile information at any time from the My Profile tab.
Deletion: You can delete your account and all associated data by contacting us at contact@securelli.com. We will process deletion requests within 30 days.
Data portability: You can request a copy of your personal data in a machine-readable format by emailing us.
Opt out of processing: If you want Efface to stop processing your protection profile, you can clear your profile data from the dashboard or delete your account.
California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of any sale of personal information. We do not sell personal information.
European residents (GDPR): You have rights of access, rectification, erasure, restriction of processing, data portability, and the right to object. Our lawful basis for processing is contractual necessity (to provide the service) and consent (for optional features like the Vulnerability Game).
To exercise any of these rights, email us at contact@securelli.com.
7. Data Security
We take the security of your data seriously and implement the following measures:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
- Encryption at rest: Your data is stored in an encrypted database managed by Supabase, which is SOC 2 Type II certified.
- Row Level Security: Our database uses Supabase's Row Level Security (RLS) policies, meaning your data is only accessible by your own authenticated account — even at the database query level.
- Password hashing: Passwords are hashed using bcrypt and are never stored in plain text.
- Limited access: Only authorized Securelli personnel can access production systems, and access is logged and audited.
No system is 100% secure. If you believe your account has been compromised, contact us immediately at contact@securelli.com.
8. Data Retention
We retain different types of data for different periods:
- Account data: Retained while your account is active. Deleted within 30 days of account deletion.
- Protection profile: Retained while your account is active. You can clear this data at any time from My Profile. Deleted within 30 days of account deletion.
- Removal history: Records of which broker sites Efface has submitted opt-out requests to are retained while your account is active and deleted with your account.
- Payment records: Billing history is retained for 7 years as required by tax law, even after account deletion.
- Usage logs: Anonymized usage analytics are retained for up to 24 months.
- Vulnerability Game inputs: Not retained — these are never saved to our database.
9. Children's Privacy
Securelli is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13.
If you are between 13 and 18, you may use Securelli only with the involvement and consent of a parent or guardian. Certain features (such as paid subscriptions) require a parent or guardian to complete the transaction, as minors cannot independently enter into binding contracts in most jurisdictions.
If we learn that we have collected personal information from a child under 13 without parental consent, we will delete that information as quickly as possible. If you believe we have collected such information, please contact us at contact@securelli.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make material changes, we will:
- Update the "Last Updated" date at the top of this page.
- Send an email notification to your registered email address if the changes significantly affect how we use your data.
- Post a notice on the Securelli dashboard for logged-in users.
Your continued use of Securelli after a policy update constitutes acceptance of the revised policy. If you do not agree with the updated policy, please stop using Securelli and delete your account.
11. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or how we handle your personal data, please contact us:
Email: contact@securelli.com
Response time: We aim to respond to all privacy-related inquiries within 5 business days.
For urgent matters — such as suspected data breaches or unauthorized account access — please email us with "URGENT" in the subject line.