DS
DataShadow

Privacy Policy

We don't want your data — that's the whole point. This policy explains what little info we do process (if any), and how we keep it private.

1Introduction

TL;DR: We're committed to protecting your privacy and designed our service with data minimization as a core principle.

DataShadow ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital identity protection service.

We take your privacy seriously and have designed our service with data minimization as a core principle. Please read this policy carefully to understand our practices regarding your personal data.

2What Data We (Don't) Collect

TL;DR: We collect minimal data. Your breach scans are anonymous, and we never see your full email or queries.

2.1 Breach Scans (Anonymous)

When you run a scan:

  • Your input (like email) is hashed locally and trimmed using k-anonymity
  • Only the prefix (first 5 chars of hash) is sent to our backend
  • We never see, store, or log full emails or queries

2.2 Accounts (Coming Soon)

If we add accounts later, we may store:

  • Email address (encrypted at rest)
  • Hashed password (using secure hashing)
  • Your opt-in notification preferences

3How Your Info Is Used

TL;DR: We only use your data to check for breaches and improve our service. We never sell your information.

We use your data only to:

  • Check if your data appears in known breaches
  • Provide you with breach notifications (if you opt in)
  • Improve and optimize our services

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4Data Retention

TL;DR: We maintain a strict no-logs policy for anonymous searches. Account data is retained until you delete it.

For anonymous searches, we maintain a strict no-logs policy. For users with accounts:

  • Account information is retained until you delete your account
  • You can request deletion of your data at any time
  • Breach notification data is retained only as long as necessary to provide the service

5Security

TL;DR: We use industry-standard encryption, no tracking, and open source transparency to protect your data.

We implement appropriate technical and organizational measures to protect your personal information, including:

  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest (for any stored data)
  • No tracking, no third-party analytics
  • Open source frontend for transparency

6Your Rights

TL;DR: You have rights to access, correct, delete, and control your data. Contact us to exercise these rights.

Depending on your location, you may have rights regarding your personal data, including:

  • Right to access your data
  • Right to correct inaccurate data
  • Right to delete your data
  • Right to restrict or object to processing
  • Right to data portability

To exercise these rights, please contact us at eric@nezser.com.

7Changes to This Policy

TL;DR: We may update this policy and will notify you of any material changes.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

We encourage you to review this Privacy Policy periodically for any changes.

8Contact Us

TL;DR: Questions about privacy? Contact eric@nezser.com

If you have any questions about this Privacy Policy, please contact us at:

eric@nezser.com
Last Updated: June 22, 2025
Return to Homepage