iErase
Log InFree Scan

Privacy Policy

Last updated: April 10, 2026

Applies to users in all regions including the European Union (GDPR), United States (CCPA/CPRA), Canada (PIPEDA), Japan (APPI), Singapore (PDPA), South Korea (PIPA), Australia (Privacy Act 1988), Brazil (LGPD), and other jurisdictions.

1. Who We Are (Data Controller)

iErase (“we”, “our”, “us”) operates the data removal service available at ierase.ai and associated domains. We act as the data controller for the personal data you provide to us, and as a data processor when we handle your data solely to submit removal requests to third-party data brokers on your behalf.

Data Protection Contact:

Email: privacy@ierase.ai

2. Personal Data We Collect

We collect only the minimum data necessary to provide the Service (data minimisation principle):

Identity & Contact Data

First name, last name, email address, phone number (optional), city, state/province, postal/ZIP code, country

Used to: search data broker databases and submit removal requests

Account Data

Email address, name, account ID (managed by Clerk — we do not store passwords)

Used to: authenticate you and associate your cases with your account

Billing Data

Subscription plan, billing status (managed by Stripe — we never see or store payment card numbers)

Used to: manage your subscription and process payments

Usage & Service Data

Scan results, data broker findings, removal request status, AI-generated reports

Used to: display your privacy exposure and track removal progress

Identity Documents (optional)

Government-issued photo ID (e.g. driver's licence, passport) — only if you choose to upload

Used to: satisfy identity verification requirements of certain data brokers. Stored encrypted. Deleted upon account closure.

We do not collect: racial or ethnic origin, political opinions, religious beliefs, genetic or biometric data, health data, sexual orientation, or financial account details.

3. Legal Basis for Processing (GDPR Art. 6)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland:

  • Consent (Art. 6(1)(a))You explicitly consent before we scan for or process your personal data. You may withdraw consent at any time.
  • Contract (Art. 6(1)(b))Processing is necessary to perform the data removal service you requested.
  • Legal Obligation (Art. 6(1)(c))We may retain certain records as required by applicable law.
  • Legitimate Interests (Art. 6(1)(f))Security, fraud prevention, and service improvement, where not overridden by your rights.

For special category data (e.g. government ID), the basis is explicit consent per Art. 9(2)(a).

4. How We Use Your Data

  • Scan 500+ data broker websites to identify where your information appears
  • Draft and submit legally-compliant opt-out and removal requests to data brokers
  • Generate AI privacy reports summarising your exposure
  • Send transactional emails (scan results, removal status updates, account notices)
  • Process subscription payments and manage your account
  • Verify compliance with data broker removal confirmations
  • Improve service accuracy and coverage (using anonymised aggregate data only)

We never use your data for advertising, profiling, or sale to any third party.

5. Data Sharing & Sub-processors

We share your data only as strictly necessary. We do not sell, rent, or share your data for marketing. All sub-processors are bound by data processing agreements (DPAs).

Sub-processorPurposeLocation
ClerkAuthentication & user managementUSA (SCCs)
StripePayment processingUSA (SCCs)
SupabaseDatabase hosting (encrypted at rest)USA/EU (configurable)
VercelHosting & file storageUSA (SCCs)
OpenAIAI report generation (anonymised)USA (SCCs)
ResendTransactional email deliveryUSA (SCCs)
Data BrokersSubmitting opt-out requests on your behalfVaries

SCCs = EU Standard Contractual Clauses, providing GDPR-compliant cross-border transfer safeguards.

6. International Data Transfers

If you are located in the EEA, UK, Switzerland, or other regions with data transfer restrictions, your data may be transferred to countries that may not have equivalent data protection laws. We rely on EU Standard Contractual Clauses (SCCs) and other approved transfer mechanisms to ensure adequate protection of your data. You may request a copy of applicable SCCs by contacting us at privacy@ierase.ai.

7. Data Retention

  • Active accounts: Data retained for the lifetime of your account
  • Account deletion: Personal data deleted within 30 days of account closure
  • Billing records: Retained for 7 years as required by financial regulations
  • Identity documents: Deleted within 90 days of upload or immediately upon account deletion
  • Inactive accounts: Accounts inactive for 24+ months will receive a deletion notice and be deleted after 30 days if no response

8. Your Privacy Rights

All Users

  • Access your data (download from Settings)
  • Correct inaccurate data (contact us)
  • Delete your account and all associated data (from Settings)
  • Opt out of marketing emails (unsubscribe link in any email)
  • Withdraw consent at any time (does not affect prior lawful processing)

EU / EEA / UK / Swiss Users — GDPR Rights

  • Right of access (Art. 15) — receive a copy of your personal data
  • Right to rectification (Art. 16) — correct inaccurate data
  • Right to erasure (Art. 17) — “right to be forgotten”
  • Right to restriction (Art. 18) — limit how we use your data
  • Right to portability (Art. 20) — receive data in machine-readable format
  • Right to object (Art. 21) — object to processing based on legitimate interests
  • Right to lodge a complaint — with your local data protection authority (DPA)

California Users — CCPA/CPRA Rights

  • Know what personal information we collect, use, or disclose
  • Delete your personal information
  • Opt out of the “sale” of personal information (we do not sell your data)
  • Non-discrimination for exercising CCPA rights
  • Correct inaccurate personal information
  • Limit use of sensitive personal information

Canadian Users — PIPEDA

  • Access and correct your personal information
  • Withdraw consent for collection, use, or disclosure
  • File a complaint with the Office of the Privacy Commissioner of Canada

Asian Region Users

  • Japan (APPI): Right to disclose, correct, add/delete, cease utilisation of your retained personal data
  • Singapore (PDPA): Right to access and correction
  • South Korea (PIPA): Right to access, correction, deletion, and processing suspension
  • Australia (Privacy Act 1988): Right to access and correction of personal information

To exercise any of these rights, email privacy@ierase.ai or use the tools in your Account Settings. We will respond within 30 days (GDPR: within 1 month, extendable by 2 months for complex requests).

9. Security

We implement technical and organisational security measures including: TLS/SSL encryption in transit, AES-256 encryption at rest (Supabase), role-based access controls, secure authentication (Clerk), and regular security reviews. We never store payment card numbers. In the event of a data breach affecting your rights and freedoms, we will notify affected users and relevant authorities within 72 hours as required by GDPR.

10. Cookies

We use only strictly necessary cookies for authentication and session management. We do not use advertising or tracking cookies. See our Cookie Policy for full details.

11. Children's Privacy

iErase is not directed to children under the age of 16 (or 13 in the United States). We do not knowingly collect personal data from children. If you believe we have collected data from a child under these ages, please contact us immediately and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email to registered users at least 30 days before taking effect. The “Last updated” date at the top indicates when changes were last made. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact & Complaints

Privacy enquiries: privacy@ierase.ai

General support: support@ierase.ai

EU/EEA users who are not satisfied with our response have the right to lodge a complaint with their local supervisory authority. A list of EU DPAs is available at edpb.europa.eu.