Privacy Policy
Last updated: February 21, 2026
Data Controller
Death2Data is operated as a sole proprietorship based in Florida, USA. For any privacy questions, contact matt@death2data.com.
What We Collect and Where It Lives
| Data | Where It's Stored | Why |
|---|---|---|
| Email address | Our server (Render) + Stripe | Account identity, billing |
| Subscription status & tier | Our server (Render) + Stripe | Determine what you can access |
| Authentication token (JWT) | Your browser (localStorage) | Keep you logged in |
| Payment method (card details) | Stripe only — we never see this | Process $1/mo subscription |
| Search queries | Not stored anywhere | Relayed to search engines, then discarded |
| Notebook entries | Your browser (localStorage) | Local-only, we cannot access |
| Files processed (sanitizer, converter) | Your browser memory only | Never uploaded, discarded on page close |
| Leak Score checks | Your browser only | Checked via public API, not logged by us |
On Our Server
Our API server on Render.com stores a minimal database containing: your email address, subscription tier (free/active), authentication tokens, and timestamps. This is the minimum required to operate a paid subscription service. We do not store search queries, browsing history, notebook content, or any data from our client-side tools.
On Your Device
Most D2D tools run entirely in your browser. Notebook entries, tool preferences, and processed files never leave your device. If you clear your browser's localStorage, that data is gone — we cannot recover it because we never had it.
On Stripe's Servers
Stripe processes your payment and stores your payment method, billing history, and email. See Stripe's Privacy Policy.
What We Do NOT Collect
- Search queries (relayed, not logged)
- Browsing history or page views
- Location data
- Device information or fingerprints
- Cookies (we use none)
- Analytics or tracking data (no Google Analytics, no pixels, nothing)
- Your name (unless Stripe provides it from your card)
How We Use Your Email
Your email is used to: identify your account, verify your subscription status, and contact you about critical service changes. We do not send marketing emails, newsletters, or promotional content unless you explicitly opt in to something in the future. We do not share your email with third parties except Stripe for billing.
Search Query Privacy
When you search on D2D, your query is relayed through our API server to external search engines. We act as a proxy — the search engine sees the query but not your identity. We do not log, store, or analyze your queries on our server. Once the results are returned to your browser, the query is gone from our system.
Cookies & Tracking
We do not use cookies of any kind. No tracking cookies, no analytics cookies, no session cookies. We use localStorage (not cookies) to keep you logged in. We do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts.
Third-Party Services
| Service | What They See | Their Privacy Policy |
|---|---|---|
| Stripe | Your email, payment method, billing address | stripe.com/privacy |
| GitHub Pages | IP address (standard web server logs) | GitHub Privacy Statement |
| Render.com | API requests (we don't log query content) | render.com/privacy |
| Google Fonts | IP address (font loading) | Google Privacy Policy |
Your Rights (GDPR — EU/EEA Users)
If you are in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
- Right to Access: Request a copy of all data we hold about you.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure: Request deletion of your data. We will delete your email and account from our server and request deletion from Stripe.
- Right to Data Portability: Request your data in a machine-readable format.
- Right to Object: Object to processing of your data.
- Right to Restrict Processing: Request that we limit how we use your data.
- Right to Withdraw Consent: Withdraw consent at any time by canceling your subscription and requesting account deletion.
Legal basis for processing: We process your email and subscription data based on contractual necessity (you need an account to use paid features) and legitimate interest (operating the service). We do not process data based on consent alone.
To exercise any right: Email matt@death2data.com. We will respond within 30 days.
Supervisory authority: You have the right to lodge a complaint with your local data protection authority.
Your Rights (CCPA — California Users)
If you are a California resident, you have the right to: know what personal information we collect, request deletion of your data, and opt out of the sale of your data. We do not sell your personal information. To exercise your rights, email matt@death2data.com.
Data Retention
- Active subscribers: We retain your email and account data for as long as your subscription is active.
- Canceled subscribers: We retain your data for 30 days after cancellation, then delete it from our server.
- Stripe data: Stripe retains payment records per their own policy. Request deletion from Stripe separately or ask us and we'll do it for you.
- Local data: Data on your device stays until you clear it. We have no control over this.
Data Security
Our server communicates over HTTPS only. Authentication tokens are JWTs with expiration. We do not store passwords — authentication is email-based. Our database is on Render's infrastructure with their security controls. However, no system is perfectly secure, and we cannot guarantee absolute security.
Children
Death2Data is not intended for anyone under 13 years old (or 16 in the EU). We do not knowingly collect data from children. If we discover we have, we will delete it immediately.
International Transfers
Our server is hosted in the United States via Render.com. If you are outside the US, your email address will be transferred to and stored in the US. By using D2D, you consent to this transfer. We rely on standard contractual clauses and the data processing agreements of our service providers (Stripe, Render) for lawful transfer.
Changes to This Policy
If we make material changes, we'll update the date at the top and notify subscribers by email. Continued use after changes constitutes acceptance.
Contact
For any privacy questions, data requests, or concerns:
Email: matt@death2data.com
Address: Death2Data, Florida, USA