1. Introduction
OsintCat Inc. ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to transparency and giving you control over your personal data.
This Privacy Policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our Service, you consent to the data practices described in this policy.
2. Information We Collect
2.1 Account Information
When you register for an account, we collect:
- Email Address: Required for account creation, authentication, password resets, and important service communications
- Username: Optional display name for your account
- Account Credentials: Passwords are hashed and never stored in plain text. We cannot retrieve your password.
- IP Addresses: Logged during registration and while using the platform to prevent abuse and enforce our Terms of Service.
2.2 Payment Information
For paid subscriptions, we collect:
- Платёжная информация: Безопасно обрабатывается сторонними платёжными провайдерами: Stripe (кредитные карты, Google Pay, Apple Pay), PayPal и OxaPay (криптовалюта)
- Платёжные токены: Мы получаем платёжные токены и идентификаторы транзакций от платёжных провайдеров. Мы никогда не получаем и не храним ваш полный номер карты, CVV или учётные данные Google Pay / Apple Pay.
- Записи о платежах: Мы храним записи о транзакциях для бухгалтерских целей и обслуживания клиентов
Important: We do not store complete credit card numbers, CVV codes, or full payment card details on our servers. All payment processing is handled by PCI-DSS compliant third-party processors.
2.3 Usage and Technical Information
To provide and secure our Service, we automatically collect:
- Поисковые запросы: Мы регистрируем поисковые запросы для анализа использования платформы, предотвращения злоупотреблений и выявления незаконной деятельности, включая поиск материалов о сексуальном насилии над детьми (CSAM). Мы не храним результаты этих поисков.
2.4 Authentication and Security Data
For account security, we may collect:
- Two-Factor Authentication (2FA) Secrets: Encrypted and stored if you enable 2FA
- Login History: IP addresses and timestamps of account access
- Security Events: Records of suspicious activities, failed login attempts, and security violations
2.5 Support and Communication Data
When you contact us or use support features:
- Support Tickets: Messages, attachments, and related communications
- Email Communications: Correspondence between you and our support team
3. Что мы НЕ собираем
Мы придерживаемся принципа минимизации данных. Чтобы защитить вашу конфиденциальность, мы внедрили строгую политику отсутствия логов для конфиденциальных действий:
- Результаты поиска: Мы НЕ протоколируем и не храним результаты ваших поисков
- Данные расследования: Мы НЕ отслеживаем, какие данные вы расследуете и почему
- Данные третьих лиц: Мы НЕ храним данные, полученные из сторонних источников, сверх того, что необходимо для обработки в реальном времени
Ваши следственные действия обрабатываются в оперативной памяти и никогда не записываются в постоянное хранилище или лог-файлы. Тем не менее, мы регистрируем поисковые запросы (без результатов) для предотвращения злоупотреблений платформой и обнаружения незаконной деятельности, такой как поиск материалов, связанных с сексуальным насилием над детьми (CSAM). Такой подход, ориентированный на конфиденциальность, гарантирует сохранение тайны вашего исследования и позволяет нам соблюдать правовые и этические стандарты.
4. How We Use Your Information
4.1 Service Provision
We use your information to:
- Create and manage your account
- Process payments and manage subscriptions
- Provide access to OSINT tools and API endpoints
- Enforce usage limits and rate restrictions based on your subscription plan
- Deliver search results and intelligence data
4.2 Security and Abuse Prevention
We use your information to:
- Detect and prevent account sharing, API key sharing, license key sharing, and unauthorized access (ZERO TOLERANCE POLICY)
- Monitor IP addresses, usage patterns, and access locations to identify account and key sharing violations
- Identify and block malicious activities, abuse, and security threats
- Monitor for suspicious patterns that may indicate fraud, account sharing, or Terms of Service violations
- Enforce IP whitelisting and access controls
- Investigate security incidents and policy violations
- Take immediate enforcement action against detected violations, including permanent account suspension
We actively monitor and log IP addresses, access patterns, and usage data specifically to detect and prevent account sharing and key sharing. Any detected violation will result in immediate and permanent account termination without refund.
4.3 Communication
We use your email address to:
- Send account verification codes and authentication emails
- Notify you of important service updates, security alerts, and policy changes
- Respond to support requests and inquiries
- Send transactional emails (invoices, payment confirmations, etc.)
You can opt out of marketing communications at any time, but you cannot opt out of essential service communications.
4.4 Service Improvement
We may use aggregated, anonymized data to:
- Analyze usage patterns and improve service performance
- Develop new features and enhance existing functionality
- Monitor system health and optimize infrastructure
5. Legal Basis for Processing (GDPR)
Under GDPR, we process your personal data based on the following legal grounds:
- Contractual Necessity: Processing necessary to fulfill our contract with you (providing the Service)
- Legitimate Interests: Processing for security, fraud prevention, and service improvement
- Legal Obligations: Compliance with applicable laws and regulations
- Consent: Where you have provided explicit consent for specific processing activities
6. Data Sharing and Disclosure
6.1 Third-Party Service Providers
We may share your information with trusted third-party service providers who assist us in operating our Service:
- Stripe (США): Обработка платежей по картам, Google Pay и Apple Pay. Stripe сертифицирован по PCI-DSS Level 1. Передача данных осуществляется на основании Стандартных договорных положений. Политика конфиденциальности: stripe.com/privacy
- PayPal (США/Люксембург): Обработка платежей PayPal. Политика конфиденциальности: paypal.com/privacy
- OxaPay (Cyprus): Cryptocurrency payment processing. Privacy policy: oxapay.com/terms-privacy-policy
- Cloudflare (США): Сеть доставки контента (CDN), защита от DDoS и DNS-сервисы. Передача данных осуществляется на основании Стандартных договорных положений. Политика конфиденциальности: cloudflare.com/privacypolicy
- Oracle Cloud Infrastructure (США/ЕС): Хостинг, вычислительная инфраструктура и хранение данных. Данные могут обрабатываться в дата-центрах ЕС. Соглашение об обработке данных доступно по запросу.
- Поставщик услуг электронной почты: Используется для транзакционных писем (подтверждение аккаунта, счета, оповещения о безопасности). Маркетинговые данные не передаются.
All third-party service providers are contractually obligated to protect your information and use it only for the purposes we specify.
6.2 Legal Requirements
We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to:
- Comply with legal obligations
- Protect our rights, property, or safety
- Prevent or investigate fraud or security issues
- Enforce our Terms of Service
6.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control.
6.4 What We DO NOT Share
We DO NOT:
- Sell your personal data to third parties
- Share your search queries or investigation data
- Provide your information to advertisers or marketing companies
- Disclose your data except as described in this Privacy Policy
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:
- Account Data: Retained while your account is active and for a reasonable period after account closure for legal and accounting purposes
- Payment Records: Retained as required by law (typically 7 years for tax and accounting purposes)
- Security Logs: Retained for up to 12 months for security analysis and incident investigation
- Support Communications: Retained for up to 3 years after ticket resolution
You may request deletion of your account data at any time, subject to legal retention requirements.
8. Your Rights (GDPR and Data Protection)
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right to Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Request limitation of how we process your data
- Right to Data Portability: Request transfer of your data to another service
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent where processing is based on consent
To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days, as required by GDPR.
9. Data Security
We implement industry-standard security measures to protect your information:
- Encryption: Data in transit is encrypted using TLS/SSL. Sensitive data at rest is encrypted
- Access Controls: Limited access to personal data on a need-to-know basis
- Secure Authentication: Support for two-factor authentication (2FA)
- Regular Security Audits: Ongoing monitoring and assessment of security practices
- Incident Response: Procedures for detecting, responding to, and notifying about security breaches
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
10. International Data Transfers
Ваша информация может обрабатываться и храниться в странах за пределами Европейской экономической зоны (ЕЭЗ). Следующие сервисы предполагают международную передачу данных: Stripe (США: обработка платежей), PayPal (США: обработка платежей), Cloudflare (США: CDN и защита от DDoS). При международной передаче данных мы обеспечиваем соответствующие меры защиты, такие как:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Other legally recognized transfer mechanisms
11. Children's Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
12. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Maintain your session and authentication state
- Remember your preferences and settings
- Analyze service usage (anonymized)
You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of the Service.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:
- Posting the updated policy on this page with a new "Last Updated" date
- Sending an email notification to the address associated with your account
- Displaying a prominent notice on our platform
Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: [email protected]
Legal Notice: View Legal Notice
Назначение специального должностного лица по защите данных (DPO) не требуется для организации нашего размера согласно ст. 37 GDPR. Тем не менее, все запросы по защите данных обрабатываются непосредственно нашим руководством. По вопросам, связанным с GDPR, вы также имеете право подать жалобу в компетентный надзорный орган. В Германии это Федеральный уполномоченный по защите данных и свободе информации (BfDI): www.bfdi.bund.de. В зависимости от федеральной земли вашего проживания соответствующий Landesbehörde (земельный орган) также может иметь юрисдикцию.
This Privacy Policy is effective as of January 7, 2026.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.