Privacy Policy

Last updated: February 6, 2026

Your privacy matters. Here's exactly what data we collect, why we collect it, and what we do with it. No vague corporate speak. Just straight answers.

The Short Version

We collect only what we need to run the service. We don't sell your data. We don't share it with advertisers. We use it to provide address generation and improve the service.

What We Collect:

  • • Account data (email, name when you sign up)
  • • Usage data (how many addresses you generate)
  • • Technical data (IP address, browser type for security)

1. Information We Collect

Here's the complete breakdown of what we collect and why:

Account Information

When you create an account, we collect:

  • Email address - For login, account recovery, and important notifications
  • Name - If you sign up via Google OAuth
  • Password hash - We never store your actual password, only an encrypted hash
  • Profile picture - If you sign in with Google and choose to use it

Why: To create and maintain your account, authenticate you securely, and communicate with you about your usage.

Usage Data

We track how you use Placevy:

  • Generation count - How many addresses you've generated today/this month
  • Countries selected - Which countries you generate addresses from
  • API requests - API endpoint calls and responses
  • Timestamps - When you make requests
  • Rate limit status - To enforce daily limits fairly

Why: To enforce tier limits (1/day for Anonymous), prevent abuse, and improve service performance.

Technical Data

For security and service delivery:

  • IP address - To detect abuse, enforce rate limits, and prevent fraud
  • Browser fingerprint - Anonymous device identifier for rate limiting
  • User agent - Browser and device type
  • Cookies - Session management and authentication (details below)

Why: Anonymous users (no account) still get 1 generation per day. We need to track that somehow. We use IP address and browser fingerprinting to enforce this fairly without requiring signup.

2. How We Use Your Data

We use your information for these specific purposes:

Service Delivery

Generate addresses, enforce rate limits, process API requests, and deliver the core functionality you signed up for.

No Payments

We do not process payments or store payment information.

Security and Fraud Prevention

Detect suspicious activity, prevent API abuse, protect against automated attacks, and maintain service integrity.

Communication

Send account-related emails (password resets, security alerts). We don't send marketing emails unless you explicitly opt in.

Service Improvement

Analyze usage patterns to identify popular countries, optimize performance, fix bugs, and add features users actually want.

Legal Compliance

Respond to legal requests, enforce our Terms of Service, and comply with applicable laws and regulations.

3. Who We Share Data With

We don't sell your data. Period. Here's who we share it with and why:

Google (OAuth Authentication)

What they get: Confirmation that you authenticated via Google

Why: If you choose to sign in with Google, they handle authentication. We receive your email and name (if you provide it). Read Google's privacy policy for their data practices.

Legal Obligations

We may disclose your information if required by law, court order, or government request. We'll notify you when legally permitted unless doing so would compromise an investigation or violate the law.

4. Cookies and Tracking

We use cookies. Here's exactly what they do:

Essential Cookies

Purpose: Authentication, session management, security

These are required for the service to function. If you block them, you can't log in or use authenticated features.

Rate Limiting Cookies

Purpose: Track daily generation limits for anonymous users

We store a unique identifier in localStorage to enforce the "1 per day" limit fairly.

Analytics Cookies

Purpose: Understand usage patterns, popular features, traffic sources

These help us improve the service. Data is anonymized and aggregated. You can opt out using browser settings or ad blockers.

5. How We Protect Your Data

Security is a priority. Here's what we do:

  • Encryption: All data transmitted to/from Placevy uses HTTPS/TLS encryption
  • Password security: Passwords are hashed using industry-standard bcrypt (never stored in plain text)
  • Database security: Firewalled servers, encrypted backups, restricted access
  • API authentication: Secure API keys with rate limiting and abuse detection
  • Access controls: Only essential staff can access production systems, and all access is logged
  • Regular updates: We keep our infrastructure patched and up-to-date

But here's the reality: No system is 100% secure. We implement industry-standard protections, but we can't guarantee absolute security. If you discover a security vulnerability, report it to security@placevy.com immediately.

6. Your Privacy Rights

You have control over your data. Here's what you can do:

Access Your Data

Request a copy of all data we have about you. We'll provide it in a portable format (JSON or CSV) within 30 days.

Correct Your Data

Update your account information anytime from your dashboard. Email address, password, profile details—you control it.

Delete Your Data

Delete your account from your dashboard. We'll permanently remove your personal data within 30 days. Usage logs may be retained in anonymized form for analytics.

Export Your Data

Download your usage history, generated addresses, and account information in machine-readable format.

Opt Out of Communications

Unsubscribe from non-essential emails anytime. You'll still receive critical account and security notifications.

Object to Processing

If you're in the EU/EEA, you can object to certain data processing activities. Contact privacy@placevy.com to exercise this right.

To exercise any of these rights: Email privacy@placevy.com with your request. We'll respond within 30 days.

7. How Long We Keep Your Data

We keep data only as long as necessary:

  • Active accounts: Data retained while your account is active
  • Deleted accounts: Personal data deleted within 30 days of account deletion
  • Usage logs: Anonymized usage data retained for up to 2 years for analytics
  • Payment records: Transaction history retained for 7 years (legal requirement for tax/accounting)
  • Security logs: IP addresses and access logs retained for 90 days for fraud prevention

If you delete your account, we remove your email, name, password, and other personal identifiers. Anonymized usage statistics (e.g., "someone generated an address from Germany on this date") may remain for service improvement.

8. Children's Privacy

Placevy is not intended for children under 13 years old (or 16 in the EU/EEA).

We don't knowingly collect personal information from children. If you're under 13 (or 16 in EU/EEA), don't create an account or provide any personal information.

If we learn we've collected data from a child, we'll delete it immediately. Parents/guardians who believe we've collected their child's information should contact privacy@placevy.com.

9. International Data Transfers

Placevy serves users globally from 190+ countries. Your data may be transferred to, stored, and processed in countries other than where you live.

For EU/EEA users: We comply with GDPR. Data transfers outside the EU/EEA are protected by standard contractual clauses or adequacy decisions recognized by the European Commission.

By using Placevy, you consent to your data being transferred and processed in accordance with this Privacy Policy.

10. Third-Party Services and Links

Our service integrates with third-party providers:

These third parties have their own privacy policies. We're not responsible for their practices. Review their policies before using their services through Placevy.

11. California Privacy Rights (CCPA)

If you're a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: What personal information we collect, use, and share
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: Opt out of the "sale" of personal information (we don't sell data, so this doesn't apply)
  • Right to non-discrimination: We won't discriminate against you for exercising your rights

To exercise these rights, contact privacy@placevy.com. We'll verify your identity and respond within 45 days.

12. Changes to This Privacy Policy

We may update this privacy policy occasionally. When we do:

  • • We'll update the "Last updated" date at the top of this page
  • • We'll notify you via email if changes are significant
  • • Your continued use after changes means you accept the updated policy

We recommend reviewing this page periodically to stay informed about how we protect your privacy.

13. Questions or Concerns?

If you have questions about this privacy policy or how we handle your data:

We'll respond to privacy-related inquiries within 30 days.

TL;DR (Summary)

Here's the condensed version:

  • • We collect account data, usage data, and technical data
  • • We use it to provide the service, prevent fraud, and improve Placevy
  • • We don't sell your data to advertisers or third parties
  • • We use cookies for authentication, rate limiting, and analytics
  • • You can access, correct, delete, or export your data anytime
  • • We encrypt data in transit and at rest using industry-standard security
  • • We delete your data within 30 days of account deletion
  • • Questions? Email privacy@placevy.com