Privacy Policy

Last updated: March 1, 2026

What We Do

WhoExposedMe.com is a free privacy scanner that checks whether your personal information appears on data broker websites and in known data breaches. We built this tool to help people understand and reduce their online exposure.

Data We Collect During a Scan

When you run a scan, you provide:

• First and last name (required)
• Email address (required)
• City and state (optional)

How We Store Your Data

When you run a scan, we store your name, email address, and scan results (risk score, brokers found, breaches detected) in a secure database. We use this data to:

• Send you a personalized privacy report immediately after your scan
• Send a short email sequence (up to 5 emails over 7 days) with actionable steps to remove your data and protect your identity

Your scan results are stored securely and are never shared with third parties. We use industry-standard encryption and access controls.

Emails We Send

After scanning, you will receive:

• Immediate report: Your personalized scan results with risk score and broker details
• Follow-up sequence: Up to 4 additional emails over 7 days with removal guides, risk education, and protection recommendations

Every email includes a one-click unsubscribe link. Once you unsubscribe, you will receive no further emails from us.

We never sell, rent, or share your email address with third parties. That would be deeply ironic given what we do.

Cookies and Analytics

We may use:

• Google Analytics to understand aggregate traffic patterns (pages visited, general location, device type). No personal scan data is sent to Google.
• Meta Pixel for advertising measurement. This tracks page views and conversion events (like starting a scan) but does not receive your scan input or results.

You can block these trackers with any standard ad blocker. The scanner works fine without them.

Third-Party Services

To perform scans, we query:

• Data broker sites via search APIs to check if your name appears in public listings
• Have I Been Pwned (HIBP) to check if your email appears in known data breaches

These queries are made server-side. Your information is sent to these services only as needed to perform the scan and is not stored by us afterward.

Affiliate Links

We recommend Aura's identity protection service and earn a commission if you sign up through our links. This is how we keep the scanner free. Clicking an Aura link does not share your scan data with Aura — it simply tracks that you came from our site.

Data Retention

• Scan data: Your name, email, and scan results are stored securely in our database. You can request deletion at any time.
• Email sequence: We track which emails have been sent to avoid duplicates. This data is deleted when you request account deletion.
• Analytics data: Governed by Google's and Meta's respective privacy policies.
• Rate limiting data: IP address hashes are stored in memory temporarily (up to 1 hour) to prevent abuse. We hash your IP — we never store your actual IP address.

Your Rights

You can request deletion of any data we hold about you (primarily your email, if you submitted it). Contact us at the email below and we will delete your information within 30 days.

Security

All connections to WhoExposedMe.com are encrypted via HTTPS. We follow security best practices including content security policies, rate limiting, and server-side API key management. No API keys or sensitive credentials are ever exposed in client-side code.

Contact

For privacy questions or data deletion requests, email: privacy@whoexposedme.com