Privacy and security are
We only use the information you share to find and verify removals.
We never sell or share your information. If something is unclear, please reach out to [email protected]
Collecting and tracking activity
We don't rely on 3rd parties like Google or Mailchimp. We collect all data through our own web forms. These leverage Django CSRF protection. Across our site and app we use HTTPS to encrypt and prevent modification and interception of data. We use a self-hosted and open source product for app analytics, PostHog. Data is de-identified and geolocation is never tracked.
All data is stored in a separate access-controlled database within Digital Ocean and Amazon Web Services (AWS) data centers. Digital Ocean and AWS data centers' operations have been accredited under ISO 27001, SOC 1 and SOC 2. We only store the information we need to complete removals. Once you decide you no longer need Kanary, we delete all of your information.
All data written to disk is automatically encrypted at rest. All database connections require SSL encryption. We rely on Django standards for protecting passwords - the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST. Two-factor authentication (2FA) is available for all accounts as an added layer of security.
We keep application logs for 1 week before they are deleted. Your account data is used to increase the accuracy of scans and removal requests over time. If you choose to leave Kanary, we delete your account data immediately. If you delete pieces of information while using Kanary, that data will be deleted across our system and no longer referenced for removals.
Communication with you
We use email to communicate with you to discuss complex removals. We also require members verify that they have access to phone numbers and emails before removal. We do this through a phone call, text, and email verification as a safety measure. We use ProtonMail's encrypted email service to ensure the encrypted messages our members send us stay encrypted.
Data about websites
We built Kanary to remove personal data from unwanted sites. We need to hold websites accountable if they do not respond to privacy and data removal requests. To do this, we collect statistics about which sites are responsive and which sites are not. We occasionally share the aggregated statistics about site responsiveness with privacy researchers, advocates, and regulators.