Privacy and security are
our priority.
We only use information you share to find and verify removals. Once you delete your account we delete your information. We never sell or share your information.
If something is unclear, please reach out to [email protected]
Collecting and tracking activity
Across our site and app we use HTTPS to encrypt and prevent modification and interception of data. We use a an open source product for app analytics, PostHog.
Kanary requires certain information like city/state to accurately detect exposures. On our mobile apps, we track the minimal identifiers and location that allow the app to functionally at a high quality and our team to fix issues quickly.
Storing data
All data is stored in a separate access-controlled database within Amazon Web Services (AWS) data centers. AWS data centers' operations have been accredited under ISO 27001, SOC 1 and SOC 2.
We only store the information we need to complete removals. We create access requirements internally to limit data access to only the analysts responsible for reviewing the quality of your results or escalating issues.
Protecting data
All data written to disk is automatically encrypted at rest. All database connections require SSL encryption. We rely on Django standards for protecting passwords - the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST.
Two-factor authentication (2FA) and SSO for Apple, Google, Okta, EntraID and others is available for all accounts as an added layer of security.
Retaining data
We keep application logs for 1 week before they are deleted. Your account data is used to increase the accuracy of scans and removal requests over time.
If you choose to leave Kanary, we delete your account data immediately. If you delete pieces of information while using Kanary, that data will be deleted across our system and no longer referenced for removals.
Communication with you
We use email to communicate with you to discuss complex removals. We sometimes require that members verify that they have access to phone numbers and emails before removal. We do this through a phone call, text, and email verification as a safety measure.
We may use Signal, ProtonMail, WhatsApp or another encrypted service to ensure privacy in our communication. We may use unencrypted channels like Discord or Gmail for less sensitive communication.
Data about websites
We built Kanary to remove and update personal data from unwanted sites. We need to hold websites accountable if they do not respond to privacy and data removal requests. To do this, we collect statistics about which sites are responsive and which sites are not.
We occasionally share the aggregated statistics about site responsiveness with privacy researchers, advocates, and regulators.
