IdentityRecord
Own Your Identity

LEGAL

Privacy Policy

Effective Date: April 15, 2026

IdentityRecord, Inc. (“IdentityRecord,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over it. It applies to identitydns.com, the IdentityRecord platform, and related services (together, the “Service”).

By using the Service, you agree to this Policy. If you do not agree, do not use the Service.

1. Who We Are

IdentityRecord, Inc. is a Delaware corporation. You can contact our privacy team at legal@identitydns.com.

2. Information We Collect

We collect the following categories of information:

  • Account Information: name, email address, password, business role, and, for agency accounts, company details.
  • Business Identity Data: the structured business data you provide or claim (legal name, addresses, hours, credentials, licenses, proofs, and other Identity Record fields).
  • Payment Information: billing address and payment method. Card numbers are handled by Stripe; we do not store full card numbers on our systems.
  • Communications: messages you send us, support requests, survey responses, and SMS consent records.
  • Usage & Device Data: IP address, browser type and version, device identifiers, pages viewed, referring pages, timestamps, and interactions with the Service.
  • Telemetry & Diagnostics: error reports, performance metrics, and, where you enable it, AI citation telemetry you choose to import.
  • Cookies & Similar Technologies: see Section 5.

3. How We Use Your Information

  • To provide, operate, secure, and improve the Service.
  • To create, maintain, and broadcast the Identity Record you own.
  • To process subscriptions, payments, and renewals.
  • To send transactional messages (account, billing, security, and service updates).
  • To send marketing messages where permitted and from which you can unsubscribe at any time.
  • To comply with legal obligations and enforce our Terms of Service.
  • To detect and prevent fraud, abuse, and security incidents.

4. Legal Bases for Processing (EU/UK Users)

Where the EU or UK General Data Protection Regulation applies, we process your personal data under one or more of the following legal bases: performance of a contract, your consent, compliance with a legal obligation, and our legitimate interests in operating and improving the Service.

5. Cookies and Tracking Technologies

We use cookies and similar technologies for essential site operation, authentication, analytics, and marketing. Specifically:

  • Strictly necessary cookies: required for session management, authentication, and security. These cannot be disabled without breaking the Service.
  • Analytics cookies: Google Analytics, to understand how visitors use our pages.
  • Marketing cookies: Meta (Facebook) Pixel, for conversion measurement and advertising.

You can control cookies through your browser settings. Disabling some cookies may limit functionality.

6. Service Providers and Third Parties

We share personal information with vendors who process it on our behalf, under contractual confidentiality and security obligations. Current providers include:

  • Vercel (hosting and edge delivery)
  • Supabase (database and authentication)
  • Stripe (payment processing)
  • Twilio (SMS messaging, subject to your consent)
  • Google (OAuth sign-in, Google Analytics)
  • Meta (Facebook Pixel conversion tracking)
  • Sentry (error monitoring)

We may also disclose information to comply with legal process, protect our rights and the safety of others, or in connection with a merger, acquisition, or sale of assets (in which case we will notify you).

7. Sale or Sharing of Personal Information

We do not sell your personal information for money. We do use third-party analytics and advertising services that may qualify as “sharing” or “cross-context behavioral advertising” under some state laws. You can opt out at any time: see Do Not Sell or Share My Personal Information.

8. Your Privacy Rights

California (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and share.
  • Access and receive a copy of your personal information.
  • Correct inaccurate personal information.
  • Delete personal information we hold about you, subject to exceptions.
  • Opt out of the sale or sharing of your personal information.
  • Limit the use of sensitive personal information.
  • Not be discriminated against for exercising your rights.

To exercise these rights, email legal@identitydns.com or use the Do Not Sell or Share link. We will verify your identity before responding.

Other US State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, and certain other states may have similar rights to access, correct, delete, or restrict the processing of their personal data and to appeal our decisions. Contact legal@identitydns.com.

EU, UK, and Other International Users (GDPR)

You have the right to access, rectify, erase, restrict, or object to our processing of your personal data, and to data portability. Where processing is based on consent, you can withdraw consent at any time. You may also lodge a complaint with your local supervisory authority.

9. Data Retention

We keep personal information for as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. When information is no longer needed, we delete or anonymize it.

10. Data Security

We use administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, loss, and misuse. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. International Data Transfers

We are based in the United States. If you access the Service from outside the US, your information may be transferred to, processed in, and stored in the US and other countries that may have different data-protection laws than your country of residence. Where required, we use appropriate safeguards for international transfers.

12. Children's Privacy

The Service is designed for business users and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us at legal@identitydns.com and we will delete it.

13. Do Not Track

Our Service does not currently respond to Do Not Track browser signals. We do honor Global Privacy Control (GPC) signals as an opt-out of sale/sharing under applicable law.

14. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated through the Service or by email. Continued use of the Service after an update constitutes acceptance of the updated Policy.

15. Contact Us

For questions, requests, or concerns, contact our privacy team at legal@identitydns.com.