PrivacyIceberg LogoPrivacyIceberg

Privacy Policy

Your privacy and security is of the utmost importance to us. We describe in this policy how we collect and use information about you in your use of our services, including our platform and the website. If you are one of our customers, you should read this policy in conjunction with our Terms of Service.

  • Who are we?

    We are PrivacyIceberg.com, a SaaS startup that automates data removal requests to data brokers on behalf of our users. Under applicable data protection laws — including the EU GDPR and Canada’s PIPEDA — we act as the “data controller,” meaning we determine the purposes and means of processing your personal data.

  • How do we collect your data?

    Directly from you: when you register for an account, fill in a contact form, or email us.

  • What data do we collect?

    Personal Data: Account info, removal request details, support correspondence.

    Non-Personal Data: Technical usage data, anonymized analytics.

  • How do we use your data?

    We use your data to provide, maintain, and improve our services, process removal requests, bill and support you, and comply with legal obligations.

  • Legal basis for processing your personal data

    Performance of contract, consent, legitimate interests, and legal obligations.

  • With whom do we share personal data?

    We do not sell your data. We share only as needed with data brokers to fulfill requests, hosting providers (GCP, AWS), payment processors (Stripe), email services (Amazon SES), support tools (Zendesk), and legal authorities when required.

    If you represent a broker and want integration alternatives, contact us at matt@privacyiceberg.com.

  • How long do we retain your personal data?

    Data is kept only as long as needed to provide services and comply with laws. After account deletion, we purge active records within 90 days and backups within 180 days.

  • How do we transfer your data?

    We use Standard Contractual Clauses, encryption, and the EU-US Data Privacy Framework for international transfers.

  • Your rights

    Access, rectify, erase, restrict, object, data portability, withdraw consent. Request via privacy@privacyiceberg.com.

  • Security

    We apply TLS, regular audits, vulnerability scans, and strict access controls. Staff are under NDA.

  • Changes to this policy

    We may update this policy. Significant changes will be notified 30 days before the effective date.

Last revised: April 20, 2025