Privacy Policy & Ephemeral Processing Notice
EFFECTIVE DATE: MAY 28, 2026 | COMPLIANT WITH UK GDPR & DPA 2018
THE ZERO-RETENTION GUARANTEE
My Data Trail operates strictly as an ephemeral data processor. All Open-Source Intelligence (OSINT) data extracted during your scan is processed entirely in volatile memory (RAM). The moment your secure PDF dossier is successfully emailed to you, your search parameters and the resulting report are permanently and irreversibly purged from our servers. We do not construct databases of your footprint, and we do not retain your search metadata.
1. Who We Are
My Data Trail ("we", "us", "our") is a UK-based automated Open-Source Intelligence (OSINT) service. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we act in two distinct capacities:
- Data Controller: For the financial transaction and delivery email address provided at checkout.
- Ephemeral Data Processor: For the targeting parameters (URLs, Names, Locations) you submit to generate your custom report.
2. Information We Collect
Because we adhere to strict data minimization principles, we only collect the exact data required to execute your transaction and generate your requested report.
- Transactional Data: Your email address and purchase status. (Note: We do not process or store credit card data. All payments are securely processed by our Merchant of Record, Gumroad).
- Targeting Parameters: The web links, names, and keyword identifiers you enter into the checkout form.
3. Strict Prohibition Against Biometric Processing
We explicitly do not collect, process, or cross-reference any special category data under Article 9 of the UK GDPR. Our platform features absolute technical prohibitions against facial recognition, reverse image indexing (e.g., Clearview AI, Google Lens), or any biometric tracking mechanisms.
4. How We Use Your Data (The Ephemeral Pipeline)
Your targeting parameters are subjected to an automated, immediate lifecycle:
- Ingestion: Your parameters are received securely via our server webhook.
- Querying: Our engine uses your parameters to query third-party public registries and breach databases (such as People Data Labs, Tavily, and Have I Been Pwned).
- Compilation: The extracted data is compiled into a secure PDF document in our server's RAM.
- Delivery: The PDF is emailed to your provided address.
- The Purge: Immediately upon successful email dispatch, the temporary job ticket and the PDF file are permanently deleted from our system using system-level destroy commands.
5. Legal Basis for Processing
Under UK GDPR Article 6, our lawful bases for processing your data are:
- Contractual Necessity: We must process your email and targeting parameters to deliver the digital service you purchased.
- Legitimate Interests: To prevent fraud, ensure network security, and verify API authenticity.
6. Third-Party Sub-Processors
To operate our highly automated architecture, we transmit data to the following strictly vetted sub-processors:
- Gumroad: Our Merchant of Record. Handles all payment processing and checkout hosting.
- Resend: Our transactional email API. Used strictly to deliver your PDF report securely.
- People Data Labs & Tavily: Third-party APIs queried to extract public surface-web and identity graph data.
- Have I Been Pwned (Tier 2 Only): Queried securely to check for compromised credentials in known data breaches.
Note: We do NOT sell your data to any third parties, marketing firms, or data brokers.
7. Your UK GDPR Rights
Even though we do not store your OSINT data, you still retain full rights under UK GDPR regarding your transactional data (email address / purchase record):
- Right of Access: You can request a copy of the transactional data we hold.
- Right to Erasure (Right to be Forgotten): You can request that we delete your email address from our secure transaction logs.
- Right to Rectification: You can ask us to correct inaccurate transactional data.
To exercise any of these rights, contact us at the email below.
8. Cookies & Tracking
We do not utilize invasive marketing pixels (e.g., Facebook/Meta Pixel) or cross-site tracking cookies. We only utilize strictly necessary session cookies required by our hosting provider (Hostinger) and our payment gateway (Gumroad) to ensure the website loads securely and checkout functions correctly.
9. Contact the System Administrator
If you have any questions regarding our Ephemeral Processing Policy, or wish to exercise your data rights, contact the primary system administrator at:
Email: support@mydatatrail.com