Privacy Policy

Lookups.io provides data from a combination of proprietary and third-party sources. Some data is owned, maintained, and hosted directly by Lookups.io, while other data is retrieved in real-time from external sources including:

• Proprietary datasets owned and maintained by Lookups.io
• Third-party data providers and licensed data sources
• Publicly accessible records and directories
• External API endpoints
• Open Source Intelligence (OSINT) sources

For data sourced from third parties, we do not control the underlying records and cannot guarantee their accuracy, completeness, or timeliness. Corrections or removals at an external source will eventually reflect on our platform, but we do not have direct administrative control over those databases. For proprietary data owned by Lookups.io, we make reasonable efforts to maintain accuracy but provide no guarantees.

We collect the following types of information:

Account Information: When you register, we collect your email address and password. Passwords are hashed and salted before storage and are never stored in plaintext. If you sign up via Google, we receive your email address, Google account ID, and email verification status from Google. Your Google profile name and picture are not stored by us.

Payment & Billing: When you subscribe to a paid plan, payment details are processed and stored securely by our payment processor (Stripe). We do not store your credit card number, CVV, or full payment details on our servers. We do store your Stripe Customer ID to manage your subscription, and we maintain internal order records including your plan type, billing cycle, and subscription status.

API Keys: Each account is assigned a unique API key for programmatic access. This key is stored on your account and can be rotated at any time.

Search Activity: When you perform searches, we store your search queries (search type, search term, location, and result count) to provide your search history. Separately, the results returned by searches may be stored by Lookups.io for data collection and enrichment purposes, independent of your account.

Profile Unlocks: When you unlock a person's profile, we store a record of that unlock (the profile identifier, name, and location) linked to your account.

Server Logs: Our servers may temporarily output request metadata (IP address, request path, status code, and latency) to runtime logs for debugging and monitoring purposes. These logs are not persisted to a database or stored long-term.

Cookies: We use a secure, HTTP-only authentication cookie to maintain your session. We do not use third-party advertising or tracking cookies. See our Cookie section below.

Contact Submissions: If you contact us through our contact form, we collect your name, email address, subject, and message content.

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and manage subscriptions via Stripe
• Provide your recent search history and profile unlock records
• Respond to user inquiries and support requests
• Send service-related communications (email verification, password resets)
• Detect, prevent, and address fraud, abuse, and security issues via rate limiting and bot detection
• Verify human users via Cloudflare Turnstile (CAPTCHA)
• Comply with legal obligations
• Enforce our Terms of Service, including the FCRA Disclaimer

We do not sell your personal account information to third parties.

We use essential cookies to operate the Service (authentication, session management) and analytical cookies to understand usage. You can control cookie settings through your browser, but disabling essential cookies may prevent you from using the Service.

We implement technical measures to protect the information we collect and store, including:

• Database infrastructure protected behind a VPN — direct access to stored user data is restricted to VPN-authorized connections only
• Hashed and salted password storage using bcrypt — passwords are never stored or transmitted in plaintext
• Secure, HTTP-only authentication cookies with SameSite and Secure flags
• Rate limiting on search and API endpoints to prevent abuse
• IP-based access controls and blocking
• CORS policies restricting cross-origin requests
• CAPTCHA verification (Cloudflare Turnstile) to prevent automated abuse

No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but take reasonable steps to protect your data.

We retain your account information for as long as your account is active or as needed to provide the Service. We may retain certain information after account closure as required by law, to resolve disputes, enforce agreements, or for legitimate business purposes.

Search history: When you perform a search, a record of your query (query type, term, location, and result count) is saved to your account to provide your search history. This is retained for as long as your account is active.

Search results: Separately from your search history, the results returned by your searches may be stored by Lookups.io for data collection, enrichment, and service improvement purposes. These stored results are not tied to your account and may be retained indefinitely.

Unlock records: Records of profiles you have unlocked are retained for as long as your account is active.

Account deletion: When you delete your account, your user record and Stripe subscriptions are removed. Some associated records (orders, unlock history) may persist in our database unless separately purged.

Depending on your jurisdiction, you may have the right to:

• Access, correct, or delete your personal account data
• Request a copy of your data in a portable format
• Opt out of certain data processing activities
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

Regarding search result data: If you are the subject of a search result and wish to have your information removed from appearing in our Service, please contact [email protected] with your request. Note that because we aggregate data from third-party sources, removal from our platform does not remove the data from the original source.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where we operate.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected information from a child under 18, we will take steps to delete such information promptly.