Last updated: July 1, 2026 · Effective: July 1, 2026
Personpages (‘Personpages’, ‘we’, ‘us’, ‘our’) operates the website personpages.com and the associated person-lookup service (together, the ‘Service’). This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, how long we retain it, and the rights you have over it under the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), and other applicable privacy laws. Please read it carefully. By using the Service you acknowledge the practices described below.
Personpages is the controller of the personal information described in this Policy. For any privacy question, request, or complaint you can reach our privacy team at privacy@personpages.com. If you are located in the European Economic Area or the United Kingdom, our EU/UK representative can be reached at the same email address with the subject line "GDPR Representative".
This Policy applies to information we process about two distinct groups: (a) visitors and account holders who browse personpages.com, register for an account, or purchase unlocks (‘Users’), and (b) data subjects of profile pages — the individuals whose names appear in AI-generated profile summaries on the Service (‘Profile Subjects’). Different sections below apply to each group, and we call this out where relevant.
From Users we collect:
About Profile Subjects we ingest and derive:
We do not knowingly collect Social Security numbers, driver's license numbers, government ID numbers, financial account numbers, precise geolocation, biometric identifiers, health or medical data, or information about children under 16.
Information about Profile Subjects is obtained from: (i) publicly accessible websites indexed by mainstream search engines; (ii) government-published open data (e.g. corporate registries, court PACER-style dockets, election filings, sanctions lists); (iii) licensed third-party data providers that warrant a lawful basis for redistribution; and (iv) the AI model's inferences drawn from the combination of the above. We do not purchase data from data brokers who source from breached credentials, and we do not scrape sites in violation of their terms of service.
We use the categories described in Section 3 for the following purposes:
Where GDPR or UK GDPR applies, we rely on the following legal bases:
We do not process special categories of personal data (Art. 9) and we do not carry out solely automated decision-making that produces legal or similarly significant effects (Art. 22) — every unlock and removal decision involves human review on request.
We use a small number of first-party cookies to keep you signed in, remember which unlocks you have purchased, and prevent cross-site request forgery. These are strictly necessary and set without consent as permitted by ePrivacy law. We use a first-party analytics tool that stores an anonymised identifier for aggregated traffic reporting; you can opt out through the cookie banner or by sending a Global Privacy Control (GPC) header, which we honor. We do not use advertising cookies and we do not participate in real-time bidding.
We do not sell personal information for money. We do not "share" personal information for cross-context behavioral advertising as those terms are defined by the CCPA/CPRA. We disclose personal information only to:
Personpages is operated from the United States and our infrastructure is located in the United States and the European Union. When we transfer personal information out of the EEA, the UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (Module 1 or Module 2, as applicable), the UK Addendum, and — where recipients are certified — the EU-US, UK-US, and Swiss-US Data Privacy Framework. Copies of transfer safeguards are available on request.
Account data is retained while your account is active and for 24 months after closure so we can honor tax audits, dispute resolution, and reactivation requests, after which it is deleted or irreversibly anonymised. Transaction data is retained for 7 years to satisfy US and EU accounting and tax obligations. Server logs are retained for 30 days for security investigations. Profile Subject pages are retained until (a) a valid removal request is honored under Section 12, or (b) the underlying source signals disappear from public availability and the page is de-indexed automatically.
We apply administrative, technical, and organisational measures appropriate to the risk of the processing, including encryption in transit (TLS 1.2+) and at rest (AES-256), least-privilege access controls, hardware-backed key management, mandatory code review, quarterly penetration testing, background checks for staff with production access, and a documented incident-response plan. No system is perfectly secure; we will notify you and, where required, the competent supervisory authority within 72 hours of confirming a personal-data breach that is likely to result in a risk to your rights and freedoms.
Depending on where you live, you may have some or all of the following rights: (a) to access the personal information we hold about you, (b) to correct inaccurate information, (c) to delete personal information, (d) to restrict or object to processing, (e) to data portability, (f) to withdraw consent, (g) to opt out of "sale" or "sharing" (we do not engage in either), (h) to opt out of targeted advertising and profiling with legal or similarly significant effects, (i) to appeal a denied request, and (j) to lodge a complaint with your local supervisory authority (e.g. the Irish DPC, the UK ICO, the California Privacy Protection Agency, or your state Attorney General).
To exercise these rights, use our Data Removal portal or email privacy@personpages.com. We will verify your identity with the minimum information required, respond within 30 days (extendable by 60 days for complex requests), and honor authorized-agent requests when accompanied by written permission. You may designate an authorized agent to submit requests on your behalf. We will not discriminate against you for exercising your rights.
In the preceding 12 months we have collected the categories of personal information described in Section 3 (identifiers, commercial information, internet activity, geolocation at the city level, professional/employment-related information, and inferences). We have disclosed identifiers, commercial information, and internet activity to the service-provider categories listed in Section 8 for the business purposes described in Section 5. We have not sold personal information and we have not shared personal information for cross-context behavioral advertising. We do not knowingly collect or sell the personal information of consumers under 16.
The Service is not directed to children. We do not knowingly generate Profile Subject pages for individuals under 18 and we do not knowingly permit registration by anyone under 16 (or the applicable age of digital consent in your jurisdiction). If you believe we hold data about a child, contact us and we will delete it promptly.
We may update this Policy from time to time. Material changes will be announced with a banner on the site and, where we hold your email, by email at least 14 days before the change takes effect. The "Last updated" date at the top of this Policy always reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the revised Policy.
Questions, requests, or complaints: privacy@personpages.com. EU/UK residents may also contact their local supervisory authority. California residents may contact the California Privacy Protection Agency at cppa.ca.gov.