Last updated June 11, 2026 ยท Vanish Mode Me ยท vanishmode.me
This Privacy Notice for Vanish Mode Me ("we," "us," or "our") describes how and why we collect, store, use, and share your personal information when you use our services, including when you:
Questions or concerns? Contact us at privacy@vanishmode.me
We operate under the data minimisation principle as required by GDPR Article 5(1)(c) โ we collect, use, and transmit only the personal data that is adequate, relevant, and strictly necessary for the specific purpose of submitting your deletion request to each individual broker.
Not all companies that handle data are the same. We maintain a structured classification of every entity in our system:
| Entity Type | Definition | We send requests? |
|---|---|---|
| Data Broker | Companies that compile, sell, or share personal information about individuals โ people-search sites, marketing databases, consumer reporting agencies | โ Yes |
| Data Controller | Companies that collect personal information directly from consumers and determine how it is used | โ Yes (where applicable) |
| Data Processor | Companies that process data only on behalf of other controllers โ SaaS tools, CRM platforms, infrastructure providers, e-commerce middleware. They do not hold independent consumer records and cannot action third-party deletion requests. | โ Never |
| Ad Tech | Advertising technology platforms โ reviewed case by case for whether they hold independent consumer profiles | Case by case |
We continuously review and update this classification. When we receive a complaint or notification from any entity that believes it was incorrectly classified, we investigate within 48 hours and take corrective action immediately.
When you optionally provide it, we process SSNs, driver's licence numbers, and state ID numbers. These are encrypted using AES-256-CBC before storage and used exclusively to submit legally authorised removal requests to agencies that require identity verification.
Payment information is handled entirely by Stripe. We do not store payment card numbers. See their privacy policy: Stripe Privacy Policy
Where GDPR or UK GDPR applies, we process your personal data on the following legal bases:
We do not use your information for advertising, profiling, marketing to third parties, or any purpose beyond delivering the service you paid for.
We share data only with infrastructure providers strictly necessary to operate the service, and with verified Data Brokers and Data Controllers for the purpose of submitting your removal requests:
| Recipient | Purpose | Data shared |
|---|---|---|
| Supabase | Database storage (Data Processor) | Encrypted profile data |
| Railway | Backend server hosting (Data Processor) | None directly |
| Vercel / Cloudflare Pages | Frontend hosting (Data Processor) | None |
| Anthropic | AI agent reasoning (Data Processor) | Non-PII task context only โ never your name, address, or sensitive identifiers |
| Cloudflare | Domain, DNS, file storage (Data Processor) | Screenshots of opt-out confirmations only |
| Stripe | Payment processing (Data Processor) | Payment details only |
| Data Brokers & Data Controllers | Submitting your deletion requests (Data Controllers) | Minimum identity information required by each broker to locate and remove your record. We send only verified Data Brokers and Data Controllers โ never Data Processors. |
We never sell, rent, or share your personal information with advertisers, data brokers (for their own commercial use), or any third party for commercial purposes.
Yes. Our agent uses Anthropic Claude to reason about opt-out submissions. When the agent processes a broker request, non-PII task context (broker name, form structure, legal basis) is sent to Anthropic's API. We never send your personal information โ name, address, SSN, or any other PII โ to the AI model. All sensitive data stays in our encrypted database and is only used to fill forms during the removal process.
Anthropic processes this data under a Data Processing Agreement as a Data Processor. Your personal data is never used to train Anthropic's models.
We retain your personal information for as long as your account is active. After account termination, we delete all personal data within 90 days, except where retention is required by law.
You can request immediate deletion of all your data at any time by emailing privacy@vanishmode.me
We implement industry-standard and best-practice technical and organisational measures designed to protect your personal information against unauthorised access, loss, destruction, or alteration:
Despite our substantial efforts, no system connected to the internet can guarantee absolute security. We cannot warrant that our systems will never be compromised, that data transmitted over the internet will remain confidential in transit, or that third-party infrastructure providers we rely on (Supabase, Railway, Cloudflare, Stripe, Anthropic) will not experience a breach. We are not responsible for security incidents caused by factors beyond our reasonable control, including but not limited to:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
If you become aware of a security concern, contact us immediately at privacy@vanishmode.me
No. We do not knowingly collect data from or market to anyone under 18 years of age. If you believe a minor has provided data, contact us at privacy@vanishmode.me and we will delete it immediately.
Regardless of where you are located, you have the following rights:
To exercise any right, email privacy@vanishmode.me. We will respond within 30 days (or 45 days for complex requests).
We do not use any tracking technologies, so Do-Not-Track signals have no effect on our data practices. We honour the spirit of DNT by default โ we simply don't track.
If you are a resident of California, Colorado, Connecticut, Virginia, Texas, or other US states with specific privacy laws, you have additional rights under CCPA/CPRA and applicable state law including the right to know, access, correct, delete, and opt out of the sale of personal information.
We do not sell personal information. We do not use it for targeted advertising. We do not create consumer profiles for commercial purposes.
To submit a request: privacy@vanishmode.me
California Civil Code Section 1798.83 permits residents to request information about personal information disclosed to third parties for direct marketing purposes. We do not disclose personal information to third parties for direct marketing purposes.
If you are located in the United Kingdom or the European Union, the following additional provisions apply under the UK General Data Protection Regulation (UK GDPR) and EU General Data Protection Regulation (GDPR):
Vanish Mode Me is the Data Controller for your personal data. Contact: privacy@vanishmode.me
We process your data under the following lawful bases (GDPR Article 6):
We are committed to the data minimisation principle. We collect and transmit only data that is adequate, relevant, and limited to what is necessary for the specific purpose of each deletion request. We do not send personal data to any entity that does not have the standing or authority to action a deletion request. This specifically includes Data Processors โ companies such as SaaS platforms, CRM tools, and infrastructure providers that process data on behalf of other controllers and do not hold independent consumer records.
Our infrastructure providers are primarily US-based. Where personal data is transferred outside the UK or EEA, we rely on Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) as the lawful transfer mechanism. Our key processors (Supabase, Railway, Anthropic, Stripe) operate under appropriate data processing agreements.
In addition to the rights listed in Section 8, UK and EU residents have the following specific rights:
If you believe we have violated your data protection rights, you have the right to lodge a complaint with your supervisory authority:
We ask that you contact us first at privacy@vanishmode.me so we have the opportunity to address your concern directly.
Vanish Mode submits data deletion and opt-out requests on behalf of individual consumers under applicable privacy law including the California Consumer Privacy Act (CCPA/CPRA), the Fair Credit Reporting Act (FCRA), and other applicable US and international privacy regulations. Our customers are private individuals exercising their legally established rights.
If you have received a request in error โ for example, if your organisation is a Data Processor rather than a Data Broker or Data Controller, or if you do not hold the consumer's data โ please notify us immediately at privacy@vanishmode.me. We will:
We take data minimisation seriously and do not intend to send requests to entities that cannot action them. We appreciate notifications that help us improve our targeting accuracy.
We may update this policy as our service evolves. Material changes will be communicated via email or prominent notice on the site. The "Last updated" date at the top reflects the most recent revision.
If you have questions about this privacy policy, how we handle your data, or if you are an organisation that believes it received a request in error:
Vanish Mode Me
Email: privacy@vanishmode.me
Website: vanishmode.me
For GDPR/UK GDPR enquiries, please include "GDPR Request" in the subject line. We will respond within 30 days.