Data Privacy Center

Privacy Removal Request

Steps to take control of your privacy and exercise your data privacy rights

Click here to go back to the main site.

If you are a resident of some jurisdictions, you may use this automated data page to make a privacy request for your personal information. If we believe you are in good faith and if it is a reasonable belief that the request may be fraudulent, we may seek information to verify your identity. If you want more information about your privacy rights, see our privacy policy.

We will still retain your information as required to fight fraud, enforce our billing agreements, and use it as evidence in legal matters, system backups, or otherwise, where necessary and legally permitted.

USA State Laws

CALIFORNIA

The California Consumer Privacy Act (CCPA) provides California residents with specific rights, including the right to delete or request access to certain types of data and to ask us not to sell your personal information. Under CCPA, businesses that process these requests must publish information about them.

Do Not Track We do not recognize or respond to browser-initiated Do Not Track signals, as the internet industry is currently still working on Do Not Track standards, implementations, and solutions.

California Shine the Light California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their ‘personal information’ (if any, and as defined under applicable California law) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. We do not sell user information to third parties for direct marketing purposes.

California Erasure Law If you are a California resident under the age of 18 and are a registered user of our Services, you may be entitled to request that we remove from our Services content you posted to our services that can be accessed by any other user (whether registered or not). Please note that any content that is removed from our services may still remain on our servers and in our systems. To request removal of content under this provision, don’t hesitate to get in touch with us. and provide us with a description of the content and the location of the content on our Services, and any other information we may require to consider your request. Please note that removal of content under this provision does not ensure complete or comprehensive removal of the content or information posted on the Services by you.

NEVADA DISCLOSURES

Requests to Opt-Out (Do Not Sell Information) Nevada allows consumers to opt-out of the sale of “covered information” collected through a website or online service. “Covered information” includes: (i) first and last name; (ii) home or other physical address; (iii) email address; (iv) telephone number; (v) social security number; (vi) any identifier that allows a person to contact a consumer; or (vii) other information that is personally identifiable.

How You may submit a Request to Delete through our Privacy Center or don’t hesitate to get in touch with us. We will confirm your request and provide any information required to verify it.

When We endeavor to respond to a verifiable consumer request within 60 days of its receipt. If we require more time (up to 30 days), we will inform you of the reason and extension period in writing.

1. Third Parties Requests from an authorized agent must include proof of a signed consumer authorization subject to verification from the consumer.
2. Denial of Requests We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. In addition, we reserve the right to deny your request on any basis provided under state or federal law.
3. Disclaimer We will process your request to disclose information regarding information collected and/or shared pursuant to Nevada law as to the name submitted by you. Please note that our search will be limited to the name provided, if there are other variations of this name (e.g., spelling, initials, sufix) they must be specified, otherwise they will not be captured in the search.

OREGON DISCLOSURES

1. Your Rights and Choices The Oregon Consumer Privacy Act (OCPA) provides Oregon residents with specific rights regarding their personal information. This section describes your OCPA rights and explains how to exercise those rights. Please note, Oregon has a specific definition of personal data (referred to herein coextensively as personal information) that applies to Oregon residents: “Personal data” means data, derived data or any unique identifier that is linked to or is reasonably linkable to a consumer or to a device that identifies, is linked to or is reasonably linkable to one or more consumers in a household. “Personal data” does not include deidentified data or data that: (A) Is lawfully available through federal, state or local government records or through widely distributed media; or (B) A controller reasonably has understood to have been lawfully made available to the public by a consumer. ● Request to Know A request that a business disclose personal information that it has collected about the consumer (see details below) ● Request to Delete A request that a business delete personal information about the consumer. ● Request to Correct A request that a business correct inaccurate personal information that it maintains about you. Where GrydX believes you will not be negatively impacted by the deletion of the data you wish corrected, we will simply delete the inaccurate data in response to Requests to Correct. ● Request to Opt-Out A request that a business not sell the consumer’s personal information to third parties, use that information to perform targeted advertising, or profile the consumer in furtherance of decisions that produce legal effects or effects of similar significance. ● Revocation of Consent to Processing An Oregon consumer may revoke their consent to the processing of their personal information under OCPA.
2. Requests to Know

How You may submit a Request to Know through our Request for Access Form or don’t hesitate to get in touch with us. A Request to Know covers personal information that GrydX has collected about the consumer, including : (1) Specific pieces of personal information that a business has collected about the consumer; (2) Categories of personal information it has collected about the consumer; (3) Categories of sources from which the personal information is collected; (4) Categories of personal information that the business sold or disclosed for a business purpose about the consumer; (5) Categories of third parties to whom the personal information was sold or disclosed for a business purpose; (6) The specific third parties, other than natural persons, to whom the personal information was sold or disclosed for a business purpose; and (7) The business or commercial purpose for collecting or selling personal information.

When We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. We will confirm your request and inform you of any information required to verify the request.

3. Requests to Delete

How You may submit a Request to Delete through our Request for Deletion Form or don’t hesitate to get in touch with us. We will confirm your request and inform you of any information required to verify the request.

When We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

4. Requests to Correct How You may submit a Request to Correct through our Request to Correct Form or don’t hesitate to get in touch with us. We will confirm your request and inform you of any information required to verify the request. Where GrydX believes you will not be negatively impacted by the deletion of the data you wish corrected, we will simply delete the inaccurate data in response to Requests to Correct. When We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
5. Requests to Opt-Out (Do Not Sell Information) How You may submit a Request to Opt-Out through our Do Not Sell My Personal Information or don’t hesitate to get in touch with us. We will confirm your request and inform you of any information required to verify the request. If GrydX, however, has a good-faith, reasonable, and documented belief that a request to opt-out is fraudulent (see above for more details on situations which may lead GrydX to suspect fraud), GrydX may deny the request. In instances of denial for suspected fraud, GrydX shall inform the requestor that it will not comply with the request and shall provide an explanation why it believes the request is fraudulent. When We endeavor to respond to a verifiable consumer request within 15 days of its receipt
6. Revocation of Consent to Processing How You may revoke your consent for processing of your personal information through our Do Not Sell My Personal Information or don’t hesitate to get in touch with us. We will confirm your revocation and inform you of any information required to verify the revocation. If GrydX, however, has a good-faith, reasonable, and documented belief that a revocation is fraudulent (see above for more details on situations which may lead GrydX to suspect fraud), GrydX may deny the revocation. In instances of denial for suspected fraud, GrydX shall inform the requestor that it will not comply with the revocation and shall provide an explanation why it believes the revocation is fraudulent. When We endeavor to respond to a verifiable consumer revocation of consent for processing within 15 days of its receipt
7. Additional Request Details ● Third Parties Requests from an authorized agent must include proof of a signed consumer authorization subject to verification from the consumer. ● Denial of Requests We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us, but if you do not have an account, we may need additional information to verify your identity (e.g., a driver’s license or passport). We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. In addition, we reserve the right to deny your request for any basis provided for under state or federal law. ● Disclaimer We will process your request to disclose information regarding information collected and/or shared pursuant to the OCPA as to the name submitted by you. Please note that our search will be limited to the name provided, if there are other variations of this name (e.g., spelling, initials, sufix) they must be specified, otherwise they will not be captured in the search. ● Non-Discrimination You have the right to not be discriminated against or receive discriminatory treatment for exercising your OCPA rights. We will not discriminate against you for exercising any of your OCPA rights.
8. Appeals You have the right to appeal GrydX’s decision to deny your consumer request within a reasonable period of time from receiving such denial. GrydX responds to requests via email and will inform you if your request is subject to a final denial. At this point, you may respond to this email to request an appeal of this denial. In this email requesting an appeal, please provide the basis on which you wish to appeal your denial. GrydX will respond to all appeals within 45 days of receiving an email containing your appeal.

GENERAL U.S. RESIDENT PRIVACY DISCLOSURES

1. Your Rights and Choices There are many U.S. states which offer their residents specific rights regarding their personal information under state-specific privacy laws. States with specific privacy laws not already listed above, in effect now, include Colorado, Virginia, Connecticut, Montana, Utah, and Texas. States with laws coming into effect in the next two years include, as of the Effective Date of this privacy policy, Iowa, Minnesota, Delaware, Tennessee, Indiana, New Hampshire, New Jersey, Nebraska, Kentucky, Maryland, and Rhode Island. If you are a resident of one of the states listed above, the privacy request tools outlined in this section will meet or exceed your rights under your state’s privacy law. If you are a resident of any other state of the U.S., GrydX is a company founded on the principles of protecting individuals from fraud and takes the privacy of individuals extremely seriously. In general, GrydX believes that all individuals, in all states, should enjoy the right to ensure their personal information is handled appropriately. On that principle, GrydX offers all residents of the United States the ability to control their data through consumer privacy requests, regardless of the state they live in, using our privacy request tools outlined in this section. For these U.S. residents not subject to state-specific laws listed above, GrydX will still process and fulfill those consumers’ requests. However, due to the operational burden of responding to such requests, unless GrydX needs to verify a consumer’s identity, GrydX may not offer the same level of followup on these requests or guarantee response timelines to such requests as we would for individuals covered by the specific privacy laws outlined above. GrydX will process the requests independently of response or followup. Request to Know A request that a business disclose personal information that it has collected about the consumer the since January 01, 2022 (see details below) Request to Delete A request that a business delete personal information about the consumer. Request to Correct A request that a business correct inaccurate personal information that it maintains about you. Where GrydX believes you will not be negatively impacted by the deletion of the data you wish corrected, we will simply delete the inaccurate data in response to Requests to Correct. Request to Opt-Out A request that a business not sell the consumer’s personal information to third parties.
2. Requests to Know

How You may submit a Request to Know through our Request for Access Form or don’t hesitate to get in touch with us. A Request to Know covers personal information that GrydX has collected about the consumer since January 01, 2022, including : (1) Specific pieces of personal information that a business has collected about the consumer; (2) Categories of personal information it has collected about the consumer; (3) Categories of sources from which the personal information is collected; (4) Categories of personal information that the business sold or disclosed for a business purpose about the consumer; (5) Categories of third parties to whom the personal information was sold or disclosed for a business purpose; and (6) The business or commercial purpose for collecting or selling personal information. When We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. We will confirm your request and inform you of any information required to verify the request.

3. Requests to Delete

How You may submit a Request to Delete through our Privacy Center or don’t hesitate to get in touch with us. We will confirm your request and inform you of any information required to verify the request.

When We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

4. Requests to Correct How You may submit a Request to Correct through our Request to Correct Form or don’t hesitate to get in touch with us. We will confirm your request and inform you of any information required to verify the request. Where GrydX believes you will not be negatively impacted by the deletion of the data you wish corrected, we will simply delete the inaccurate data in response to Requests to Correct. When We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
5. Requests to Opt-Out (Do Not Sell Information) How You may submit a Request to Opt-Out through our Do Not Sell My Personal Information or don’t hesitate to get in touch with us. We will confirm your request and inform you of any information required to verify the request. If GrydX, however, has a good-faith, reasonable, and documented belief that a request to opt-out is fraudulent (see above for more details on situations which may lead GrydX to suspect fraud), GrydX may deny the request. In instances of denial for suspected fraud, GrydX shall inform the requestor that it will not comply with the request and shall provide an explanation why it believes the request is fraudulent. When We endeavor to respond to a verifiable consumer request within 15 days of its receipt
6. Additional Request Details

• Third Parties Requests from an authorized agent must include proof of a signed consumer authorization subject to verification from the consumer.
• Denial of Requests We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us, but if you do not have an account, we may need additional information to verify your identity (e.g., a driver’s license or passport). We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. In addition, we reserve the right to deny your request for any basis provided for under state or federal law.
• Disclaimer We will process your request to disclose information regarding information collected and/ or shared pursuant to applicable Privacy Law as to the name submitted by you. Please note that our search will be limited to the name provided, if there are other variations of this name (e.g., spelling, initials, sufix) they must be specified, otherwise they will not be captured in the search.
• Non-Discrimination You have the right to not be discriminated against or receive discriminatory treatment for exercising your rights under applicable Privacy Law. We will not discriminate against you for exercising any of your rights under applicable Privacy Law.

7. Appealing Denied Requests There are many state Privacy Laws that provide you with the right to appeal denials of requests made pursuant to applicable Privacy law as outlined by this privacy policy. The following section outlines how these appeals are made and describes the options you have if your request is denied. Please note you should not make an appeal before you have made a request pursuant to your rights and that request has been denied. GrydX responds to requests via email and will inform you if your request is subject to a final denial. At this point, you may respond to this email to request an appeal of this denial. In this email requesting an appeal, please provide the basis on which you wish to appeal your denial. GrydX will respond to all appeals within 45 days of receiving an email containing your appeal.
8. Texas Data Broker Disclosure GrydX, by the nature of selling services assisting in fraud detection by providing personal information on individuals, is considered a data broker under many U.S. laws – including the Texas Data Broker Act – as GrydX derives the majority of its revenue from these fraud detection services.

General Data Protection Regulation (GDPR)

The rights you have over your personal data under the GDPR, how to exercise these rights, and more.

Under the General Data Protection Regulation (GDPR), you have the following rights over your personal data:

• Right to be informed: You can obtain information about the processing of your personal data.
• Right of access: You can obtain access to the personal data held about you.
• Right to rectification: You can ask for incorrect, inaccurate or incomplete personal data to be corrected.
• Right to erasure: You can request that personal data be erased when it’s no longer needed or if processing it is unlawful.
• Right to restriction of processing: You can request the restriction of the processing of your personal data in specific cases.
• Right to data portability: You can receive your personal data in a machine-readable format and send it to another controller.
• Right to object: You can object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.
• Rights in relation to automated decision-making and profiling: You can request that decisions based on your personal data and that significantly affect you are made by natural persons, not only by computers.

State Specific Disclosures

State Specific Disclosures

This section applies to the extent applicable based on applicable privacy laws in your jurisdiction.

Consumer Rights Requests Metrics

The CCPA requires businesses to track and publish request metrics. During the previous calendar year, grydx.com received the following number of verified requests:

• grydx.com processes both opt-out and deletion requests similarly by removing the consumer’s personal information from our database.

** For each category, we have included a subcategory with “Location unknown,” which covers the scenario in which we received a request but were unable to determine the location of the requestor.

Artificial Intelligence (AI)

Notice on GrydX.com AI-Generated Reports.

This report has been generated using Artificial Intelligence (AI) tools, which analyze publicly available data, information from data breaches, and social media activity. In this process, the AI system follows applicable EU regulations, including the EU AI Act, and ensures transparency, accountability, and fairness.

The AI tool assists in recognizing and mitigating cyberattacks and other cyber threats by continuously processing data, identifying patterns, and tracing the source of attacks. The data used in this process is handled responsibly and in compliance with privacy laws, ensuring that all rights are protected.

What is artificial intelligence (AI)?

AI is a machine that displays human-like capabilities such as reasoning, learning, planning, and creativity.

AI enables technical systems like GrydX.com to perceive their environment, deal with what they perceive, solve problems, and act to achieve a specific goal. The computer receives data – already prepared or gathered through its own sensors such as a camera – processes it and responds.

AI systems are capable of adapting their behavior to a certain degree by analyzing the effects of previous actions and working autonomously.

Search engines learn from their users’ vast input of data to provide relevant search results. GrydX.com’s AI system helps to recognize and fight cyberattacks and other cyber threats based on the continuous input of data, identifying patterns, and backtracking attacks.

GrydX.com follows the AI Act: different rules for different risk levels

The new rules establish obligations for providers and users depending on the level of risk from artificial intelligence. While many AI systems pose minimal risk, they need to be assessed.

1. Introduction

GrydX.com is committed to ensuring that the AI tools and systems we develop and operate to help users manage and anonymize their digital footprints comply with the EU AI Act (Regulation (EU) 2021/1060) and other applicable data protection regulations. This AI Policy outlines our approach to responsible AI usage, transparency, fairness, accountability, and user empowerment.

2. Scope and Purpose

Our AI-powered tools are designed to assist users in managing and anonymizing their digital footprints. This involves interacting with search engines, public databases, data breach records, and social media platforms to help users:

• Remove or anonymize personally identifiable information (PII) from public sources.
• Identify and manage data breaches that may compromise their personal data.
• Protect their privacy by reducing exposure on social media and other online platforms.

The AI tools process data to achieve these objectives, focusing on ensuring user privacy, data protection, and compliance with the EU AI Act.

3. AI System Classification

Following the EU AI Act, our AI systems are classified based on their level of risk. The tools we use are generally considered to be of low or minimal risk to individuals, as they assist users in managing their personal information. However, we recognize the potential risks associated with handling personal data and implement strong safeguards and measures to mitigate these risks.

4. Transparency and Information to Users

We believe in the importance of transparency in our AI systems. To this end, GrydX.com will:

• Clearly inform users of how AI tools are being used to interact with their data.
• Provide users with understandable information about the AI system’s functionality, data processing purposes, and potential risks.
• Inform users when AI is involved in decision-making processes, such as identifying personal information for removal or anonymization.

5. Data Protection and Privacy

GrydX.com adheres to strict data protection standards in compliance with the General Data Protection Regulation (GDPR) and the EU AI Act:

• Data Minimization: We collect only the necessary data to achieve the objectives stated above and ensure that data is anonymized or pseudonymized where possible.
• User Consent: We obtain explicit user consent to collect and process their personal data through our AI-powered services. Users can withdraw consent at any time.
• Right to Access and Rectification: Users have the right to request access to their data and correct any inaccuracies in their personal information processed by our AI tools.
• Data Retention: We retain user data only for as long as necessary to fulfill the objectives of the service and comply with applicable laws.

6. Risk Management and Mitigation

We have implemented measures to mitigate potential risks associated with our AI systems, including:

• Bias Mitigation: We regularly audit our AI systems to ensure they are not biased against particular groups or individuals. We work to eliminate any unintended biases in the algorithms and training data.
• Human Oversight: While our AI tools are designed to function autonomously, we ensure that human oversight is available for cases where AI-generated decisions may have significant consequences for users.
• Continuous Monitoring: We actively monitor the performance and accuracy of AI systems to ensure they operate within the parameters set and deliver reliable results to users.
• Error Handling: We maintain protocols to identify and address any errors or failures in the AI system, including providing users with remedies if their personal data is mishandled.

7. Accountability and Auditing

GrydX.com is committed to ensuring the accountability of its AI systems. To achieve this:

• Internal Audits: We conduct regular internal audits to assess the compliance of our AI systems with the EU AI Act, GDPR, and other relevant regulations.
• Third-party Audits: We may engage independent third-party audits to assess our AI tools’ impact and performance, ensuring users’ transparency and accountability.
• Record-Keeping: We maintain logs of AI system interactions and decision-making processes, enabling accountability in the event of disputes or inquiries from regulators.

8. Safety and Security Measures

We prioritize the safety and security of user data:

• Data Encryption: All personal data processed by our AI tools is encrypted in transit and at rest to prevent unauthorized access.
• Access Control: We implement robust access control mechanisms to limit data access only to authorized personnel.
• Incident Response: In the event of a data breach, we adhere to GDPR requirements to notify affected users within 72 hours and take prompt action to mitigate any harm.

9. User Rights and Control

Users have the following rights regarding their data and AI-powered services:

• Right to Withdraw Consent: Users can withdraw their consent for AI-based services anytime, ceasing further data processing.
• Right to Contest Decisions: Users may contest any automated decisions made by AI tools and request human intervention in the decision-making process.
• Right to Erasure: Users can request the deletion of their data from our systems at any time, subject to legal obligations.

10. Ethical Considerations

GrydX.com is committed to the ethical use of AI. This includes ensuring that:

• AI tools are used responsibly and for the benefit of users.
• The AI systems are developed and deployed in a way that promotes user autonomy and dignity.
• We avoid using AI in ways that may cause harm to individuals or undermine their privacy rights.

11. Compliance with the EU AI Act

GrydX.com ensures full compliance with the EU AI Act, including:

• Adhering to the risk classification system of AI systems.
• Implementing robust documentation practices for AI development and deployment.
• Complying with the transparency and accountability requirements of the EU AI Act, including providing users with information about the AI systems used.

12. Unacceptable risk

Unacceptable risk AI systems are systems considered a threat to people and will be banned. They include:

• Cognitive behavioral manipulation of people or specific vulnerable groups: for example, voice-activated toys that encourage dangerous behavior in children
• Social scoring: classifying people based on behavior, socio-economic status, or personal characteristics
• Biometric identification and categorization of people
• Real-time and remote biometric identification systems, such as facial recognition

Some exceptions may be allowed for law enforcement purposes. “Real-time” remote biometric identification systems will be allowed in a limited number of serious cases, while “post” remote biometric identification systems, where identification occurs after a significant delay, will be allowed to prosecute serious crimes and only after court approval.

GrydX.com does not use any of the above

High risk

AI systems that negatively affect safety or fundamental rights will be considered high-risk and will be divided into two categories:

1. AI systems that are used in products falling under the EU’s product safety legislation. This includes toys, aviation, cars, medical devices, and lifts.
2. AI systems falling into specific areas that will have to be registered in an EU database:

• Management and operation of critical infrastructure
• Education and vocational training
• Employment, worker management, and access to self-employment
• Access to and enjoyment of essential private services and public services and benefits
• Law enforcement
• Migration, asylum, and border control management
• Assistance in legal interpretation and application of the law.

All high-risk AI systems will be assessed before being put on the market and also throughout their lifecycle. People will have the right to file complaints about AI systems to designated national authorities.

GrydX.com does not use any of the above

Transparency requirements

Generative AI, like ChatGPT, will not be classified as high-risk but will have to comply with transparency requirements and EU copyright law:

• GrydX disclosed that the content was generated by AI and presented all sources on the report.
• Designing the model to prevent it from generating illegal content
• Publishing summaries of copyrighted data used for training
• We provide all sources of data

13. Conclusion

GrydX.com’s AI Policy outlines our commitment to building and maintaining responsible, ethical, and transparent AI systems. Our tools are designed to empower users to manage and anonymize their digital footprint while protecting their privacy rights in compliance with the EU AI Act and GDPR. We continue to prioritize AI’s safety, security, and ethical use to foster trust with our users and stakeholders.