Trust Center

Compliance, Audited In Public.

DeData publishes the receipts. We honor Global Privacy Control and Universal Opt-Out signals at the server layer for every request, authenticated or not. We publish a public subprocessor list, a Transparency Report on removal-success and broker-cooperation rates, and a right-of-reply form open to any data broker we name. Where state law requires data-broker registration, we register and post the receipt on this page. We are pursuing a SOC 2 Type II audit and an independent algorithmic audit of our removal classifier; specific milestones are listed below as soon as they are signed.

Compliance Posture

  • SOC 2 Type IIAudit firm engagement and readiness phase targeted for 2026 H2. Receipt and Type II window dates posted here once signed.
  • State Broker RegistrationsCounsel review in progress to determine which state data-broker registries apply to a removal service. Confirmed filings are listed here with receipt links — no filing is claimed before the receipt is public.
  • GPC + UOOMGlobal Privacy Control and Universal Opt-Out Mechanism signals are honored at the server layer for every request, authenticated or not.

Public Commitments

Subprocessors

The full list of third-party providers that touch user data, what they process, and where transfers occur. Updated 30 days before any change.

View Subprocessors

Public Whois API

A free public REST API returning the canonical record for every data broker we track. No auth, 60 req/min/IP. The industry reference, not a paywall.

Read API Docs

Bug Bounty

Public scope, safe-harbor, and payout bands. Researchers acting in good faith inside scope are protected. We aim to triage within 48 hours.

Read Security Policy

Right Of Reply

Any broker we name can submit a correction. Submissions go to a human reviewer; substantiated corrections are published.

Submit A Reply

Algorithmic Audit

An independent audit of our auto-removal classifier in the spirit of NYC Local Law 144. Audit firm selection in progress; once contracted we publish the firm name, scope, and a target completion quarter on this page.

Audit Log Retention

Authentication, consent, removal, and admin-action events are written to an append-only audit log. Retention window listed in our DPA; available to enterprise customers on request.