Legal

Privacy Policy

Last updated: 2026 · Applies to ProbeX and its API
Notice: This policy is provided in good faith and is not legal advice. Have a qualified New York attorney review it before you rely on it.

🔒 Our No-Log Promise. We do not sell, rent, or share your search activity with advertisers, data brokers, or any third party. We do not build advertising or behavioural profiles, and we run no third-party ad or tracking cookies. The lookups you run are kept private to your own account, are automatically deleted after 30 days, and you can permanently erase them yourself at any time from your dashboard.

Who we are What we collect No-log & logs How we use data Sharing Cookies Retention Your rights OSINT sources Security Contact

1. Who We Are

ProbeX (“we”, “us”, “our”) operates an open-source-intelligence (OSINT) lookup platform and API. For the purposes of US state privacy laws we act as a business, and for the EU/UK GDPR (where applicable to visitors) we act as a data controller for account data. The legal entity responsible is ProbeX, Inc., a corporation organized in the State of New York, United States.

2. Information We Collect

Account data

  • Username and email address — to create and secure your account.
  • Password — stored only as a salted one-way hash; we never see or store it in plain text.
  • Plan, credit balance, and API key — to operate billing and access control.

Usage data

  • Search metadata — the type of lookup (e.g. IP, email), a timestamp, and credits consumed, used to meter your plan and show your own recent activity.
  • Your search history — the query you entered is kept private to your account so you can review and re-run it. It is auto-deleted after 30 days and you can erase it instantly.

What we deliberately do NOT collect

  • No advertising identifiers, no third-party trackers, no cross-site profiling.
  • We do not require, and do not knowingly retain, the personal data of the subjects of your lookups beyond your transient session — results are fetched live from public sources and are not warehoused by us as a private dossier.

3. No-Log Policy & Server Logs

Our hosting and security layers may process transient technical information (such as IP address and request headers) strictly to deliver the service and prevent abuse. We do not use this information for advertising or profiling, and we do not combine it with your lookups to track you. We do not sell any of it. Where we keep operational security logs, we keep them for the shortest period needed to detect and stop abuse — and in any case no longer than 30 days.

4. How We Use Your Information

  • To provide, maintain, and secure the service and your account.
  • To meter credits, enforce plan limits, and process payments.
  • To prevent fraud, abuse, and violations of our Acceptable Use Policy.
  • To comply with legal obligations.

We do not use your data for automated decisions that produce legal or similarly significant effects about you.

5. When We Share Information

We do not sell or rent your personal information. We share it only:

  • With infrastructure service providers (e.g. hosting, payment processing) under contract, solely to run the service;
  • When legally compelled by a valid subpoena, court order, or law — and only to the minimum extent required;
  • To protect rights and safety or investigate abuse;
  • In a business transfer (merger/acquisition), subject to this policy.

6. Cookies

We use a single, essential, first-party session cookie to keep you logged in and a local preference for your light/dark theme. We do not use advertising or analytics tracking cookies, so there is nothing to “opt in” to for marketing. Because we only use strictly necessary cookies, no consent banner is legally required in most jurisdictions — but confirm this for yours.

7. Data Retention

  • Search history: auto-deleted after 30 days, or immediately when you click “Erase my history”.
  • Account data: kept while your account is active; deleted on request (see below).

8. Your Privacy Rights

Depending on where you live you may have rights to access, correct, delete, or port your data, and to opt out of “sale” or “sharing” (we don’t do either).

California (CCPA/CPRA)

California residents may request access, deletion, and correction, and may not be discriminated against for exercising these rights. We do not sell or share personal information as those terms are defined by the CPRA.

EU / UK (GDPR), where applicable

You may exercise the rights of access, rectification, erasure, restriction, portability, and objection, and may lodge a complaint with a supervisory authority.

To exercise any right, contact us (Section 11). You can also self-serve deletion of your search history from your dashboard at any time.

9. OSINT & Third-Party Sources

ProbeX aggregates information from publicly available and third-party sources in real time. We do not control those sources and cannot guarantee that their data is accurate, complete, or current. Results are provided “as is” for lawful research and security purposes only and must not be used as the sole basis for any decision about a person. See our Terms of Service and Acceptable Use Policy — including the FCRA non-use restriction.

10. Security

We use industry-standard measures including password hashing, encrypted transport (HTTPS), and access controls. No system is perfectly secure; we cannot guarantee absolute security but we work to protect your data and will notify affected users of a material breach as required by law.

11. Children

The service is not directed to anyone under 18, and we do not knowingly collect data from children.

12. Contact

Questions or privacy requests: privacy@probex.io.
ProbeX, Inc., New York, United States.

13. Changes

We may update this policy; we will post the new version here and update the “Last updated” date. Your continued use after changes means you accept the updated policy.