Privacy and security are our priority.

We only use the information you share to find and verify removals. We never ever sell or share your information beyond that. If something is unclear, please reach out to [email protected]


Collecting and tracking activity

We don't rely on 3rd parties like Google or Mailchimp. We collect all data through our own web forms. These leverage Django CSRF protection. Across our site and app we use HTTPS to encrypt and prevent modification and interception of data. We use a self-hosted and open source product for app analytics, PostHog. Data is de-identified and geolocation is never tracked.


Storing data

All data is stored in a separate access-controlled database within Digital Ocean data centers. Digital Ocean data centers' operations have been accredited under ISO 27001, SOC 1 and SOC 2. We only store the information we need to complete removals. Once you decide you no longer need Kanary, we delete all of your information.


Protecting data

All data written to disk is automatically encrypted at rest. All database connections require SSL encryption. We rely on Django standards for protecting passwords - the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST. Two-factor authentication (2FA) is available for all accounts as an added layer of security.


Retaining data

We keep application logs for 1 week before they are deleted. Your account data is used to increase the accuracy of scans and removal requests over time. If you choose to leave Kanary, we delete your account data immediately. If you delete pieces of information while using Kanary, that data will be deleted across our system and no longer referenced for removals.


Communication with you

We use email to communicate with you to discuss complex removals. We also require members verify that they have access to phone numbers and emails before removal. We do this through a phone call, text, and email verification as a safety measure. We use ProtonMail's encrypted email service to ensure the encrypted messages our members send us stay encrypted.


Data about websites

We built Kanary to remove personal data from unwanted sites. We need to hold websites accountable if they do not respond to privacy and data removal requests. To do this, we collect statistics about which sites are responsive and which sites are not. We occasionally share the aggregated statistics about site responsiveness with privacy researchers, advocates, and regulators.