Effective date: August 24, 2025

1) Who we are

This policy covers all services under denotable.com and its subdomains (the “Services”), including the main site, search, APIs, tools, and applications.

2) Scope

This policy explains what we collect, how we use it, how we share it, and your choices. By using the Services, you agree to this policy as updated from time to time.

3) What we do not do

  • No advertising trackers or behavioral profiling.
  • No sale or rental of personal data.
  • No creation of cross‑service user profiles.
  • Business transfers: If we undergo a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction (see Sharing).

4) What we collect & why (data minimization with security safeguards)

A) Technical access & security logs (all Services)

What: IP address, user‑agent, timestamps, requested resource/path, HTTP status, referrer (if provided), and other diagnostic data from our servers and/or CDN/security providers. We may also temporarily enable additional debug logging during incidents.
Why: To operate the Services, enforce usage limits, prevent fraud/abuse (e.g. DDoS, scraping, brute forcing), debug issues, and ensure availability.
Retention: Generally ~30–90 days, extendable if we reasonably believe it’s necessary to investigate abuse, ensure platform integrity, or comply with legal obligations or requests. Aggregated/anonymized records may be kept longer.

B) Content you submit or request

What: Inputs required to fulfill your request (e.g. search queries, form submissions, feedback, file uploads, API calls).
Why: To provide the functionality you request and maintain quality.
Retention: Typically processed transiently and not stored beyond what’s necessary to deliver the Service, prevent abuse, or meet legal obligations. We may preserve request data when we detect or reasonably suspect misuse or security events.

C) Preferences & settings

What: Optional non‑tracking cookies/local storage (e.g. theme, language) and anti‑abuse tokens set by us or our security provider.
Why: To remember preferences and protect the Services.
Retention: Stored in your browser; you can delete them. Some security cookies may be required for access.

D) Communications

What: If you contact us, we receive your message and contact details.
Why: To respond and keep reasonable records.
Retention: As long as needed for support, recordkeeping, dispute resolution, and compliance.

5) Cookies, bot‑mitigation & “Do Not Track”

  • We use strictly necessary cookies and security mechanisms (including those from our CDN/security provider). Blocking them may limit access.
  • We do not use marketing cookies.
  • Browser Do Not Track signals are not responded to because no standard obligates server behavior; we avoid cross‑site tracking by design.

6) Sharing & recipients

We may share information with:

  • Service providers/processors (hosting, CDN/security, email, storage, monitoring) under contracts that restrict their use to our instructions.
  • Service‑specific providers (e.g. search result/content providers when a Service queries them on your behalf).
  • Professional advisors (lawyers, accountants) under confidentiality.
  • Law enforcement or regulators when legally required or when we reasonably believe disclosure is necessary to protect rights, property, or safety; to investigate abuse; or to enforce our policies.
  • Business transfers in connection with a merger, acquisition, reorganization, or sale of assets.

We rely primarily on legitimate interests to operate, secure, and improve the Services; consent for optional preferences or where required by law; and legal obligation when we must retain or disclose information.

8) Data location & international transfers

  • Our origin infrastructure is hosted in Canada. Traffic may be routed globally by our CDN/security provider.
  • When transferring data internationally, we rely on contracts and technical safeguards provided by our vendors, to the extent required by law.

9) Security

We implement reasonable safeguards (HTTPS/TLS, firewalling, least‑privilege access, updates). No security measure is perfect, and we cannot guarantee absolute security. To the extent permitted by law, we disclaim liability for incidents beyond our reasonable control.

10) Retention & deletion

We keep personal data only as long as necessary for the purposes above, including to: operate the Services; investigate abuse; establish, exercise, or defend legal claims; meet audit, tax, or regulatory needs; and comply with law. Backups may persist for a limited period and are not routinely edited. When data is no longer needed, we delete or irreversibly anonymize it.

11) Your rights & choices

Where laws grant you rights (e.g. access, correction, deletion, portability, restriction, objection), you can contact hello@denotable.com. Requests are subject to identity verification and legal/operational exemptions (e.g. where retention is required or deletion would impair security logs). We will respond within the timeframes required by law. We may decline requests that are repetitive, excessive, unfounded, or would adversely affect others’ rights or our legitimate operations.

12) Children

The Services are not directed to children under 13 (or the applicable age in your jurisdiction). If you believe a child provided personal data, contact us to delete it.

The Services may link to third‑party sites or content. Their privacy practices govern once you leave our domain or interact with them directly.

14) Changes to this policy

We may update this policy at any time. Changes are effective upon posting with an updated “Effective date.” Material changes will be highlighted reasonably (e.g. banner or changelog). Your continued use after the effective date constitutes acceptance of the updated policy.

15) Contact

Email: hello@denotable.com

If you have questions about this Policy or our data practices, please reach out.