// legal
Privacy Policy
Effective 2026-04-19
1. What we collect
- Account data: name, email, hashed password, optional username, session metadata (IP, user-agent), and email verification status.
- Billing data: Stripe customer ID and subscription status. We do not store full card numbers.
- Usage data: per-tool counters, audit log of lookups (tool, time, IP, success), tracker configuration and snapshots.
- Cookies: a single first-party session cookie. We do not use tracking or advertising cookies.
2. How we use it
- provide and operate the service (auth, quota, billing);
- detect and prevent abuse, fraud, and security incidents;
- send transactional emails (verification, password reset, tracker digests);
- comply with legal obligations.
3. Sharing
We share data only with processors required to run the service:
- Cloudflare (hosting, D1, KV, Queues, Turnstile);
- Stripe (billing);
- Resend (transactional email).
We do not sell personal data.
4. Retention
Lookup audit logs are retained for 90 days. Tracker snapshots are retained for the life of the tracker. On account deletion, data is removed within 30 days.
5. Your rights (GDPR / CCPA)
You can export or delete all data we hold about you from /dashboard/settings or by emailing privacy@recon.ops. We respond within 30 days.
6. Subjects of research
Data shown about TikTok accounts is sourced from third parties at the time of query. If you are the subject of such data and want it suppressed in our cache, email privacy@recon.ops with the username and proof of identity.