Privacy Policy

Last updated January 1, 2026

Introduction

Your privacy is important to us. This Privacy Policy outlines how we collect, use, and protect your information when you access our website. By using our platform, you acknowledge that we will process your information as described in this Privacy Policy, subject to your rights and choices.

Dark Visitors acts as a data controller for personal information we collect about website visitors, account administrators, and billing/support contacts. When we process customer data (such as analytics or event data) on behalf of our business customers through our platform, we act as a data processor under the terms of our Data Processing Agreement.

Data Collection and Use

We collect personal information only when necessary to provide and improve our services. This may include:

• Identifiers (e.g., name, email address)
• Usage data (e.g., IP address, browser type, activity logs)
• Interactions with support or feedback forms

This data enables us to operate the platform, personalize features, maintain security, and analyze trends.

Legal Basis for Processing

We process your personal data based on one or more of the following legal bases:

• Your consent (where required, such as for non-essential cookies)
• Performance of a contract (e.g., providing services you subscribe to)
• Our legitimate interests (e.g., platform optimization, fraud prevention)
• Compliance with legal obligations

Cookies and Tracking Technologies

We use cookies and similar technologies to analyze usage and enhance user experience. These tools may set cookies in your browser and collect behavioral and technical data. Certain cookies (such as those used for analytics or marketing) will only be activated after obtaining your consent where required by applicable law (e.g., in the EU/EEA). You may manage or withdraw cookie preferences using your browser settings.

Data Sharing and Disclosure

We do not sell or share your personal information as those terms are defined in the California Consumer Privacy Act (CCPA). Accordingly, we do not offer an opt-out mechanism for "sale" or "sharing" because no such sale or sharing occurs.

We may share personal data only in the following circumstances:

• With trusted third-party service providers (e.g., hosting, analytics, support), under strict confidentiality and data protection agreements
• To comply with legal obligations or valid governmental requests
• In connection with a business transfer (e.g., merger, acquisition)

Subprocessors

We use subprocessors to deliver certain parts of our service infrastructure. These include cloud platforms, analytics providers, and customer support systems. All subprocessors are bound by contractual agreements to ensure data protection compliance. A complete list is available upon request.

International Data Transfers

Your personal data may be transferred to and processed in countries outside your own. In such cases, we ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms approved by regulators.

Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including:

• Account information: Retained while your account is active and for up to 30 days after account closure
• Usage and analytics data: Retained for up to 26 months
• Support and communication records: Retained for up to 3 years
• Legal and compliance records: Retained as required by applicable law (typically 7 years)

Anonymous or aggregated data may be retained indefinitely for analytics purposes. You may request deletion of your data at any time (see Your Rights section below), subject to legal retention requirements.

Your Rights

Depending on your jurisdiction (e.g., EU, UK, California), you may have the following rights:

• Right of Access: Request access to your personal data and information about how we process it
• Right to Rectification: Correct or update inaccuracies in your personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal exceptions
• Right to Restrict Processing: Request that we limit how we use your personal data
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
• Right to Withdraw Consent: Withdraw your consent at any time (where processing is based on consent)
• Right to Data Portability: Request a copy of your data in a structured, commonly used, and machine-readable format
• Right to Lodge a Complaint: File a complaint with your local data protection authority

How to Exercise Your Rights

To exercise any of these rights, please submit a request via email to contact@darkvisitors.com. Include "Data Rights Request" in the subject line and provide sufficient information to verify your identity.

We will respond to your request within one month, though we may extend this by an additional two months for complex requests.

California Privacy Rights (CCPA)

We provide this notice at or before the time we collect your personal information as required by the California Consumer Privacy Act (CCPA).

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• You may request information about the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the purposes for collection, and the categories of third parties with whom we share it.
• You may request deletion of your personal data that we have collected from you, subject to certain legal exceptions.
• You may request correction of inaccurate personal information that we maintain about you.
• You have the right to opt-out of the sale or sharing of your personal information. As stated above, we do not sell or share personal information as defined by the CCPA.
• You have the right not to receive discriminatory treatment for exercising any of your CCPA rights.

To exercise any of these rights, California residents may submit a request via email to contact@darkvisitors.com. Please provide sufficient information to allow us to verify your identity. We will respond to your request within 45 days, or notify you if we require additional time (up to 90 days total).

Data Security

We use industry-standard measures to protect your data, including TLS for encryption in transit and AES-256 encryption at rest. Access is controlled via role-based permissions and security monitoring. No system is 100% secure, but we implement best practices to reduce risk.

Business Transfers

If our company is involved in a merger, acquisition, or asset sale, your data may be transferred. We will notify affected users and honor the protections outlined in this Privacy Policy.

Data Processing Agreement (DPA)

If you are a business customer and we process personal data on your behalf, our Data Processing Agreement (DPA) governs that relationship. The DPA includes GDPR-required terms and is available upon request or linked in applicable contracts.

Children's Privacy

Our platform is not directed to or intended for use by individuals under the age of 13 in the United States, or under the age of digital consent as defined by applicable data protection laws in other jurisdictions (typically 13 to 16 years old). We do not knowingly collect personal data from children. If you believe we've collected such data, please contact contact@darkvisitors.com to request removal.

Changes to This Privacy Policy

We update this Privacy Policy at least annually to ensure ongoing compliance with evolving legal standards (including CCPA, GDPR, and other applicable regulations). The date at the top of this policy reflects the most recent changes. Material changes will be posted here and, where appropriate, notified by email. Continued use of our platform after changes constitutes your acceptance of the updated terms.

Contact

If you have questions, concerns, or data-related requests, contact contact@darkvisitors.com.