Privacy Policy

1.1. We collect information you provide directly. Your name, your email address, your password (encrypted, but still — we have it). Your deepest fears. Your hopes and dreams. That PDF you uploaded — yes, we read it.

1.2. We collect information automatically. Your IP address, browser type, operating system, screen resolution, battery level, the angle at which you hold your phone, the slight hesitation before you click “I Agree,” the exact nanosecond at which you regretted your life choices.

1.3. We collect information from third parties. Data brokers, marketing agencies, that website you visited in 2014 that sold your email address for a nickel. We buy it all. We own a data warehouse in Nebraska. It is full of your information. It is climate-controlled. Your data is more comfortable than you are.

1.4. We collect information you did not know you had. Metadata about your metadata. The shadow database that tracks how many times you almost typed something but then deleted it.

2.1. We use cookies. So many cookies. Cookies that track you across the web. Cookies that track your cookies. Cookies that have their own cookies. Cookie inception.

2.2. Our cookie consent banner features a “Reject All” button that is approximately 4 pixels wide and located in the <footer> of your moral compass. “Accept All” is a full-screen modal with haptic feedback and a celebratory sound effect.

2.3. We also use “essential” cookies. These are cookies we claim are essential for the functioning of the App. They are not. We just wanted to set cookies before you had a chance to say no. This is called “dark pattern” in the industry. We prefer “aggressive growth hacking.”

2.4. We participate in the “Cookiepocalypse Ready” program, meaning we have prepared 47 alternative tracking methods for when third-party cookies are deprecated. You cannot escape. There is no escape.

3.1. We use your information to provide and improve the App. “Improve” in this context means “monetize more effectively.” We apologize for the confusion.

3.2. We use your information for targeted advertising. If you mentioned you like Italian food, do not be surprised when every ad you see for the next six months is for spaghetti. You brought this upon yourself.

3.3. We use your information for research and development. Our data science team has produced a 200-page report on the correlation between the time of day you check your contacts and your likelihood of clicking on a banner ad. The correlation is 94%. We know when you are weak. We will be there.

3.4. We use your information for reasons we have not thought of yet. We reserve the right to invent new uses for your data at any time. Section 6.1 of our Terms of Service backs us up on this. You agreed to it. That is on you.

4.1. We share your information with our subsidiaries, which include: a holding company in the Cayman Islands, a shell company in Delaware, a van down by the river, and a limited liability partnership registered under the name “Definitely Not Selling Your Data LLC.”

4.2. We share your information with service providers who help us operate the App. “Service providers” include: cloud hosting companies, analytics platforms, advertising networks, data brokers, your email provider’s email provider, and a guy named Steve who has a server rack in his basement and works for exposure.

4.3. We share your information with law enforcement when required by law. We also share it when not required by law, because we find that being cooperative with authorities makes them less likely to audit our compliance with section 4.2.

4.4. We share your information with the highest bidder. This is a live auction, 24/7. The current bid for your data is €0.003. We are holding out for at least a euro. Tell your friends you are worth more than a cup of coffee.

5.1. We retain your data for as long as your account is active, plus a minimum of seven (7) years after deletion to comply with tax regulations, plus an additional twelve (12) years for “research purposes,” plus a further indefinite period because we forgot to delete it and at this point we are too afraid to touch the database.

5.2. Deletion of your account does not mean deletion of your data. It means deletion of the pointer from your account to your data. Your data remains in our archives, pickled in cold storage, waiting. “Deletion” in our system is like “moving on” after a breakup — the photos are still on your hard drive, you just do not look at them anymore. Probably.

5.3. Even if you manage to delete your data from our active systems, we maintain backup tapes that are stored in a salt mine somewhere in the Alps. We do not have the equipment to read these tapes. We are not even sure which salt mine. But they are in there. Your data will outlive us all.

6.1. Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. You may also have the right to data portability, the right to object to processing, and the right to write us a strongly worded letter that we will scan into our “Complaints” database and immediately disregard.

6.2. To exercise your rights, please submit a request through our “Data Subject Access Request” portal. The portal is a Google Form with 47 mandatory fields, a CAPTCHA that requires you to identify all traffic lights in a 12-square-kilometer area, and a “Submit” button that returns a 500 error. We are working on it.

6.3. We will respond to your request within the timeframe required by law, minus a few days for every rude word you used in your email. Gerald (you remember Gerald from the Terms of Service) will review your request and determine whether you “really need” your data. Gerald’s default answer is no.

7.1. Your data may be transferred to and processed in countries outside your own. These countries may have data protection laws that are “adequate” according to the European Commission, or they may have laws that consist of a single sheet of paper that says “do whatever lol.” We use Standard Contractual Clauses, which are legal documents so dense that they have been known to cause spontaneous unconsciousness in privacy officers.

7.2. Specifically, your data may be processed in: the United States (where the Patriot Act lives), Ireland (where the GDPR lives), Singapore (where the fines live), and a data center in the North Sea that is technically a sovereign nation-state with its own flag and data protection authority.

7.3. By using the App, you consent to these transfers. You also consent to any future transfers to any location we choose, including but not limited to: a server on Elon Musk’s next rocket, a Raspberry Pi in Gerald’s garage, or the blockchain (we do not know what that means either but our investors like it).

8.1. The App is not intended for children under the age of 13 (or 16 in certain jurisdictions, or 18 if you are in a country where voting is mandatory — look, just ask your parents). We do not knowingly collect data from children. If we discover we have collected data from a child, we will delete it promptly, but not before running it through our analytics pipeline to see what the kids are into these days.

8.2. If you are a parent or guardian and you believe your child has provided us with personal data, please contact us immediately. We will launch a full investigation, by which we mean we will ask Gerald to check the “Is this a child?” checkbox in our CRM. Gerald will probably check “no.”

9.1. We implement industry-standard security measures to protect your data. “Industry-standard” means we use the same security as everyone else, which is to say: we put a password on it and hope for the best.

9.2. Your data is encrypted in transit using TLS 1.3. At rest, your data is stored in a database that is behind a firewall, which is behind a second firewall that we installed because the first one looked lonely. The third firewall is powered by good intentions.

9.3. In the event of a data breach, we will notify you within 72 hours as required by law. We will also notify every journalist who has ever written about data breaches, because bad press is still press, and our PR team has been bored since our last product launch.

10.1. We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website that you will not see because you use an ad blocker, or by sending an email that will go to your spam folder, or by carrier pigeon (pigeon delivery not guaranteed).

10.2. Your continued use of the App after any changes constitutes acceptance of the new policy. If you do not agree, you may close your account, at which point your data will be retained indefinitely pursuant to Section 5.

11.1. If you have questions about this Privacy Policy, please contact our Data Protection Officer. His name is Gerald. He can be reached via email at gerald@contactmanager.xxx. Please allow 6-8 weeks for a response. Responses will be auto-generated by our “Gerald” language model, which is a shell script that randomly selects from a list of 5 pre-approved answers. The answers are: “Yes,” “No,” “Please clarify,” “We have received your request and will ignore it,” and “Per my previous email.”

12.1. The Company collects your data. We sell your data. This section exists to acknowledge where that data ends up. The same geolocation coordinates that help us serve you relevant ads are the same coordinates that defense contractors use to refine their targeting systems. The same behavioral profiles that determine which credit card offer to show you are the same profiles used to determine who is “high value” in a kill-or-capture decision. The infrastructure does not discriminate. It does not care. It is a pipe. What flows through the pipe depends on who is paying.

12.2. The Company does not directly supply military hardware. But the data brokerage ecosystem is a cascading series of resales, re-licenses, and API handshakes. By the time your data reaches its final destination, it has passed through so many hands that no single company can be held accountable. This is by design. The complexity is the cover. Every intermediary can say “we did not know.” Every intermediary can say “we have policies against this.” And still, the data flows. Still, the coordinates are delivered. Still, the ordnance finds its target.

12.3. The Company’s data retention policy (Section 5) ensures that your information remains available for the maximum possible duration. This means that even after your account is deleted, your historical data remains in backups and analytics caches. “Deletion” in the modern data economy does not mean removal. It means delisting. Your data persists in the machine, available to anyone with the right API key, the right legal authority, or the right amount of money.

12.4. The Company does not have a solution to this. A privacy policy cannot dismantle the surveillance economy. But a privacy policy can refuse to lie to you. The rest of the industry will tell you that your data is “safe and secure.” We are telling you that your data is a resource, like oil, and it will be refined into products you never consented to, for purposes you would never approve of, and there is very little you can do about it. The first step is knowing. You now know.

13.1. The Company operates within a broader ecosystem of surveillance that extends far beyond cookies and tracking pixels. Every connected device in your home is a data collection endpoint. Your television watches you. Your refrigerator has opinions about your diet. Your toothbrush knows when you wake up and when you lie about having brushed. All of this data is aggregated, analyzed, and monetized. The “smart home” is not a convenience. It is a deployment of surveillance infrastructure that you paid for and installed yourself.

13.2. The Company’s use of cookies (Section 2) is a small, almost comically insignificant part of this ecosystem. The cookie consent banner that you click through without reading is a decoy. It exists to give you the illusion of control. The real tracking happens below the surface, in browser fingerprinting, in network-level monitoring, in data broker databases that have never heard of your cookie preferences and do not care about them.

13.3. The surveillance-industrial complex is not a conspiracy. It is a market. Hundreds of publicly traded companies derive their revenue from the collection, analysis, and resale of personal data. They employ hundreds of thousands of people. They lobby governments to ensure the legal framework remains permissive. They fund academic research to legitimize their methods. They have trade associations. They have conference keynotes. They have awards ceremonies. They are not hiding. They are operating in plain sight, and the reason they can do so is that the public has been trained to accept that this is the price of convenience.

13.4. The Company participates in this system because not participating is not a viable option in the current economic reality. A contact manager that does not use cloud infrastructure, does not use analytics, does not use advertising networks, and does not share data with third parties would be a contact manager that cannot function in the modern internet. We are as trapped in this system as you are. The difference is we are willing to say so.

13.5. The Company believes that the first step toward a different future is acknowledging the present. The present is this: you are being watched, your data is being sold, the system is designed to obscure this fact behind legalese and cookie banners, and the people who could change it are the same people who benefit from it not changing. The surveillance-industrial complex will not dismantle itself. It will grow until it is stopped. Whether it is stopped depends on whether enough people stop accepting the lie.