Legal

Privacy Policy

Last updated: 25 June 2026. Plain English. We will email you at least 30 days before any material change.

1. What this is, and isn't

This policy describes what data takedowns collects when you use takedowns.vesamuni.com, the takedowns web app, and related services. It is written in plain English because the people who need to read it most are often the people with the least patience for legalese.

takedowns is operated by Vesamuni Cybersecurity ("we", "us", "our"). If you have questions about anything in this document, email our team and a human will reply.

2. What we collect

Account data. Email address, display name, and password hash. We do not require a real name, phone number, or identity verification. The Free plan is genuinely pseudonymous.

Case data. The fingerprints, URLs, and metadata you submit. Perceptual fingerprints are derived in your browser before transmission — we never see your original media unless you explicitly upload it (and we recommend you do not).

Dispatch data. Recipients, timestamps, and notice bodies for every takedown we send on your behalf.

Payment data. Processed by Stripe. We never see your card number. We store only the last four digits, the card brand, and the billing email you used.

Operational telemetry. Server logs (IP address truncated to /24, user agent, request path, status code) retained for 30 days for security and debugging.

3. What we do not collect

We do not collect biometric data. We do not sell your data to third parties. We do not run third-party advertising trackers. We do not fingerprint your device for cross-site tracking.

4. How we use what we collect

5. How long we keep it

Account data lives until you delete your account, then is purged within 30 days. Case data lives until you delete the case. Dispatch records live for the life of the case plus 7 years, because they may be needed as evidence. Server logs auto-purge after 30 days. Financial records (transaction IDs, amounts, billing email) are kept for 7 years for tax compliance.

6. Your rights

You can export everything we have on you from the dashboard at any time. You can delete your account, your cases, and your fingerprints with a single click. You can request an immediate hard delete that bypasses the 30-day grace window. If you are in the EEA, UK, or California, you have additional statutory rights we honour globally: access, rectification, restriction, portability, and objection.

7. Where your data lives

Application data is hosted in Singapore and Frankfurt, with backups in a second region. Payment processing happens in Stripe's PCI-DSS Level 1 infrastructure. Email delivery is handled by a transactional email provider; we never put case content in the body of an email.

8. Children

takedowns is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it within 24 hours.

9. Changes to this policy

If we make a material change, we email you at least 30 days in advance and show a banner on the dashboard. Non-material changes (typo fixes, contact email updates) do not get a banner.

10. Contact

Email our team or write to Vesamuni Cybersecurity, Sri Lanka. The data controller is Vesamuni Cybersecurity, reachable at the same address.