1. What this is, and isn't
This policy describes what data takedowns collects when you use takedowns.vesamuni.com, the takedowns web app, and related services. It is written in plain English because the people who need to read it most are often the people with the least patience for legalese.
takedowns is operated by Vesamuni Cybersecurity ("we", "us", "our"). If you have questions about anything in this document, email our team and a human will reply.
2. What we collect
Account data. Email address, display name, and password hash. We do not require a real name, phone number, or identity verification. The Free plan is genuinely pseudonymous.
Case data. The fingerprints, URLs, and metadata you submit. Perceptual fingerprints are derived in your browser before transmission — we never see your original media unless you explicitly upload it (and we recommend you do not).
Dispatch data. Recipients, timestamps, and notice bodies for every takedown we send on your behalf.
Payment data. Processed by Stripe. We never see your card number. We store only the last four digits, the card brand, and the billing email you used.
Operational telemetry. Server logs (IP address truncated to /24, user agent, request path, status code) retained for 30 days for security and debugging.
3. What we do not collect
We do not collect biometric data. We do not sell your data to third parties. We do not run third-party advertising trackers. We do not fingerprint your device for cross-site tracking.
4. How we use what we collect
- To deliver the service you signed up for (case management, scans, dispatch, monitoring).
- To send you service-critical email: account verification, dispatch confirmations, security alerts.
- To send you product email you can opt out of at any time (release notes, tips).
- To respond to lawful legal process. We publish a transparency report twice a year.
5. How long we keep it
Account data lives until you delete your account, then is purged within 30 days. Case data lives until you delete the case. Dispatch records live for the life of the case plus 7 years, because they may be needed as evidence. Server logs auto-purge after 30 days. Financial records (transaction IDs, amounts, billing email) are kept for 7 years for tax compliance.
6. Your rights
You can export everything we have on you from the dashboard at any time. You can delete your account, your cases, and your fingerprints with a single click. You can request an immediate hard delete that bypasses the 30-day grace window. If you are in the EEA, UK, or California, you have additional statutory rights we honour globally: access, rectification, restriction, portability, and objection.
7. Where your data lives
Application data is hosted in Singapore and Frankfurt, with backups in a second region. Payment processing happens in Stripe's PCI-DSS Level 1 infrastructure. Email delivery is handled by a transactional email provider; we never put case content in the body of an email.
8. Children
takedowns is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it within 24 hours.
9. Changes to this policy
If we make a material change, we email you at least 30 days in advance and show a banner on the dashboard. Non-material changes (typo fixes, contact email updates) do not get a banner.
10. Contact
Email our team or write to Vesamuni Cybersecurity, Sri Lanka. The data controller is Vesamuni Cybersecurity, reachable at the same address.