CONFIDANTI

Legal

Privacy Policy

Last updated: 2026-05-13

This policy explains what personal data Confidanti collects, why we collect it, who we share it with, and how you can control it. We deliberately keep it short and in plain English.

Who we are

Confidanti is the data controller for the personal data described in this policy. You can reach us at privacy@confidanti.com.

What we collect

  • Contact, free-test, and quote-request forms: your name, work email, company name (optional), and the content of your message. For free phishing tests, we also collect the domain to be tested and your authorization to test it.
  • Paid subscriptions: billing is handled by Stripe — we never see or store your card number. We receive your name, email, billing country, plan tier, and payment status from Stripe.
  • Transactional email: delivery metadata (bounce/complaint events) is processed by Resend on our behalf.
  • Server logs: IP, user-agent, URL, and timestamp are retained for up to 90 days for security and abuse prevention.
  • Cookies: see our Cookie Policy.

Why we use it

  • To provide the service you signed up for.
  • To respond to your inquiries.
  • To send transactional email — receipts, security alerts, onboarding.
  • To prevent fraud and abuse, and to keep the site secure.
  • To comply with our legal obligations.

We do not sell personal data and we do not profile or use your data for advertising decisions.

Who we share it with

We use these subprocessors to operate the service:

  • Google: hosting, processing and storage.
  • Stripe: payment processing, subject to Stripe's privacy policy.
  • Resend: transactional email delivery.

Data is shared with subprocessors only as needed to operate the service, under data-processing agreements. We do not share personal data with anyone else except where legally compelled or to protect rights and safety.

Where your data lives

Primary storage is USA, but data may reside in either USA, EU or Brazil. Some subprocessors operate globally. For users in Europe, the UK, or Brazil, transfers to the US are protected by Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.

How long we keep it

  • Leads not converted to customers: 24 months from last contact.
  • Customer records and subscription history: for the duration of your subscription, plus up to 6 years after termination for tax and accounting compliance.
  • Server logs and email delivery metadata: 90 days.

Your rights

Depending on where you live, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion (subject to legal-retention obligations).
  • Request portability of your data in a machine-readable format.
  • Object to processing or withdraw consent.
  • Lodge a complaint with your local data-protection authority.

Email privacy@confidanti.com to exercise any of these. We aim to respond within 10 days.

Cookies

See our Cookie Policy for the categories we use and how to change your choice.

Changes to this policy

We will update this policy as the service evolves. Material changes are announced at least 30 days in advance via email to active customers and via a banner on this page. The "Last updated" date at the top reflects the most recent revision.

Contact

privacy@confidanti.com — for any privacy-related question, request, or complaint.