Privacy policy.
How we handle the information you give us so that we can delete you from data brokers. Plainly written, properly footnoted, and shorter than most.
Who we are.
Nox Æterna Ltd. is a private limited company registered in England & Wales (Companies House No. 15782041), with its registered office at 71–75 Shelton Street, Covent Garden, London WC2H 9JQ. We are registered with the UK Information Commissioner's Office under registration number ZA871402.
For customers resident in the United States, the controller is Nox Æterna Inc., a Delaware C-Corporation (EIN 99-1234567), with registered agent service at 251 Little Falls Drive, Wilmington, DE 19808.
In this policy, “Nox Æterna”, “we”, “us”, and “our” refer to whichever of the above entities is the controller of your personal data under the law that applies to you.
What data we collect.
We collect only what we need in order to identify you to a data broker, prove that you have the right to demand erasure, and confirm that the erasure has been carried out. Nothing else.
| Category | Examples | Source |
|---|---|---|
| Identity | Full legal name, date of birth, current and former addresses (up to 10 years) | You, at checkout |
| Government ID | Passport, driving licence, or national ID scan; selfie for liveness | You, via Veriff / Persona |
| Contact | Email address, optional mobile number | You, at checkout |
| Authority | Signed limited power-of-attorney authorising us to issue erasure requests on your behalf | You, via SignWell |
| Transaction | Payment timestamp, last 4 digits of card, order reference, tier purchased | Stripe |
| Operational | Outbound erasure requests we sent, broker responses, removal confirmations, IP address used to access status pages | Our systems |
We do not collect special-category data (health, biometric profiling, political opinion, sexual orientation, religious belief). Your ID document is used solely to verify identity at the moment of verification and is then encrypted at rest until it is destroyed in accordance with §6.
Why we collect it.
Under the UK GDPR and the EU GDPR, every act of processing must rest on one of the six lawful bases set out in Art. 6(1). We rely on two of them, and we use each for a specific reason:
- Performance of a contract — Art. 6(1)(b). You have paid us to delete your data from data brokers. We cannot perform that contract without your name, addresses, email, and authority. Without these, there is no deletion to be performed.
- Compliance with a legal obligation — Art. 6(1)(c). Money laundering regulations and broker counter-fraud policies require us to verify the identity of any person on whose behalf we issue erasure demands. This is why we ask for a government ID.
For US customers, equivalent bases under the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.) apply, together with the Federal Trade Commission Act § 5.
We do not rely on “legitimate interests” for any processing of customer data. We do not sell, rent, trade or syndicate personal data to any third party for advertising, modelling, scoring or enrichment, ever.
Who we share it with.
To deliver the service we engage a small number of specialist processors. Each is bound by a written data-processing agreement and acts strictly on our documented instructions.
| Processor | Purpose | Jurisdiction |
|---|---|---|
| Stripe Payments UK Ltd. / Stripe Inc. | Payment processing, card tokenisation, refund handling | UK / US |
| Veriff OU | Identity verification for customers resident in the UK and EEA | Estonia |
| Persona Identities Inc. | Identity verification for customers resident in the US | US |
| SignWell Inc. | Electronic signing of the limited power-of-attorney | US |
| Postmark (ActiveCampaign LLC) | Transactional email delivery (order confirmation, PDF proof) | US |
| Amazon Web Services EMEA SARL | Hosting, encrypted storage, automated workers | UK (eu-west-2) & US (us-east-1) |
| PostHog Inc. | Privacy-respecting product analytics (no profiles, no cross-site tracking) | EU region |
The data brokers and people-search sites we contact on your behalf are recipients, not processors. We send them the minimum information necessary to locate and remove your record — typically your name plus one or two addresses. We never give them your government ID or signature image.
Beyond the processors above, we share personal data only when compelled to do so by a court order or by a binding request from a competent regulator, and only after taking legal advice.
Where data is stored.
UK and EEA customer data is held in AWS region eu-west-2 (London). US customer data is held in us-east-1 (Virginia). Storage is encrypted at rest using AES-256 with keys managed in AWS KMS; transport between systems is encrypted with TLS 1.3.
Identity documents are stored in a separate, hardened bucket with object-level encryption and a strict deny-by-default IAM policy. Access is restricted to a named list of operations engineers and is logged in CloudTrail with daily review.
We operate the principle of least privilege. No marketing or growth staff have access to identifiable customer data. No third-party SaaS has read access to ID documents. Backups are encrypted and overwritten on a 90-day rolling window.
How long we keep it.
We are committed to retaining personal data for the shortest time that is consistent with delivering the service and meeting our legal obligations.
- Identity documents (ID scan, selfie): destroyed within 24 hours of successful verification.
- Name, addresses, email, signed power-of-attorney: retained for the active phase of the engagement and for 90 days after the final removal report is delivered. After that, we cryptographically shred the encryption keys, rendering the underlying records unrecoverable.
- Order metadata (order number, tier, amount paid, anonymised audit log): retained for seven years in line with our obligations under the UK Companies Act 2006 and HMRC record-keeping rules. This data does not contain your name or address.
- Re-scan tier: if you purchase a Re-scan add-on, we retain the minimum identifying fields necessary to repeat the work, and we apply the same 90-day post-completion shred to that cycle as well.
Your rights.
Under the UK GDPR you have the following rights, free of charge, exercisable at any time by emailing dpo@noxaeterna.com:
- Access — Art. 15. A copy of the personal data we hold about you.
- Rectification — Art. 16. Correction of inaccurate or incomplete data.
- Erasure — Art. 17. Deletion of your data from our systems, subject to the seven-year obligation noted in §6.
- Restriction — Art. 18. Pausing of processing while a dispute is resolved.
- Portability — Art. 20. A machine-readable export of the data you provided.
- Objection — Art. 21. The right to object to processing, although in practice all of our processing is contract-necessary and cannot continue without it.
For US customers, the equivalent rights under the CCPA (§ 1798.100, § 1798.105, § 1798.120) apply. We respond to verified requests within 30 days (UK / EEA) or 45 days (US), in line with statutory deadlines.
International transfers.
Where data is transferred outside the United Kingdom or the EEA — in particular to our US processors and to US-located data brokers when serving US customers — we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses (Commission Implementing Decision 2021/914) and, where applicable, on the UK-US Data Bridge and EU-US Data Privacy Framework.
For UK and EEA customers, the routine operation of the service does not require sending your data to the United States. Your data stays in eu-west-2; only the broker-facing erasure requests cross borders, and they contain only the minimum fields needed to identify your record.
Cookies and analytics.
We use the smallest possible set of cookies and similar storage. There is no third-party advertising cookie, no behavioural-profiling pixel, and no cross-site tracker on this site.
| Cookie | Purpose | Duration |
|---|---|---|
| nx_session | Maintains your checkout state between steps; strictly necessary. | Session |
| nx_cart | Remembers your selected tier before payment; strictly necessary. | 30 days |
| ph_* (PostHog) | Aggregate product analytics: page views, conversion, no profile, no fingerprint. Opt-out via the banner below. | 365 days |
You can opt out of PostHog analytics at any time by clicking decline analytics. Strictly necessary cookies cannot be disabled because the checkout flow will not function without them.
Children.
Nox Æterna is a service for adults. You must be at least 18 years of age to enter into a contract with us. We do not knowingly collect data from anyone under 18. If you believe a minor has submitted information through this service, please contact dpo@noxaeterna.com and we will erase the record within 72 hours.
The Family tier is an exception — an adult may purchase deletion services for a minor child in their own household, in which case the adult is the contracting party and provides parental consent for the child's data. Identity verification is then performed on the parent only.
Changes to this policy.
We will revise this policy from time to time, for example when we add a new processor, change a retention window, or alter a transfer mechanism. When we do, we will:
- Update the “Effective” date at the top of the document.
- Publish a dated change-log entry at the foot of this page.
- For material changes, email every customer with an active or recent (< 12 months) engagement at the address on file.
If a change is one you do not accept, you may exercise your right of erasure under §7. We will not retroactively apply a less protective policy to data we have already collected under an earlier version.
Contact & complaints.
Our Data Protection Officer is reachable directly at dpo@noxaeterna.com. We aim to acknowledge every request within two working days.
If you are not satisfied with our response, you have the right to complain to the UK Information Commissioner's Office at ico.org.uk/make-a-complaint, telephone 0303 123 1113. EEA residents may contact their local supervisory authority. US residents may file with the California Privacy Protection Agency or their state Attorney General as appropriate.
You are not required to complain to us before approaching the regulator, but we would be grateful for the chance to put things right first.