Privacy Policy

The Short Version

We help creators protect their privacy. That means we take yours seriously too.

Here's what you need to know:

  • We collect only what we need to do our job
  • We don't sell your data (ever)
  • We encrypt the sensitive stuff
  • We delete client data after one year
  • You can ask us what we have on you anytime

If you want the full legal version, keep reading. If not, that's the gist.

Who We Are

Unpublic is a public benefit corporation based in Colorado. We provide privacy and security services to content creators and public figures. You can reach us at heythere@gounpublic.com.

What This Policy Covers

This policy explains what information we collect when you:

  • Visit our website
  • Sign up for our newsletter
  • Book a consultation
  • Become a client
  • Contact us

If you don't agree with how we handle your information, don't use our services. We'd rather you know upfront than find out later and feel weird about it.

Information We Collect

When You Visit Our Website

We use Fathom Analytics to understand how people use our site. Fathom is privacy-focused and doesn't track you across the internet or use cookies. It collects:

  • Which pages you visit
  • How long you stay
  • What device/browser you're using
  • General location (country/region level, not your actual address)

What we don't collect: Your IP address isn't stored permanently, and we can't identify you personally from this data.

When You Subscribe to Our Newsletter

We collect:

  • Your name (but we don't require it)
  • Your email address
  • Whatever else you choose to share (but we don't require it)

We use email service providers to manage our newsletter. They store this info on their servers. You can unsubscribe anytime using the link in every email.

When You Book a Call or Consultation

We collect:

  • Your name
  • Your email address
  • Whatever else you choose to share in the booking form (but we don't require it)

Prefer more privacy? You can reach us via Signal @gounpublic.404 or encrypted email. You can get more information about contacting us securely on our contact page.

When You Become a Client

This is where we collect more information, because we need it to actually do our job. What we collect depends on the service you hire us for.

We may need:

  • Personal identifiers (name, aliases, usernames, online profiles)
  • Contact information (email, phone, addresses)
  • Professional information (business details, licenses, public records)
  • Information about people you want us to check for exposure (family members, business partners)
  • Access to accounts or platforms we're securing
  • Documents, records, or other materials relevant to the service
  • Anything else necessary to provide the protection or analysis you've hired us for

The general principle: We collect what we need to do the work. Nothing more.

Before we collect sensitive information, we'll explain:

  • What we need
  • Why we need it
  • How we'll protect it
  • How long we'll keep it

Here's what matters: All sensitive client data is stored using end-to-end encryption. We can't read it without your encryption key, and neither can anyone else - including us, if you lose access.

We delete this data one year after your engagement ends. If you want it deleted sooner, just ask.

How We Use Your Information

We use your information to:

  • Provide the services you hired us for
  • Send you newsletters (if you signed up)
  • Respond to your questions
  • Process payments
  • Improve our website and services
  • Comply with legal obligations

We do not:

  • Sell your data
  • Share it with advertisers
  • Use it to train AI models
  • Keep it longer than necessary

Who We Share Your Information With

Service Providers

We work with third-party service providers to run our business. These fall into a few categories:

Email and Newsletter Services

  • What they handle: Your name and email address
  • What they do: Deliver newsletters and manage email communications
  • Where: Currently US-based providers

Payment Processors

  • What they handle: Payment information (we never see your full card number)
  • What they do: Process payments for subscriptions and services
  • Where: US-based
  • Note: Payment processors have their own PCI-compliant security measures and privacy policies

Website Analytics

  • What they handle: Anonymized website usage data (no personal identifiers)
  • What they do: Help us understand how people use our site
  • Where: EU-based
  • Note: We use privacy-focused analytics with no tracking cookies

Encrypted Storage

  • What they handle: Sensitive client data
  • What they do: Provide end-to-end encrypted storage
  • Where: Switzerland/EU
  • Note: End-to-end encrypted - even the storage provider can't read your data

Important things to know:

  • These providers are contractually required to keep your information confidential and use it only for the purposes we specify
  • We choose providers based on their privacy and security practices
  • They all have their own privacy policies (which you should read if you want details)
  • We're actively migrating to end-to-end encrypted and EU-based infrastructure where possible

If you want to know the specific companies we're currently using, email us and we'll tell you.

When the Law Requires It

We'll disclose your information if:

  • We're legally required to (court order, subpoena, etc.)
  • We need to protect our rights or someone's safety
  • We're investigating fraud or security issues

If we can legally tell you this is happening, we will.

No One Else

We don't share your information with anyone else unless you explicitly ask us to.

Security and What Happens If Things Go Wrong

Data Breaches

We take security seriously, but we're not going to pretend breaches are impossible. If we discover that your information has been compromised, here's what we'll do:

We'll notify you within 72 hours via email if:

  • The breach involves your personal information
  • There's a reasonable risk of harm to you

We'll tell you:

  • What happened
  • What information was affected
  • What we're doing about it
  • What you should do to protect yourself

We'll also notify regulators as required by law (GDPR, state breach notification laws, etc.).

Why you should trust this: We're not in the business of hiding problems. If something goes wrong, you'll hear it from us directly, not from the news.

We will only disclose your information if we're legally required to by:

  • Valid court orders
  • Subpoenas
  • Search warrants
  • Other legally binding requests from competent authorities

Here's what we do when we get a request:

  1. Verify it's legitimate - We check that it's a valid legal order with proper jurisdiction
  2. Challenge it if possible - If the request is overly broad, lacks proper legal basis, or threatens creator privacy, we push back
  3. Notify you when we can - If we're legally allowed to tell you about the request, we will
  4. Provide only what's required - We give the minimum information necessary to comply

What we CAN'T disclose even if ordered to:

  • End-to-end encrypted client data stored in Proton (we literally don't have the keys to decrypt it)
  • Information we don't collect (which is most things)

Reality check: We can't refuse valid court orders. But we can, and will, make sure any disclosure is legally proper and limited to what's absolutely required.

Cookies and Tracking

Short version: We don't use tracking cookies.

We use privacy-focused analytics that:

  • Doesn't use cookies at all
  • Doesn't track you across websites
  • Doesn't collect personally identifiable information
  • Doesn't sell data to advertisers

What our analytics does collect:

  • Page views (anonymized)
  • Referral sources (where traffic comes from)
  • Browser/device type (aggregated)
  • Country-level location (not your specific location)

If you want to block even this anonymous analytics, most ad blockers will do it. We won't be offended.

No cookie banner needed: Since we don't use tracking cookies, you don't have to deal with annoying cookie consent popups. You're welcome.

Marketing Communications

When you sign up for our newsletter, you'll get:

  • Newsletter content (obviously)
  • Important service updates
  • Security tips and privacy news
  • Information about new Unpublic services (you can opt out of this)

You control this:

  • Unsubscribe from everything by clicking the link in any email
  • Email us to opt out of promotional content while keeping security updates
  • Adjust your preferences as we build more controls

We will NEVER:

  • Sell or rent your email to third parties
  • Send you spam
  • Share your email with advertisers

If you get a sketchy email claiming to be from us, it's not. Forward it to us and we'll investigate.

Data Portability Details

You have the right to get a copy of your data in a usable format.

What we'll give you:

  • Your account information (name, email, etc.)
  • Newsletter subscription data
  • Communication history with us
  • For clients: Your audit data and any reports we've created

Format options:

  • PDF - Easy to read, good for records
  • CSV - For spreadsheet data

How to request it: Email us. We'll verify your identity and send you the data within 30 days (usually much faster).

Cost: Free for the first request in a 12-month period. We reserve the right to charge a reasonable administrative fee for repeated requests.

Testimonials and Client Stories

Your privacy extends to talking about you.

We will never:

  • Share your name or identifying information publicly without explicit permission
  • Use your success story in marketing without your consent
  • Publish testimonials without your approval
  • Identify you as a client unless you've agreed to it

If we want to share your story:

  • We'll ask you first
  • You can say no (it won't affect our service to you)
  • You can request anonymization
  • You can revoke permission later and we'll remove it

You can also proactively tell us: "Don't ever mention me publicly" and we'll flag your account accordingly.

Your Rights and Choices

Access Your Information

You can ask us what information we have about you. Email us and we'll send you a copy.

Correct Your Information

If something we have is wrong, let us know and we'll fix it.

Delete Your Information

You can ask us to delete your information anytime. We'll do it unless we're legally required to keep it.

Opt Out of Communications

Don't want our newsletter anymore? Click unsubscribe in any email. Don't want marketing emails? Tell us and we'll stop.

Download Your Information

Want a copy of your data in a portable format? We'll give it to you.

Special Notes for Different Locations

If You're in California (CCPA)

California residents have additional rights:

  • Right to know what personal information we collect and how we use it
  • Right to delete your personal information (with some exceptions)
  • Right to opt-out of the sale of personal information (but we don't sell your info, so this doesn't apply)
  • Right to non-discrimination for exercising these rights

To exercise these rights, contact us at privacy@gounpublic.com. We'll respond within 45 days.

If You're in Europe (GDPR)

If you're in the EU/EEA/UK, you have rights under GDPR:

  • Right to access your personal data
  • Right to rectification if your data is inaccurate
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to certain types of processing
  • Right to withdraw consent at any time

Legal basis for processing: We process your information based on:

  • Contract performance (when you're a client)
  • Consent (when you sign up for our newsletter)
  • Legitimate interests (for analytics and website improvement)

To exercise these rights or file a complaint, contact us. You also have the right to complain to your local data protection authority.

If You're in Nevada

Nevada residents can opt out of the sale of their personal information. We don't sell your information, so there's nothing to opt out of. But if you want to make it official, email us.

Children's Privacy

Our services aren't for children under 18. We don't knowingly collect information from minors. If you're a parent and think we have your child's information, contact us and we'll delete it.

Data Storage and International Transfers

Where your data lives:

We're actively transitioning to EU-based infrastructure because we believe your data deserves the strongest privacy protections available. Here's the current state:

Already EU-based:

  • Sensitive client data is stored in Proton (Switzerland/EU), which uses end-to-end encryption
  • Some services already use EU servers

Still US-based:

  • Some newsletter and website infrastructure currently uses US-based services (Ghost, Kit, Stripe)
  • We're working to move these to EU alternatives, but it takes time to do it right

What this means for you:

If you're outside the EU/Switzerland, your data may be transferred to those regions. If you're in the EU, some of your data (particularly newsletter subscriptions and payment processing) may be transferred to the US.

For EU residents: We ensure appropriate safeguards for any data transfers outside the EU:

  • Standard Contractual Clauses with US-based processors
  • End-to-end encryption for sensitive data (which makes the physical location less critical)
  • Only using processors with strong privacy commitments

We'll update this policy as we complete our migration to EU-based infrastructure.

Changes to This Policy

We'll update this policy when we need to. If we make major changes, we'll email you (if we have your email) or post a notice on our website.

The "Last Updated" date at the top shows when we last changed it. Check back occasionally if you want to stay current.

Contact Us

Questions? Concerns? Want to exercise your privacy rights?

Email (encrypted on our end): privacy@gounpublic.com
Signal: @gounpublic.404
Mail: Unpublic PBC, 215 S Wadsworth Blvd Unit 400 #677, Denver, CO 80226

The Bottom Line

We built Unpublic because we care about creator privacy. We're not going to be hypocrites about our own.

We collect what we need, protect what we collect, and delete it when we're done. If something changes, we'll tell you. If you have questions, ask us.

That's it. No fine print tricks. No buried gotchas. Just straight talk about how we handle your information.

BE PUBLIC. STAY PROTECTED.

Your digital trail has a fan club. And not the fun kind.
We’ll send privacy + security tips that help you stay ahead of the weirdos.

Unpublic

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Unpublic.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.