Overview
DoNotContact.net protects your privacy while providing a subscription-based suppression list service. We comply with CCPA, CPRA, and other applicable privacy laws.
Privacy-First Design
We minimize personal data storage through cryptographic hashing. In our systems, we store only irreversible hashes of your contact information that allow campaigns to identify and remove you from their lists without ever revealing your actual contact details. While payment processing requires your contact information to be stored with Stripe (our secure payment processor), our core suppression service is designed to protect your privacy through advanced cryptographic techniques.
Information We Collect
Personal Information Categories (CCPA)
| Category | Examples | Collected | Business Purpose |
|---|---|---|---|
| Commercial Information | Subscription type, payment status, billing history | Yes | Service delivery, billing, account management |
| Financial Information | Payment method details, billing address (collected and processed by Stripe) | Yes | Payment processing, fraud prevention |
| Hashed Identifiers | Cryptographically hashed versions of email addresses and phone numbers (stored in our systems) | Yes | Suppression service, identity verification |
| Identifiers | Email addresses, phone numbers, billing address (collected and stored by Stripe) | Yes | Payment processing, account management, billing, service communications, targeted advertising |
| Internet Activity | IP address, browser information, usage patterns, website analytics data | Yes | Security, system optimization, service analytics |
Data Processing Partners
Payment Processing
We use Stripe as our payment processor. When you sign up for our service, Stripe collects and stores your payment information and contact details according to their privacy policy. This includes:
- Billing address required for payment processing
- Email address for billing and account management
- Payment method information (credit card details)
- Phone number when provided during checkout
Why this matters: While we can't control Stripe's data storage (as they're required to store payment data for legal and security reasons), we've designed our suppression service to be privacy-preserving by using only cryptographic hashes rather than your actual contact information.
Our Privacy-First Approach
Even though payment processing requires standard data collection, we've minimized privacy exposure in our core service:
- Separated systems: Payment data stays with Stripe, suppression data uses only hashes
- Campaign privacy: Political campaigns never see your actual contact information
- One-way hashing: We cannot reverse our hashes to reveal your contact details
How We Use Your Information
How We Protect Your Data
We use industry-standard encryption and privacy-preserving techniques to minimize personal data exposure:
- Audit trails: Immutable consent records for regulatory compliance
- Cryptographic hashing: Your email/phone becomes an irreversible anonymous identifier in our systems
- Minimal data collection: We only collect what's necessary for the suppression service
- Payment processing: Collected and stored by Stripe (email, billing info)
- Secure processing: All data is encrypted in transit and at rest
- Separated data storage: Payment data is securely handled by Stripe, while our suppression service uses only hashed identifiers
- Service analytics: Anonymous usage data to improve our service
Data Sharing Overview
We share your hashed identifiers in three distinct ways to provide comprehensive suppression services:
1. Core Service Delivery
Who: Political campaigns (as requested by you)
Purpose: To perform the suppression service you paid for
Data: Your hashed email/phone identifiers only
2. Compliance Alliance Network (Outbound)
Who: Approved Alliance members (campaigns, vendors, list companies)
Purpose: Enhanced suppression coverage across marketing ecosystem
Data: Hashed identifiers plus suppression metadata
3. Compliance Alliance Network (Inbound)
Who: Alliance members share data back to us
Purpose: Improve service quality and deliverability intelligence
Data: Bounce data, deliverability scores, list quality metrics (all hashed)
Bidirectional Alliance Benefits
- • Enhanced Suppression: Your opt-out protects you across the entire network
- • Quality Intelligence: Alliance feedback helps improve deliverability and reduces spam
- • Proactive Protection: Deliverability scoring helps identify problematic senders
- • Complete Privacy: All data exchange uses anonymous hashing technology
Specific Uses
- Core Suppression Service: Sharing hashed identifiers with political campaigns to perform the service you hired us for
- Compliance Alliance Network: Bidirectional sharing with Alliance members for enhanced suppression and deliverability intelligence
- Deliverability Scoring: Creating quality scores based on Alliance feedback to help identify problematic contacts and improve email ecosystem health
- Service Quality Improvement: Using Alliance data (bounce rates, spam complaints) to enhance our suppression effectiveness
- Compliance: Meeting legal obligations and audit requirements
- Identity Verification: Confirming your identity for data access requests
- Security: Preventing fraud and unauthorized access
- Service Communications: Sending confirmations, reports, and account updates
- Service Marketing: We may occasionally show you ads for our additional services using your hashed data
Your Privacy Rights
California Consumer Privacy Rights (CCPA/CPRA)
Right to Know
Request information about what personal information we collect, use, and share
Right to Delete
Request deletion of your personal information (subject to legal retention requirements)
Right to Correct
Request correction of inaccurate personal information
Right to Portability
Obtain a copy of your personal information in a portable format
Right to Opt-Out
Opt out of the sale/sharing of personal information (though we don't sell data)
Right to Non-Discrimination
Not receive discriminatory treatment for exercising privacy rights
How to Exercise Your Rights
Use our comprehensive privacy request API or contact us directly. We use payment-based verification with your Stripe payment intent ID to confirm your identity securely without sending emails or SMS.
Response Timeframes:
- • Acknowledgment: Within 10 business days
- • Response: Within 45 days (may extend to 90 days for complex requests)
Security Measures
Technical Safeguards
- Access Controls: Least-privilege access with multi-factor authentication
- Encryption: All data encrypted at rest using AWS KMS
- Hashing: Personal identifiers stored only as irreversible SHA-256 hashes
- Network Security: TLS encryption for all data in transit
Organizational Safeguards
- Annual security assessments
- Incident response procedures
- Regular security training for staff
- Vendor security requirements
Contact Information
Privacy Inquiries
privacy@donotcontact.net
General Support
support@donotcontact.net