How we handle the data we touch.

Overview

Barnacle operates an internal enforcement workspace for authorized creator protection. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the choices you have. It applies to operators and clients of the Service; creators whose content is protected through the Service are covered by the authority records and contracts maintained by their authorized representatives.

Information we collect

We collect the following categories of information:

• Account data. Names, work email, organization, role, and authentication tokens for operator accounts.
• Authority records. Documents establishing authorization to act on behalf of a creator, including signed authorizations, identity verification, and contact details.
• Case data. URLs submitted, capture metadata, screenshots, hashes, reviewer decisions, and notice history.
• Usage data. Pages viewed, actions taken, IP address, browser, and approximate location, used for security and product analytics.

How we use information

We use information to:

1. Operate the Service: ingest findings, generate notices, send takedowns, track follow-ups, and surface case status.
2. Preserve immutable evidence for legal and audit purposes, including Object Lock storage of captures and notices.
3. Investigate misuse, debug errors, and improve reliability, performance, and security.
4. Communicate with operators about cases, product updates, and service incidents.

Sharing information

We share information only as needed to run the Service and as permitted by your contract:

• Recipients of notices. Site operators, hosts, registrars, search engines, and platform compliance teams receive the information necessary to act on a notice you have authorized.
• Subprocessors. Hosting, storage, error tracking, and email providers process data on our behalf under written agreements.
• Legal requirements. We may disclose information when required by law, valid legal process, or to protect rights, safety, or property.

We do not sell personal information and we do not share information for cross-context behavioral advertising.

Retention

Evidence captures and notice history are retained for the term of your engagement plus a defined post-termination retention window designed to preserve the legal record. Operator account data is retained for the duration of your access and then deleted on the schedule documented in your Master Services Agreement.

Security

We use encryption in transit and at rest, scoped access controls, audit logging, and Object Lock for legal evidence storage. No system is perfectly secure; report suspected vulnerabilities to security@barnacle.ops.

Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or restrict our use of your personal information. To exercise a right, contact privacy@barnacle.ops. We will verify your identity and respond within the timelines required by applicable law.

International transfers

Information may be processed in jurisdictions other than the one in which it was collected. Where transfers occur, we rely on the appropriate legal mechanisms, including Standard Contractual Clauses where applicable.

Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will delete it.

Changes and contact

We may update this Privacy Policy from time to time. The current version will always be posted at this URL with the date below. Material changes will be communicated to your account owner.

Questions? Reach our team at privacy@barnacle.ops.