Open source intelligence is the practice of legally collecting, analyzing, and interpreting information from publicly available sources to produce valuable insights for decision-making, security, or research. Indicia is a powerful OSINT platform that collects information from hundreds of sources and puts them right at your fingertips.

How can I lookup people?

With Indicia, you can access billions of records on emails, phone numbers, addresses, and names in the United States

Privacy Policy

Indicia Privacy Policy

Last Updated: 12/27/2025

This Privacy Policy explains how Indicia (“we,” “us,” or “our”) collects, uses, and protects your information when you use our OSINT platform at Indicia.app. By using Indicia, you agree to the practices described below.

1. Information We Collect

We collect only the data necessary to operate, secure, and improve the service:

1.1 Account Information

Email address (required for account recovery and paid subscriptions)
Username.
Password hash (we never store plain-text passwords).

1.2 Technical & Usage Information

IP address.
Device and access information (browser, timestamps, etc.).
Search History: We log the specific tools you access and the text queries you enter to provide your account dashboard and history functionality.

1.3 Uploaded Content & Biometric Data

We do not permanently store, retain, or archive images you upload to the Service. Uploaded images are processed temporarily for the duration of your request and are deleted from Indicia’s systems immediately after the output is generated. Some features (such as geolocation) require transmission of your uploaded images to third-party AI providers for processing. These providers analyze the content solely to generate the requested result. By default, third-party providers are not permitted to retain or use your images for model training or improvement. If a third-party provider offers an option to contribute your uploaded image to help improve its models, this will only occur if you provide explicit, separate, opt-in consent at the time of upload. If you do not opt in, your images will not be retained by any third-party provider and will not be used for training. Indicia does not control and is not responsible for the independent privacy practices of third-party providers when you choose to opt in to training. When you consent to such use, your uploaded image may be retained by that provider according to its own privacy policy. Without this opt-in consent, your uploaded content is not retained for any purpose beyond generating the requested output.

No Biometric Collection: Indicia does not maintain databases of biometric identifiers (such as face geometry or retina scans) for the purpose of identification. While third-party AI models may analyze features within an image to provide context or geolocation results, Indicia does not retain, store, or build profiles based on biometric templates. Indicia does not collect, create, or store biometric identifiers or biometric templates. When you upload an image, third-party AI providers may analyze visual features for the sole purpose of generating the requested result. They are contractually prohibited from using your uploaded content for biometric identification or recognition.

If any third-party provider wishes to use uploaded images for model improvement or training, this will occur only when you provide explicit, separate, opt-in consent at the time of upload. Without this opt-in, your images will not be used for training.

Third-Party AI Processing: To generate results for tools like geolocation, we transmit your image to trusted third-party Large Language Models (LLMs) and analysis tools. By using these features, you explicitly acknowledge and agree that:

Transmission for Analysis: Images may be transmitted to third-party AI processors solely for the purpose of generating the requested output (e.g., geolocation analysis).
Training & Retention: Uploaded images are not used by default for model training. Third-party providers may request to use your images for model improvement, but this will only occur if you provide explicit, separate consent at the time of upload. Without this opt-in consent, your uploaded content will not be retained or used for training.
Necessary Rights: You confirm that you have the right to upload the content you submit. If an upload contains personal data belonging to others, you are responsible for ensuring you have obtained any required permissions or notices before submitting it to the service.
Indicia as Intermediary: Indicia acts as an intermediary to minimize the exposure of your metadata; however, the content (image/text) is processed by these third parties subject to their own privacy policies and retention practices.

1.4 Legal Bases for Processing (EEA, UK, and Switzerland)

If you are located in the EEA, UK, or Switzerland, we process your personal data under the following legal bases:

Contract Necessity - to create and manage your account and provide the Service.
Legitimate Interests - to secure the platform, prevent abuse, and improve functionality.
Consent - when you explicitly choose to opt in to optional features such as allowing third-party providers to use your uploaded images for model improvement.

1.5 Data Retrieved from Public and Third-Party Sources

In providing our OSINT services, we retrieve, aggregate, and display data from public sources and third-party databases in response to your queries. This may include:

Breach & Compromise Data: Information retrieved from third-party breach repositories (e.g., “stealer logs,” exposed usernames, and passwords) solely for security analysis and digital forensics.
Geospatial & Contextual Data: Information derived from public reviews, photos, or check-ins (e.g., Google Maps contributions)
Public Metadata: Usernames, IDs, and social media details (e.g., Discord or Roblox Profiles). We do not create this data; we index and visualize it. By using the Service, you acknowledge that Search Results may contain PII belonging to third parties.

2. How We Use Your Information

We use your information exclusively for:

Operating and maintaining the Indicia platform
Securing the service against abuse, fraud, and attacks
Account authentication and user support
Internal analytics to improve functionality

We do not use your data for advertising, profiling, or marketing.

3.1 We Do Not Sell Your Data

Indicia never sells, trades, rents, or monetizes your personal information.

3.2 Service Providers & Third-Party Processors

We share necessary data with trusted third-party vendors solely for the purpose of operating the platform. These include:

Infrastructure Providers: Cloud hosting, email delivery, and security/DDoS protection services.
Payment Processors: We share transaction data with payment gateways (specifically Stripe for fiat and Oxapay for cryptocurrency) to process payments and prevent fraud.
Fiat: For credit card transactions, we do not store full card numbers; they are handled directly by Stripe.
Cryptocurrency: If you pay via crypto, we and our processor (Oxapay) collect and store the transaction hash, sending wallet address, and amount to verify the purchase. You acknowledge that these transaction details are public on the blockchain.
In the event of a dispute or chargeback, we may share user access logs and history with these processors to validate the transaction.
AI & Cloud Analysis Providers: We transmit content to enterprise-grade Large Language Models (LLMs) and analysis tools hosted by major cloud computing providers. We select these vendors based on their security standards and data protection policies. As noted in Section 1.3, we act as an intermediary; the content is processed by these providers to generate results.
Disputes & Chargebacks: In the event of fraud, abuse, or unpaid fees, we may share relevant account information with legal counsel or payment processors to resolve the matter.
Data Aggregators & Intelligence APIs: To fulfill specific search queries (such as breach checks, deep web searches, or social media lookups), we transmit your query parameters (e.g., an email address, username, or phone number) to specialized third-party data providers and search indices.

3.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, user information may be transferred to the acquiring entity as part of the transaction.

3.4 Law Enforcement Requests

4. Data Retention

Full account deletions (including your search history) may take up to 30 days to process.
Some records (such as logs required for security, compliance, or investigations) may be retained for up to 18 months (or longer only if required by an active legal hold or investigation), even after account deletion.
As stated in Section 1.3, we do not retain uploaded images or user content. These are processed in memory and discarded immediately after the result is generated.

5. Data Security

We use industry-standard security measures to protect your data, including:

Password hashing
Encrypted connections (HTTPS)
Access control and monitoring
Secure server infrastructure and logging

In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

No system is ever 100% secure, but we make every reasonable effort to keep your information safe.

6. Cookies

We use strictly necessary cookies for security (e.g., Cloudflare) and authentication. We also use performance/analytics cookies to improve the platform. You may adjust your browser settings to refuse analytics cookies, though this may affect service performance.

7. Data Storage Location

Indicia is operated from:

Fairfax County, Virginia, USA

Our primary server infrastructure is hosted in:

New York City, New York, USA

Please note that our third-party service providers (mentioned in Section 3.2) may process data in other secure facilities within the United States or globally depending on their network topology.

For users located in the European Economic Area (EEA), United Kingdom, or Switzerland, data transfers to the United States are conducted under the European Commission’s Standard Contractual Clauses (SCCs) or other valid transfer mechanisms. Our third-party processors are required to implement appropriate safeguards consistent with GDPR requirements.

8. Your Rights

Depending on your jurisdiction, you may have rights such as:

Accessing your data
Requesting corrections
Requesting deletion (processed within up to 30 days)

Do Not Track Signals: Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note that, like many other services, Indicia does not currently alter its practices when it receives a “Do Not Track” signal from a visitor’s browser.

If you are located in the EEA, UK, or Switzerland, you may also object to certain processing activities, request restriction of processing, or request portability of your data under applicable law.

We respond to all privacy-related requests within the time periods required under applicable law. To exercise these rights, contact us at the email below.

9. Children’s Privacy

Indicia does not knowingly collect or solicit personal information from anyone under the age of 18. If you are under 18, please do not use the Service or send any personal information to us. If we learn that we have collected personal information from a child under 18, we will delete that information as quickly as possible.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last Updated” date. Continued use of Indicia after updates means you accept the revised policy.

11. Contact Us

For privacy questions or requests, reach us here:

7419 Lisle Ave, Falls Church, VA 22043

support@indicia.app