Catfish BaitCATFISH BAIT

Privacy Policy

Last updated: April 14, 2026

🔒 Our Promise: We do NOT permanently store your uploaded photos, documents, or messages. We do NOT sell, rent, or share your personal data. Your investigation data is encrypted and automatically purged after 30 days.

1. Who We Are

Catfish Bait is operated by T3kniQ LLC ("we," "us," "our"). We are an anti-catfishing and romance scam detection platform at catfishbait.app. For privacy inquiries, contact us at john@t3kniq.com.

2. Information We Collect

2.1 Account Information (Retained)

When you create an account, we collect and retain your email address and authentication provider (Google). If your provider shares your name and profile photo, we may display these but do not separately store them.

2.2 Investigation Data (Temporary)

When using our tools, you may submit photos, ID documents, messages, phone numbers, and usernames for analysis.

📌 ZERO DOCUMENT RETENTION: Uploaded photos, ID documents, and message text are processed in-memory only during analysis. Original files are NOT written to permanent storage. Only the AI-generated analysis results (scores, findings, summaries) are retained — never your original submitted content.

2.3 Bait Link Data (Target Data)

When investigation targets click bait links, we capture their IP address, approximate geolocation, device/browser information, and VPN/proxy/Tor status. This data pertains to investigation targets, not to our registered users.

2.4 Usage & Analytics

We collect anonymized usage analytics (page views, feature usage) via Google Analytics to improve the Service. This data does not identify individual users.

3. How We Use Your Information

  • Provide the Service: Authenticate your identity and deliver investigation results
  • Improve the Service: Anonymized analytics to enhance tool accuracy and user experience
  • Communicate: Respond to support requests and send critical account notifications
  • Security: Detect and prevent abuse, fraud, and unauthorized access

We do NOT use your data for advertising, profiling, or any purpose beyond delivering and improving the Service.

4. Data Sharing — We Don't

We do NOT sell, rent, lease, trade, or share your personal information with any third party. We do not participate in data broker networks. We do not provide user data to advertisers.

The only exceptions are:

  • Service providers: Firebase (authentication, infrastructure), Stripe (payments), Google Gemini AI (content analysis), IP geolocation APIs (bait link analysis). These providers process data per their own privacy policies and do not retain your investigation content.
  • Legal requirements: We may disclose information if required by law, court order, or government request. We will notify you unless legally prohibited.

5. Data Retention & Automatic Purging

  • Uploaded files (photos, IDs, messages): NOT stored. Processed in-memory, then discarded.
  • Analysis results: Retained for 30 days, then automatically deleted.
  • Account data (email): Retained until you request deletion.
  • Bait link click data: Retained for 30 days, then purged.
  • Support tickets: Retained for 90 days after resolution, then purged.

6. Data Security

We implement industry-standard security measures including:

  • AES-256 encryption at rest via Google Firebase
  • TLS 1.3 encryption in transit (HTTPS everywhere)
  • Firebase Authentication with OAuth 2.0
  • User-scoped data isolation — your data is only accessible to your account
  • No plaintext storage of sensitive data

While we implement robust safeguards, no system is 100% secure. We encourage you to use strong, unique passwords and enable two-factor authentication on your identity provider (Google, Apple, etc.).

7. Your Rights

7.1 All Users

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your account and all data
  • Portability: Receive your data in a machine-readable format

7.2 California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To exercise your rights, email john@t3kniq.com. We will respond within 45 days.

7.3 EEA/UK Residents (GDPR)

If you are in the European Economic Area or UK, you have rights under GDPR including access, rectification, erasure, restriction, portability, and objection. Our legal basis for processing is legitimate interest (providing the Service you requested) and consent. Contact john@t3kniq.com to exercise these rights.

8. Cookies

We use only essential cookies for authentication and session management. We do not use tracking cookies, advertising cookies, or cross-site tracking. Google Analytics uses anonymized, cookie-less measurement where supported.

9. Children's Privacy

Catfish Bait is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we discover that a child under 18 has provided us with personal information, we will delete it immediately. If you believe a child has submitted information to us, please contact john@t3kniq.com.

10. Facebook Data Deletion

If you previously signed up using Facebook Login (when it was supported), you may request deletion of all data associated with your Facebook account by visiting catfishbait.app/api/data-deletion or emailing john@t3kniq.com. We will delete all your data within 30 days.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service. The "Last updated" date at the top reflects the most recent revision.

12. Contact

For privacy questions, data requests, or concerns:
T3kniQ LLC
Email: john@t3kniq.com
Website: catfishbait.app