Legal
Privacy Policy
Last updated: June 28, 2026
This policy is currently under review by counsel. Final language may change.
1. Introduction
DataPure (“DataPure,” “we,” “us,” or “our”) provides data quality and address-processing services to businesses and individuals. We offer address standardization, ZIP+4 append, National Change of Address (NCOA) processing, deduplication, and related list-hygiene services through our website at www.data-pure.comand our self-service customer portal (collectively, the “Service”).
This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the rights you have over your personal data. It applies to the data-pure.com website, the self-service portal, and any related communications with us. By accessing or using the Service, you acknowledge that you have read and agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.
2. Information we collect
We collect information in several categories, depending on how you interact with the Service.
Account information
When you create an account, we collect your name, email address, company name (where provided), and a hashed copy of your password. We never store your password in plain text; we use the bcrypt one-way hashing algorithm so that even our own staff cannot read it.
Files you upload
The core function of the Service is to process files you upload for address cleansing and related list-hygiene tasks. These files typically contain mailing-address records and may include additional columns you choose to include (such as customer names, internal identifiers, transaction history, or other fields you decide to submit). You are responsible for ensuring that you have the legal right to upload and process any personal information about third parties that is contained in those files.
Payment information
All payment processing is handled by Stripe, our PCI-compliant payment processor. When you purchase a job or subscribe to a plan, your card details are submitted directly to Stripe and are never seen, transmitted, or stored by DataPure. We retain only the metadata Stripe returns to us (such as the last four digits of the card, the brand, transaction identifiers, and the billing amount) so that we can show you your purchase history and issue receipts.
Technical information
When you visit the Service, our servers automatically log certain technical information such as your IP address, browser type and version, operating system, referring URL, the pages you visited, and the time of your visit. Where you have consented to analytics cookies, we also collect aggregate information about how visitors use the site so we can improve it.
Cookies
We use a small number of cookies for essential functionality, preferences, and (with your consent) analytics. For a full description of the cookies we set and how to control them, please see our Cookie Policy.
3. How we use your information
We use the information we collect to operate, maintain, and improve the Service. Specifically, we use your information to deliver the data-processing services you request (such as address standardization, ZIP+4 append, NCOA, and deduplication); to create and manage your account and authenticate you when you log in; to process payments through Stripe and issue receipts and invoices; to respond to your inquiries and support requests; to send you transactional emails such as job-status updates, delivery notifications, and billing receipts; to monitor and improve the performance, reliability, and security of the Service; and to comply with our legal, regulatory, and tax obligations.
We do not use the contents of files you upload for any purpose other than performing the data-processing job you requested.
4. Vendors
To deliver the Service we rely on a small number of trusted third-party vendors, each of which performs a specific function on our behalf and is bound by appropriate confidentiality and data-protection obligations.
USPS-licensed address processing. In some cases, we use a USPS-licensed CASS and NCOALink provider to perform address standardization, ZIP+4 append, delivery-point validation, and change-of-address processing. Records you submit for these services via the self-service portal are transmitted to this vendor for the duration of processing.
Payment processing.We use Stripe to process all card payments and subscriptions. Stripe’s privacy practices are governed by its own privacy notice.
Hosting. We use a commercial cloud hosting provider to host the Service and to store uploaded files securely during processing.
Transactional email. We use an established email-service provider to send transactional messages such as receipts, job-status notifications, and account-related alerts.
Our list of subprocessors may change from time to time as we add, replace, or remove vendors. We will update this page whenever the list changes.
5. How long we keep your data
We retain different categories of data for different periods, in each case for no longer than is reasonably necessary for the purpose for which it was collected.
Files you upload, along with the cleansed output files we produce, are retained only for as long as needed to complete the job and to give you a reasonable post-delivery window in which to download the results. After that window has elapsed, the files are purged from active storage. Account records, including your profile and login credentials, are kept for as long as your account remains active. Job metadata (such as the date of a job, the number of records processed, and the services applied) is retained for as long as you keep your account, so that you can review your processing history. Payment and billing records are retained for the period required by applicable tax, accounting, and anti-money-laundering law, which in most jurisdictions is several years after the transaction.
When you delete your account or when a retention period expires, we securely delete or anonymize the relevant data, except where we are required to retain it by law or where we need to keep it to resolve disputes or enforce our agreements.
6. How we share information
We do not sell, rent, or trade your personal information or the contents of your uploaded files to anyone. We share information only in the limited circumstances described below: with the subprocessors listed in Section 4, each of whom is contractually bound to process the data only on our instructions and only for the purposes for which we engaged them; where we are legally required to do so, for example in response to a subpoena, court order, lawful request from a government authority, or to comply with applicable law; where it is necessary to protect the rights, property, or safety of DataPure, our customers, or others, or to investigate and prevent fraud or security incidents; and with your explicit consent, where you have asked or instructed us to share specific information with a third party.
7. Your rights (GDPR and UK GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation and the UK GDPR with respect to the personal data we hold about you. These include:
- The right to access the personal data we hold about you and to receive a copy of it.
- The right to correct inaccurate or incomplete personal data.
- The right to request deletion of your personal data (the “right to be forgotten”), subject to legal retention obligations.
- The right to restrict the processing of your personal data in certain circumstances.
- The right to data portability — to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
- The right to object to processing based on our legitimate interests or for direct marketing.
- The right to withdraw your consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before the withdrawal.
- The right to lodge a complaint with your local supervisory authority if you believe we have not handled your personal data in accordance with applicable law.
To exercise any of these rights, please email us at info@data-pure.com. We will respond to verified requests within 30 days, and we may need to ask you for additional information to confirm your identity before acting on your request.
8. Your rights (California — CCPA and CPRA)
If you are a California resident, the California Consumer Privacy Act and the California Privacy Rights Act give you certain rights regarding your personal information. You have the right to know what categories of personal information we have collected about you, the sources of that information, the purposes for which it is used, and the categories of third parties with whom it is shared. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions. You have the right to correct inaccurate personal information we hold about you. You have the right to opt out of the “sale” or “sharing” of your personal information — and we want to be clear that DataPure does not sell or share personal information as those terms are defined under California law. Finally, you have the right not to be discriminated against for exercising any of these rights.
To submit a verifiable consumer request, please email info@data-pure.com. We may need to verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf, in which case we will require written proof of the authorization.
DataPure is not a data broker and does not create, aggregate, or store personal information.
9. Legal basis for processing (GDPR)
For users located in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR and UK GDPR to process personal data:
Performance of a contract. We process the personal data necessary to deliver the Service you have signed up for and to fulfill our obligations under our terms of service.
Legitimate interests. We process certain data — such as technical logs, security telemetry, and aggregate usage data — to operate, secure, and improve the Service, where doing so is in our legitimate business interests and is not overridden by your fundamental rights and freedoms.
Consent. Where we rely on your consent — for example for non-essential analytics cookies or marketing communications — you may withdraw that consent at any time, without affecting any processing already carried out.
Legal obligation. We process certain information to comply with our legal, tax, accounting, anti-money-laundering, and other regulatory obligations.
10. International data transfers
DataPure operates from the United States, and the infrastructure on which we host and process data is located in the United States. If you are accessing the Service from outside the United States — including from the European Economic Area, the United Kingdom, or Switzerland — please be aware that your information will be transferred to, stored in, and processed in the United States.
Where we transfer personal data from the EEA, the UK, or Switzerland to the United States, we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), together with any supplementary measures required to ensure an essentially equivalent level of protection. You can request a copy of the relevant transfer mechanism by contacting us at the address below.
11. Security
We take the security of your data seriously and apply a range of technical and organizational measures designed to protect it. These include TLS encryption for data in transit, encryption at rest for uploaded files and database backups, bcrypt password hashing, the principle of least privilege for internal access to systems and customer data, multi-factor authentication for staff with access to production systems, regular software updates and dependency monitoring, and secure software development practices throughout our engineering process.
No method of transmission over the internet and no method of electronic storage is completely secure, and we cannot guarantee absolute security. If you become aware of any security concern relating to the Service, please notify us immediately at info@data-pure.com so we can investigate.
12. Children
The Service is intended for use by businesses and adult professionals and is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe that we may have collected personal information from a child under 16, please contact us at info@data-pure.com and we will take prompt steps to delete it.
13. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, applicable law, or the subprocessors we rely on. When we do, we will post the updated version on this page and update the “Last updated” date at the top. If the changes are material — for example, if we begin processing data for a substantially new purpose or engage a significant new subprocessor — we will provide more prominent notice, which may include sending you an email or displaying a notice in the Service.
We encourage you to review this page periodically to stay informed about how we handle your information.
14. Contact
If you have any questions about this Privacy Policy, our data-handling practices, or you wish to exercise any of the rights described above, please contact us using the details below.
Data Protection Inquiries: info@data-pure.com
Mailing address:
DataPure, LLC
5665 Atlanta Highway
Suite 102B-153
Alpharetta, GA 30004
EU representative: [TO BE PROVIDED if applicable]