Legal Documents
Legal & Compliance
Last updated: May 2026  ·  Effective date: May 1, 2026
For legal enquiries: jax@csintduck.cc

1. Acceptance of Terms

By accessing or using Csintduck ("Platform," "Service," "we," "us," or "our"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to all of these Terms, you may not access or use the Platform. These Terms constitute a legally binding agreement between you and Csintduck.

We reserve the right to update these Terms at any time. Continued use of the Platform after changes constitute acceptance of the updated Terms.

2. Eligibility

  • You must have the legal capacity to form a binding contract in your jurisdiction.
  • Access may be restricted in certain countries or jurisdictions where our service is not available.
  • By using this service, you represent and warrant that you meet these eligibility requirements.

3. Permitted Use

The Platform provides access to open-source intelligence (OSINT) data aggregation tools. You may use the Platform only for:

  • Researching your own personal data and digital footprint
  • Legitimate cybersecurity research and penetration testing of systems you own or have explicit written authorisation to test
  • Academic research conducted under appropriate institutional guidelines
  • Fraud prevention and identity verification in the course of lawful business operations
  • Journalistic investigations conducted in the public interest under applicable press freedom laws
  • Law enforcement and regulatory activities with appropriate legal authority

4. Prohibited Conduct

Violation of these prohibitions may result in immediate account termination, cooperation with law enforcement, and civil or criminal liability.

You may NOT use the Platform to:

  • Stalk, harass, intimidate, threaten, or harm any individual
  • Collect data on individuals without a lawful basis under GDPR, CCPA, or applicable law
  • Facilitate discrimination based on race, ethnicity, national origin, religion, gender, disability, or any protected characteristic
  • Commit or facilitate identity theft, fraud, or financial crime
  • Access data on minors for any purpose
  • Compile data for unsolicited marketing, spam, or mass outreach
  • Violate any applicable local, state, national, or international law or regulation
  • Circumvent or attempt to circumvent any technical limitations or access controls
  • Resell, redistribute, or sublicense Platform access without express written consent
  • Conduct automated scraping beyond your authorised API usage limits
  • Use found data to dox or publicly expose private individuals without their consent

5. Account Responsibilities

  • You are solely responsible for all activity that occurs under your account.
  • You must maintain the confidentiality of your password and API keys.
  • You must notify us immediately of any unauthorised access to your account.
  • We are not liable for any loss resulting from unauthorised use of your account.
  • You may not share your account credentials with others.

6. Credits and Payments

Access to certain features is gated by a credit system. Credits are assigned by platform administrators based on your subscription tier. Unused credits do not carry over between billing periods unless explicitly stated. All purchases are final and non-refundable except where required by applicable consumer protection law.

7. Disclaimer of Warranties

THE PLATFORM IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. We do not warrant that the Platform will be uninterrupted, error-free, or that the data returned will be accurate, complete, or current.

8. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WE SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, OR GOODWILL, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF THE PLATFORM, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Our total cumulative liability shall not exceed the greater of (a) the amount you paid us in the six months preceding the claim, or (b) one hundred USD ($100).

9. Indemnification

You agree to indemnify, defend, and hold harmless Csintduck and its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses, including reasonable legal fees, arising out of or in any way connected with (a) your access to or use of the Platform, (b) your violation of these Terms, or (c) your violation of any third-party rights.

10. Governing Law

These Terms shall be governed by and construed in accordance with applicable law. Disputes shall be resolved through binding arbitration where permitted, or in the courts of competent jurisdiction. Nothing in these Terms limits your rights under mandatory consumer protection laws in your country of residence.

11. Termination

We may suspend or terminate your account at any time, with or without cause, with or without notice. Upon termination, your right to access the Platform ceases immediately. Provisions that by their nature should survive termination shall survive, including Sections 7, 8, 9, and 10.

Summary: We collect only what we need to operate the service. We don't sell your personal data. You have rights over your data under GDPR and CCPA. Data is encrypted in transit and at rest.

1. Data Controller

Csintduck operates as the data controller for personal data collected through this Platform. For privacy enquiries or to exercise your rights, contact privacy@csintduck.cc.

2. Data We Collect

Account Data

  • Email address (required for account creation)
  • Password (stored as bcrypt hash — we never store your plaintext password)
  • Account creation timestamp
  • Subscription tier and credit balance

Usage Data

  • Search queries submitted through the Platform (encrypted in storage)
  • Module results you access
  • Credit usage per request
  • Approximate timestamps of searches

Technical Data

  • IP address (for rate limiting and abuse prevention — not linked to search history)
  • Browser type and version (from User-Agent header)
  • Session tokens (HttpOnly cookies)

We do not collect precise location data, sell data to advertisers, or run behavioural advertising.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

  • Contract performance — to operate your account and deliver the service
  • Legitimate interests — to detect fraud, abuse, and security threats
  • Legal obligation — to comply with applicable law and law enforcement orders
  • Consent — where we explicitly ask for it (e.g. marketing communications)

4. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your account and associated data ("right to be forgotten")
  • Portability — receive your data in a structured, machine-readable format
  • Restriction — request that we restrict processing of your data
  • Objection — object to processing based on legitimate interests
  • Opt-out of sale — under CCPA, you have the right to opt out of any sale of personal information (we do not sell personal information)

To exercise any of these rights, email privacy@csintduck.cc. We will respond within 30 days.

5. Data Retention

  • Account data is retained while your account is active and for up to 90 days after deletion
  • Search logs are retained for a rolling 30-day period for fraud and abuse prevention
  • Billing records are retained for 7 years to meet financial regulatory requirements
  • You can request immediate deletion of your account data at any time

6. Data Security

  • All data in transit is encrypted via TLS 1.2+
  • Passwords are hashed using bcrypt with a cost factor of 12
  • Authentication uses JWT with HttpOnly, Secure, SameSite cookies
  • Database access is restricted by network-level firewall rules
  • API keys are never stored in plaintext

7. Third-Party Services

The Platform integrates with third-party OSINT APIs to return search results. When you conduct a search, your query may be forwarded to these services. We have data processing agreements in place with our providers. We do not share your email address or account information with these services.

8. International Data Transfers

Your data may be processed in countries outside your jurisdiction. Where we transfer data from the EEA to third countries, we use appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Cookies

We use strictly necessary cookies only:

  • Session cookie — HttpOnly, Secure, used for authentication only. No tracking.
  • We do not use advertising cookies, analytics tracking pixels, or third-party trackers.

10. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected about you
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (We do not sell personal information)
  • Right to non-discrimination for exercising your rights

To exercise CCPA rights, contact privacy@csintduck.cc.

This policy defines what constitutes prohibited and permitted use. Violations may result in immediate account termination and referral to law enforcement.

Permitted Use Cases

This Platform is an OSINT data aggregation tool designed for legitimate research and security purposes. Acceptable use includes:

  • Self-research: Searching your own name, email, phone number, or accounts to understand your digital exposure
  • Security research: Authorised penetration testing, red team engagements, and vulnerability research
  • Fraud investigation: Business due diligence, anti-fraud investigation, identity verification in lawful commercial contexts
  • Academic research: Peer-reviewed research conducted under institutional ethics review board approval
  • Journalism: Investigations carried out in the public interest under applicable press freedom protections
  • Law enforcement: Official investigations with appropriate legal authority and documentation

Strictly Prohibited Activities

  • Using the Platform to locate, track, or monitor an individual without their knowledge or consent
  • Gathering data to facilitate violence, threats, or any criminal activity against a person
  • Aggregating profiles to discriminate against individuals in housing, employment, or services
  • Accessing data on minors under any circumstances
  • Scraping the Platform beyond your authorised API rate limits
  • Attempting to reverse-engineer, decompile, or extract the Platform's source code
  • Sharing, re-selling, or publishing data obtained from the Platform without authorisation
  • Creating fake or misleading accounts
  • Using automated bots to bypass usage limits

Enforcement

We actively monitor for abuse patterns. Violations may result in:

  • Immediate and permanent account suspension without refund
  • Preservation and disclosure of usage logs to law enforcement
  • Civil litigation for damages resulting from misuse
  • Referral to relevant regulatory authorities (e.g. ICO, FTC, FBI)

Reporting Abuse

If you believe someone is misusing the Platform or you have encountered data obtained through misuse, contact us immediately at abuse@csintduck.cc. We take all reports seriously and respond within 24 hours.

DMCA Copyright Policy

Csintduck respects the intellectual property rights of others and expects users to do the same. We comply with the Digital Millennium Copyright Act (DMCA), 17 U.S.C. § 512.

Reporting Copyright Infringement

If you believe that content on our Platform infringes your copyright, please send a written notice containing the following to our Designated Copyright Agent:

  1. A physical or electronic signature of the copyright owner or a person authorised to act on their behalf
  2. Identification of the copyrighted work(s) claimed to have been infringed
  3. Identification of the material claimed to be infringing, with sufficient detail to allow us to locate it
  4. Your contact information: name, address, telephone number, and email address
  5. A statement that you have a good-faith belief that use of the material is not authorised by the copyright owner, its agent, or the law
  6. A statement, made under penalty of perjury, that the information in the notice is accurate and that you are the copyright owner or authorised to act on behalf of the owner

Send notices to: dmca@csintduck.cc

Counter-Notification

If you believe your content was removed in error, you may submit a counter-notification containing:

  1. Your physical or electronic signature
  2. Identification of the material removed and the location where it appeared before removal
  3. A statement under penalty of perjury that you have a good-faith belief the material was removed in error
  4. Your contact information and consent to jurisdiction of the applicable federal court

Repeat Infringer Policy

In accordance with the DMCA, we will terminate the accounts of users who are found to be repeat infringers of intellectual property rights. We reserve the right to determine, at our sole discretion, what constitutes repeat infringement.

Data Removal Requests

If you believe personal data about you appears through our service and you wish it removed, you have the right to request erasure under GDPR (Article 17) or applicable data protection law. Submit requests to privacy@csintduck.cc with proof of identity. We will assess and respond within 30 days.

Note: We surface data from public breach databases and third-party sources. We will remove data we directly store, and will contact upstream sources where possible, but cannot guarantee removal from all original databases.