Do Not Sell or Share My Personal Information

Our Privacy Policy explains why we believe the Service does not engage in "sale" or "sharing" of personal information as those terms are commonly understood. We recognize that the CCPA and other state laws define those terms broadly, and we honor opt-out requests on that broader basis without requiring you to argue the legal characterization.

See Privacy Policy §7.1 for the full analysis and §17.A.4 for the California-specific opt-out.

Who can submit

  • Customers — you can ask us to stop any disclosure of your account-level data that could be characterized as a sale or share.
  • Scanned individuals — if your handle appears in someone else’s report and you don’t want it there, you can ask us to remove your data and add you to our no-fetch list.
  • Authorized agents — under CCPA/CPRA §1798.135(c), you may designate someone else to submit on your behalf with written authorization we can verify.

How to submit

Option 1 — Email (preferred)

Email privacy@whofollowsme.app with the subject line "Do Not Sell or Share — [your handle or email]" and include:

  • Whether you are a Customer or a scanned individual.
  • If a scanned individual: the handle and source platform (Instagram, X, or TikTok).
  • If you want full deletion in addition to opt-out, say so and we will treat it as a §10 removal request.
  • Your state of residence (so we can apply the right statutory framework).

Option 2 — Global Privacy Control (automatic)

We automatically honor Global Privacy Control (GPC) signals sent by your browser as a valid opt-out from any cookie-based session on our domains, in every jurisdiction whose law recognizes GPC as such.

What happens after you submit

  1. We acknowledge within 5 business days.
  2. For Customers: we apply your opt-out to your account immediately and confirm in writing within the time required by your state’s law (45 days under CCPA/CPRA, similar windows in other states).
  3. For scanned individuals: we delete cached profile data and follower rows for that handle across all Customers, delete the LLM-classification cache row, add the (platform, handle) pair to a no-fetch list, and confirm within 7 business days as our internal target.
  4. For authorized agents: we verify the authorization and then process as above.

Limitations

Reports already downloaded by a Customer (PDFs or saved share-link copies) are outside our technical control once exfiltrated. We will revoke any active share token immediately and instruct the Customer to delete local copies, but cannot recall third-party downloads.

Cross-references: Privacy Policy, §9 (rights), §10 (removal), §17.A (California).