Policy center · Public docs
BreachedPolicies
Policy center
State privacy

State Privacy Rights Notice

A multi-state privacy notice covering current US state privacy rights, universal opt-out signals, request appeals, sensitive-data handling, and state-threshold tracking for Breached intake data.

Updated
May 7, 2026
Footer
Required
Intake
Required

When this notice applies

This notice applies when a state privacy law applies to Breached based on your residence, Breached's role as a controller, business, processor, service provider, or contractor, statutory thresholds, exemptions, and the type of data or processing involved.

Rights you may have

  • Confirm whether Breached processes personal information about you.
  • Access a copy or summary of personal information, subject to legal exceptions and trade-secret limits.
  • Correct inaccurate personal information where the applicable state law grants correction rights.
  • Delete personal information when legally required, subject to exceptions for consent records, security, fraud prevention, legal obligations, dispute resolution, and attorney workflows.
  • Receive a portable copy where required and technically feasible.
  • Opt out of sale, sharing, targeted advertising, and certain profiling where those rights apply.

How to make a request

Use /privacy/request and provide the email address tied to your intake, newsletter, correction, or other message. Breached may verify control of that email address and may ask for additional information only when needed to authenticate the request or understand its scope.

Appeals

If Breached denies a request and applicable law gives you appeal rights, the denial will explain why, describe how to appeal, and identify any regulator complaint path required by that state.

Opt-out preference signals

Breached treats recognized opt-out preference signals, including Sec-GPC: 1 where legally required, as an opt-out of sale or sharing for cross-context behavioral advertising. Breached does not use intake data for sale, cross-context behavioral advertising, or targeted advertising.

Sensitive data

Sensitive data may include health information, biometric data, precise geolocation, racial or ethnic origin, religious beliefs, citizenship or immigration status, sexual orientation, genetic data, data about known children, and similar categories depending on state law. Please do not put sensitive data in a public intake form unless a secure attorney-controlled process specifically asks for it.

State coverage

State privacy rights vary by residence, legal thresholds, exemptions, and the type of processing involved. Breached applies the rights workflow that matches the state law that applies to your request.

No victim-list resale

Breached does not buy, import, or resell victim lists. Breached also does not sell intake submissions.