Last updated: March 18, 2026 · Effective: March 18, 2026
Exposur ("we," "our," or "us") is operated by BaaDigi LLC, a digital marketing and technology company based in Huntington Beach, California, USA. This Privacy Policy explains how we collect, use, store, and protect information when you use the Exposur platform at exposur.ai.
By using Exposur, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.
Account information: Name, email address, company name, and password when you create an account.
Payment information: Billing address and payment method details processed securely through Stripe. We do not store full card numbers.
Usage data: Domain names you scan, scan results, report configurations, and feature usage within the platform.
Technical data: IP address, browser type, operating system, referring URLs, and device identifiers collected automatically when you access Exposur.
Communications: Messages you send us via email or support channels.
Third-party scan data: Publicly available information retrieved during domain scans (DNS records, SSL certificates, security headers, breach databases). We do not access private systems or require credentials from scanned domains.
We do not sell your personal data. We share data only in these circumstances:
Service providers: Trusted third parties who help us operate Exposur, including Stripe (payments), Supabase (database), Resend (email), Vercel (hosting), and Anthropic (AI report generation). Each is bound by data processing agreements.
Legal requirements: When required by law, court order, or to protect the rights, property, or safety of Exposur, our users, or the public.
Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice to you.
We retain your account data for as long as your account is active. If you cancel, we retain your data for 30 days to allow for reactivation, then delete it from active systems within 90 days. Anonymized, aggregated analytics data may be retained indefinitely.
Scan results and generated reports are retained for 12 months from the date of creation, after which they are automatically deleted unless you export them.
We use cookies and similar technologies for:
You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality. We do not use third-party advertising cookies.
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security reviews. No method of transmission over the internet is 100% secure — we encourage you to use a strong, unique password and enable any available two-factor authentication.
If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
To exercise any of these rights, email us at privacy@baadigi.com. We will respond within 30 days.
Legal basis for processing: We process your data on the basis of contract performance (to provide the service), legitimate interests (security, fraud prevention, product improvement), consent (marketing communications), and legal obligation.
International data transfers: Exposur is operated from the United States. If you are in the EU/EEA, your data is transferred to the US under Standard Contractual Clauses (SCCs) as approved by the European Commission.
Data Protection Officer: For GDPR-related inquiries, contact us at privacy@baadigi.com.
If you are a California resident, you have the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. We do not sell personal information. To exercise your rights, contact us at privacy@baadigi.com.
Exposur is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us immediately.
We may update this policy from time to time. We will notify you of material changes via email or a prominent notice on the platform at least 30 days before the change takes effect. Your continued use after the effective date constitutes acceptance.