cyberTell exists primarily because of privacy violations related to (third-party) online service providers. User data is stolen, lost, sold, redistributed and misused by criminals - to the detriment of users and beyond their control. cyberTell was set up as a free service to give us an overview of how our personal data is distributed. While we may not be able to control it once it has been breached, we can at least understand what has been leaked, where it has been leaked from, and what precautions we can now take as a result.

This page explains how privacy is managed within cyberTell and what information is collected when you use the service.

Data leaks stored and indexed on cyberTell

When a data breach is uploaded to cyberTell, the hash of the phone numbers is stored in the online system. No other data of any kind (names, etc.) is stored. cyberTell also stores a list of the classes of data that were affected by each breach. For example, it states that email addresses and passwords appeared in a data leak, but it does not store information about which email addresses had corresponding passwords or what those passwords are.

cyberTell is committed to the security of your data. We will never misuse data found in connection with a data breach. We have carefully studied important regulatory measures around the world that cover privacy frameworks such as the General Data Protection Regulation (GDPR) & The California Consumer Privacy Act (CCPA).

cyberTell collects two types of personal data: (i) data that individuals have provided directly to cyberTell - this includes portal accounts, email addresses, and website analytics data generated from the use of our websites - and (ii) data about breached assets that we discover on the dark web that is publicly and persistently available and accessible.

cyberTell’s use of this data is consistent with the legal bases set forth in the GDPR, such as: (i) your consent; (ii) necessity for the performance of a contract; (iii) our legitimate interests and also your legitimate interests and the legitimate interests of third parties using our services; and (iv) this processing is in the public interest to promote security and for law enforcement obligations.

As explained in the CCPA, we use this data for a variety of reasons, such as: (i) compliance with our legal obligations, (ii) use of this data to improve security for individuals by serving as a potential deterrent to fraudulent activity, and (iii) your legitimate interests and the legitimate interests of third parties who use our Services; and (iv) necessary for the completion of a transaction within the meaning of the CCPA.

Under both the GDPR and the CCPA, individuals are granted privacy-related rights. The following rights are afforded to all individuals, regardless of whether they live in a jurisdiction to which the GDPR and/or CCPA applies.

Right of Access - See the sources from which we collected your personal information, what personal information we have or disclosed about you, if any, for a minimum period of 12 months, and the business or commercial purpose for collecting that personal information.

Right to rectify - Amend/correct any information we have about you.

Right to Erasure - Request that we erase any personal information we have about you.

Right to object - Express your concerns about our use of your personal information.

Right to data portability - Arrange for us to share your personal information directly with another organization under

directly to another organization in certain circumstances.

Right to complain - File a complaint with a competent data protection authority.

Right to opt out of future contacts - The ability to opt out of communications.

cyberTell hosts all production data within a secure industry leading hosting services provider, DigitalOcean. This provider is compliant with multiple frameworks and cyberTell utilizes DigitalOcean in Germany.

When searching for a phone number

When searching for a phone number, data is only ever retrieved from memory and then returned in the response; the data being searched for is never explicitly stored anywhere. See the Logging section below for situations where it may be stored implicitly.

Data violations flagged as sensitive are not returned in public searches.

How the opt-out feature works

cyberTell provides an opt-out feature that removes the email address from public visibility. This is done by marking the record as unsubscribed and not permanently deleting it to ensure that the email address does not become publicly discoverable again if it appears in subsequent data breaches.

Opt-out requests can be easily submitted via email with the subject “Opt-Out” and are usually reflected in the system within 72 hours. The email address to use is:


Only the absolute minimum logs necessary to keep the service operational and to combat malicious activity are stored. These include transient web server logs, Google Analytics for evaluating usage patterns, and Application Insights for performance metrics. These logs may include information entered by the user into a form, browser headers such as the user agent string, and in some cases the user's IP address.