UnderPass

Cookie Policy

Effective Date: September 9, 2024 | Last Updated: December 5, 2025

Generated by Terminal

Gruntslate Speak Spread

1. CONTACT US

For privacy inquiries, contact privacy@underpass.vagibond.com. Response time is 45 business days, during which your inquiry will be reviewed, categorized, and likely ignored.

Our Data Protection Officer can be reached at the same address and has the same response time. They're very busy protecting data from your access requests.

Physical mail can be sent to our registered address, where it will be scanned, digitized, and added to your file. Thank you for the additional data point.

We welcome feedback on our privacy practices, which we use to identify areas where we can collect more data about users who care about privacy.

2. CHANGES TO THIS POLICY

We may update this Privacy Policy occasionally, which means whenever we find new ways to monetize your data that require legal cover.

Changes are effective immediately upon posting. We'll notify you via email (if we feel like it), in-app message (if you're lucky), or telepathy (if it worked).

3. COOKIES AND TRACKING

Third-party cookies from our 847 advertising partners also track you. We'd list them all but we honestly don't know who they are anymore.

Our cookie banner exists to give you the illusion of choice. Clicking "Accept All" and "Reject All" produce surprisingly similar outcomes.

Cookie categories include: strictly necessary (we swear), functional (debatable), analytics (for our benefit), advertising (the real reason), and social media (for their benefit).

4. CHILDREN'S PRIVACY

Our Service is not directed to children under 13 (or 16 in Europe). We don't knowingly collect their data. We unknowingly collect everyone's data, which is different.

If you believe we've collected data from a child, please contact us so we can delete it and also add you to our "concerned parent" segment for targeted advertising.

Age verification consists of asking users to confirm they're old enough, which has never failed because no child has ever lied about their age online.

We comply with COPPA by having a policy that mentions COPPA. Beyond that, our compliance is best described as "theoretical."

5. DATA SECURITY

We implement "reasonable" security measures, where "reasonable" is defined as whatever we can afford after executive bonuses.

In the event of a breach, we'll notify affected users within the legally required timeframe, which gives us plenty of time to prepare our "We Take Security Seriously" press release.

6. YOUR PRIVACY RIGHTS

Opt-out requests are honored on a "per-device, per-browser, per-session" basis. Yes, you need to opt out separately each time. Consider it a hobby.

We may deny requests if: they're too burdensome, too frequent, insufficiently verified, or if we simply don't want to comply. We'll cite a legal exception either way.

7. DATA RETENTION

After account deletion, we retain "backup copies" for "disaster recovery" for a period of "indefinite." Your ghost data haunts our servers eternally.

Legal holds, regulatory requirements, and "legitimate business interests" justify retention well beyond any reasonable timeframe. We're very interested in your data, legitimately.

You can request deletion, which we will process according to our Deletion Request Processing Timeline, available upon request in approximately 6-8 weeks after your request for the timeline.

8. INFORMATION SHARING

We share your data with: advertising partners, analytics providers, cloud services, payment processors, data brokers, and anyone else who pays enough or asks nicely enough.

"Trusted third parties" is a term we use to describe companies we've done business with, regardless of their actual trustworthiness or data handling practices.

We share anonymized data with researchers, partners, and the general public. "Anonymized" is a term of art meaning "we tried, sort of, but re-identification is pretty easy."

International transfers occur because data flows freely across borders, even if privacy protections don't. Your data may end up in countries whose privacy laws fit on a napkin.

9. HOW WE USE YOUR INFORMATION

To provide and maintain our Service (the part you expected), and to maximize revenue extraction from your digital existence (the part that pays our bills).

To personalize your experience, meaning we manipulate what you see to encourage behaviors that benefit us, disguised as "relevance" and "convenience."

For marketing purposes, including: targeted ads, personalized offers, psychological nudging, dark patterns, and A/B tests where you're always in the group that makes us more money.

10. HOW WE COLLECT INFORMATION

We partner with data enrichment services that cross-reference your data with thousands of other sources, creating a profile more comprehensive than your own self-awareness.

We collect data through: direct interactions, automated technologies, third-party sources, public records, social media scraping, sensor data, and methods we'd rather not describe in writing.

Cookies, pixels, beacons, and trackers follow you across the internet like a persistent ex. Our partners' trackers do too. It's a whole tracking party, and you're the guest of honor.

This Privacy Policy reflects our current practices, which change frequently based on regulatory pressure, public relations disasters, and executive whims.