Privacy Policy

1. Information We Collect

WARN Firehose ("we," "us," "our") collects only the information necessary to provide and improve our services. We collect the following categories of information:

• Account Information: When you register for an API key or create an account, we collect your email address and, optionally, your name and organization. If you subscribe to a paid plan, your billing name and address are collected by our payment processor.
• Usage Data: We automatically log API requests (endpoint, timestamp, response code, IP address, user agent) and website page views for rate limiting, abuse prevention, service quality monitoring, and analytics.
• Contact Information: When you submit a contact form or email us, we collect your name, email address, and message content.
• Payment Information: Payment processing is handled entirely by Stripe, Inc. We never store, process, transmit, or have access to your full credit card numbers, CVV, or banking details. We may receive and store the last four digits of your card, card type, and billing address from Stripe for record-keeping.
• Alert and Subscription Preferences: If you subscribe to email alerts or digests, we store your delivery preferences, search filters, and selected states/companies.
• Device and Browser Data: We may collect browser type, operating system, screen resolution, and referring URL through our analytics service. This data is aggregated and not linked to individual users.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the WARN Firehose platform, API, and related services
• To authenticate your identity and enforce rate limits and usage tiers
• To process payments and manage your subscription
• To send transactional communications: account confirmations, API key delivery, password resets, billing receipts
• To send service-critical communications: outage notifications, breaking API changes, security advisories
• To deliver email alerts and digests you have opted in to receive
• To respond to support requests, contact form submissions, and inquiries
• To detect, investigate, and prevent fraud, abuse, unauthorized access, and other illegal activities
• To analyze aggregated usage patterns to improve the Service (we do not sell or share individual usage data)
• To comply with legal obligations

We do not use your personal information for targeted advertising, profiling, automated decision-making that produces legal effects, or sale to third parties.

3. Nature of Data We Serve (Public Records Disclaimer)

WARN Firehose aggregates, indexes, and enriches publicly available government data from six federal and state sources:

• WARN Act Notices: Mass layoff and plant closing notices published by state workforce agencies under the Worker Adjustment and Retraining Notification Act
• SEC 8-K Filings: Current report filings from the Securities and Exchange Commission's EDGAR database
• LCA Petitions: Labor Condition Application data published by the U.S. Department of Labor
• H-1B Petitions: H-1B visa petition data published by U.S. Citizenship and Immigration Services
• DOL Unemployment Claims: Weekly and continued unemployment insurance claims published by the Department of Labor
• JOLTS Data: Job Openings and Labor Turnover Survey data published by the Bureau of Labor Statistics
• Bankruptcy Filings: Chapter 11 bankruptcy filings from federal courts via public court records

All source data is public record under applicable federal and state law. We are not the original source of any of this data. We aggregate it from government agencies, enrich it with algorithmic processing (industry classification, geocoding, company name normalization, risk scoring, cross-dataset matching), and present it for informational convenience.

Important: We do not collect, store, or serve non-public personal information about individuals named in these datasets. Any personal information appearing in the data (such as names of company officers in SEC filings or debtors in bankruptcy cases) was made public by the originating government agency or court, not by us. We make no independent representations about the accuracy, completeness, timeliness, or fitness of this data for any purpose. See our Terms of Service for comprehensive data disclaimers and limitations of liability.

4. Third-Party Services and Data Sharing

We do not sell, rent, trade, or otherwise share your personal information with third parties for their own marketing purposes. We share personal information only in the following limited circumstances:

• Stripe, Inc.: For payment processing, subscription management, and fraud prevention. Stripe receives your payment details directly; we never handle them. See Stripe's Privacy Policy.
• Plausible Analytics: For privacy-friendly, cookie-free website analytics. Plausible does not collect personal data, does not use cookies, and does not track users across sites. See Plausible's Data Policy.
• Email Delivery: We use email infrastructure services to deliver transactional emails, alerts, and digests. These providers process your email address solely for delivery purposes and are contractually prohibited from using it for other purposes.
• Legal Compliance: We may disclose personal information when required by law, subpoena, court order, regulatory request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud or respond to a government request.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of the transaction. We will notify you of any such change in ownership or control.

5. Data Retention and Deletion

• Account data is retained for the duration of your active account and for up to 30 days after account deletion to allow for recovery.
• API usage logs are retained for 90 days, then automatically purged.
• Payment records are retained as required by tax and financial regulations (typically 7 years).
• Email alert preferences are deleted immediately upon unsubscription or account deletion.
• Contact form submissions are retained for up to 1 year, then deleted.

You may request deletion of your account and all associated personal data at any time by contacting us. Deletion requests are processed within 30 days, except where retention is required by law. Upon deletion, your API keys are immediately revoked and your personal data is permanently removed from our active systems. Residual copies in backups are overwritten within 90 days.

6. Cookies and Local Storage

WARN Firehose does not use tracking cookies, advertising cookies, or third-party cookies of any kind. We use Plausible Analytics, a privacy-friendly analytics service that operates without cookies and does not collect personal data or track users across websites.

We may use browser local storage (not cookies) to store your user interface preferences (such as saved filters, table sort order, or theme preferences). This data never leaves your browser, is never transmitted to our servers, and is not used for tracking.

If you are logged in, we may use a session token stored in local storage to maintain your authenticated session. This token is a random identifier and does not contain personal information.

7. Security

We implement industry-standard security measures to protect your personal information, including:

• HTTPS/TLS encryption for all data in transit
• API keys stored as salted SHA-256 hashes (we cannot recover your original key)
• Parameterized SQL queries to prevent injection attacks
• Input validation and output escaping on all user-facing endpoints
• Role-based access controls for administrative functions
• Regular security reviews of application code

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security and shall not be liable for unauthorized access, disclosure, or loss of data resulting from circumstances beyond our reasonable control, including but not limited to hacking, cyber attacks, or failures of third-party services.

8. Your Rights

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete personal data
• Deletion: Request deletion of your account and personal data
• Portability: Request your personal data in a structured, machine-readable format
• Opt-out: Unsubscribe from non-essential communications at any time via the unsubscribe link in any email or by contacting us
• Restriction: Request that we restrict processing of your personal data under certain circumstances
• Objection: Object to processing of your personal data for certain purposes

To exercise any of these rights, contact us at the address below. We will respond to verifiable requests within 30 days. We will not discriminate against you for exercising your privacy rights.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not deny you goods or services, charge you different prices, or provide a different level or quality of service for exercising your CCPA rights.

To submit a CCPA request, email us at sendkamal@gmail.com with the subject line "CCPA Request." We will verify your identity before processing any request.

10. International Users and GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following applies:

• Legal Basis: We process your personal data on the basis of: (a) your consent (for optional communications); (b) performance of a contract (to provide the Service you requested); (c) legitimate interests (for security, fraud prevention, and service improvement); and (d) legal compliance.
• Data Transfers: Your data is processed and stored in the United States. By using our Service, you consent to the transfer of your data to the United States. We rely on Standard Contractual Clauses or your explicit consent as the legal mechanism for such transfers.
• Additional Rights: In addition to the rights listed in Section 8, you have the right to lodge a complaint with your local data protection authority.
• Data Protection Officer: For GDPR-related inquiries, contact us at sendkamal@gmail.com.

We do not have an establishment in the EEA and are not subject to GDPR by establishment. However, to the extent GDPR applies to our processing of your data, we endeavor to comply with its principles.

11. Children's Privacy (COPPA)

Our Service is not directed to, designed for, or intended for use by children under the age of 13 (or under 16 in the EEA). We do not knowingly collect, solicit, or store personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal information, please contact us immediately at sendkamal@gmail.com and we will take steps to delete the information.

12. Third-Party Links

Our Service contains links to third-party websites, including government agencies (SEC EDGAR, DOL, BLS, state workforce agencies), federal courts, company websites, and financial data providers. We are not responsible for the privacy practices, content, or security of any third-party website. We encourage you to review the privacy policies of any third-party site you visit. Clicking on a third-party link does not imply our endorsement of that site.

13. Do Not Track

Our Service does not respond to "Do Not Track" (DNT) browser signals because we do not engage in cross-site tracking. Our analytics provider (Plausible) is privacy-friendly by design and does not track users across websites regardless of DNT settings.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will: (a) update the "Last updated" date at the top of this page; (b) notify registered users via email at least 15 days before the changes take effect; and (c) post a prominent notice on our website. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Policy. If you do not agree with any changes, you should discontinue use of the Service and request account deletion.

15. Contact

For privacy questions, data access requests, deletion requests, or complaints, contact us at:

• Email: sendkamal@gmail.com
• Contact Form: warnfirehose.com/account#contact

We aim to respond to all privacy-related inquiries within 30 days.