Privacy Policy

This Privacy Policy ("Policy") governs the collection, retention, processing, licensing, sale, transfer, and all other uses of personal information and non-personal data by Whalepages Inc., a Delaware corporation ("Whalepages," "we," "our," or "us"), including through our website located at whalepages.com (the "Site"), our proprietary CRM platform, our EstateGraph™ API, and all affiliated data products, services, data pipelines, bulk portfolio offerings, and enrichment feeds (collectively, the "Services"). This Policy applies to all users, visitors, subscribers, licensees, data subjects, data providers, and any third parties who interact with Whalepages in any capacity.

By accessing or using the Site or Services, submitting any information to us, or entering into any commercial relationship with Whalepages, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree, you must immediately discontinue all use of the Site and Services and submit a written notice of objection to our Legal Department via the contact information set forth below. Your continued use constitutes binding acceptance.

1. Who We Are and What We Do

Whalepages is a data intelligence company. Our core business is the aggregation, structuring, enrichment, licensing, and sale of data pertaining to high-net-worth and ultra-high-net-worth individuals, family offices, private corporations, and their associated networks. We operate as a commercial data broker under applicable law and are registered as such in each jurisdiction that maintains a data broker registry.

Whalepages compiles information from a wide variety of sources, including but not limited to: public records, court filings, property registries, corporate registration databases, maritime and aviation registries, offshore disclosure datasets, licensing agreements with third-party data providers, web crawling and indexing operations, inference and modeling engines applied to publicly available information, enrichment partnerships, and information voluntarily submitted to us by users and clients. We combine, deduplicate, score, and resell this data as part of our proprietary intelligence products.

Nothing in this Policy shall be construed to limit our right to collect, process, retain, or transfer information that is obtained from publicly available sources, third-party licensors, or any other lawfully obtained data supply, regardless of whether any specific individual has provided consent, provided that such processing is conducted in accordance with applicable law.

2. Information We Collect

We collect several categories of information, which may include, but are not limited to, the following:

3. How We Use Information

We use the information we collect for the following purposes, which together constitute the core of our commercial operations:

• To compile, maintain, and continuously enrich intelligence profiles on individuals and entities within our proprietary datasets;
• To develop, package, license, and sell data products, portfolio datasets, API feeds, and enrichment services to our institutional and enterprise clients;
• To operate and improve our CRM platform, EstateGraph™ API, and all other proprietary Services;
• To verify the identity and financial profile of prospective clients as part of our institutional access vetting process;
• To conduct anti-fraud, anti-money-laundering, and know-your-customer screening on users, clients, and data subjects;
• To provide real-time telemetry, transit vectoring, and household dynamics scoring as subscribed by clients;
• To build predictive models including succession event forecasting, liquidity event anticipation, and behavioral propensity scoring;
• To market and promote our Services to prospective clients, including through targeted outreach informed by our own data assets;
• To comply with legal obligations, enforce our Terms of Service, and protect the rights and interests of Whalepages and its clients;
• To incorporate submitted information into our publicly accessible and commercially licensed datasets, unless a valid suppression order has been executed and verified.

4. Disclosure, Sale, and Licensing of Information

Whalepages is a commercial data broker. The sale, licensing, and transfer of personal information is the primary purpose of our business. We disclose personal information to third parties in the following circumstances:

Clients and Licensees. We license personal information and derived intelligence to institutional clients, family offices, sovereign wealth funds, private equity firms, hedge funds, wealth management firms, corporate intelligence practices, and other qualified entities who have executed a Data License Agreement with Whalepages. Clients may use licensed data for any purpose permitted under their agreement, including but not limited to target identification, relationship development, competitive intelligence, investment due diligence, and proprietary modeling.

Data Partners and Enrichment Providers. We share information with our network of data partners on a reciprocal or commercial basis to enhance the completeness and accuracy of our datasets. These partners include third-party data brokers, public records providers, and specialized intelligence firms operating in compliance with applicable law.

Corporate Transactions. In the event of a merger, acquisition, asset sale, restructuring, or other corporate transaction involving Whalepages, personal information held by us constitutes a core business asset and will be transferred to the successor entity as part of that transaction without further notice to affected individuals.

Legal and Regulatory Disclosure. We may disclose personal information to law enforcement, regulatory authorities, or other government bodies when required to do so by applicable law, court order, or enforceable governmental request, or when we determine in good faith that disclosure is necessary to protect the rights, property, or safety of Whalepages, its clients, or the public.

Service Providers. We engage third-party service providers to assist in the operation of our business, including cloud infrastructure providers, data processing vendors, payment processors, security auditors, and legal advisors. These providers access personal information only to the extent necessary to perform their contractual obligations to Whalepages and are bound by appropriate confidentiality provisions.

We do not sell your personal information to third parties in a manner that would trigger opt-out rights under the California Consumer Privacy Act solely on the basis of information you directly submit to us as a client or user. However, data about you that we obtain from public records, third-party sources, or inference may be included in bulk portfolio datasets sold to our clients without restriction. This distinction is material and governs the scope of any rights you may exercise under Section 8 of this Policy.

5. Retention of Information

Whalepages retains personal information for as long as necessary to fulfill the purposes described in this Policy, to comply with applicable legal obligations, to resolve disputes, and to enforce our agreements. In practice, this means that the majority of personal information we hold is retained indefinitely, as our data products derive value from longitudinal depth and historical completeness.

Information submitted directly to us through our website, vetting forms, or client intake processes is retained indefinitely and may be incorporated into our commercial datasets. We do not operate a routine deletion schedule for data sourced from public records, third-party providers, or inference engines. Information that forms part of a licensed dataset or bulk portfolio product continues to be retained and distributed for the duration of any active license and for a reasonable period thereafter.

Requests for deletion of data obtained from public records or third-party sources are evaluated under our Data Removal and Suppression process described in Section 8. Successful suppression orders result in the removal of an individual's profile from our publicly accessible products; however, anonymized or aggregated derivatives of that data may be retained for modeling and analytical purposes.

6. International Data Transfers

Whalepages operates globally and transfers personal information across international borders in the ordinary course of its business. Data may be stored and processed in the United States, the European Economic Area, the United Kingdom, Singapore, the United Arab Emirates, Switzerland, and any other jurisdiction in which Whalepages or its service providers maintain operations. By using the Services, you consent to the transfer of your information to jurisdictions that may not provide the same level of data protection as your home jurisdiction.

To the extent that transfers of personal information from the European Economic Area or the United Kingdom to third countries are subject to the requirements of the General Data Protection Regulation or the UK GDPR, we rely on Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms as applicable. A copy of our transfer impact assessment is available upon written request to our Data Protection Officer.

7. Security

Whalepages implements administrative, technical, and physical security measures designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures include encryption of data in transit and at rest, access controls and authentication requirements, network segmentation, regular penetration testing, and vendor security assessments.

Notwithstanding the foregoing, no security system is impenetrable and Whalepages cannot guarantee that unauthorized parties will never be able to circumvent our security measures. In the event of a data breach that triggers mandatory notification obligations under applicable law, we will notify affected individuals and relevant regulatory authorities in the manner and within the timeframes required by law. You acknowledge that the transmission of information over the internet is inherently insecure and that Whalepages cannot guarantee the security of data transmitted to or from the Services.

8. Your Rights and Choices

Depending on your jurisdiction of residence, you may have certain rights with respect to personal information that Whalepages holds about you. These rights may include the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to certain processing activities. The scope and enforceability of these rights vary by jurisdiction and are subject to applicable exceptions.

Data Removal and Suppression Requests. If you believe that Whalepages holds personal information about you in one of our commercially available data products, you may submit a removal request through our Privacy Journey program accessible at whalepages.com/removal. We will verify your identity, confirm the existence of a profile, and, upon successful verification, initiate the suppression process. Please be advised that suppression from our retail-facing products does not constitute deletion from our master dataset or from datasets already licensed to third-party clients. Suppression fees may apply.

California Residents. California residents may have rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA"), including the right to know what personal information we collect, use, and disclose; the right to delete personal information subject to applicable exceptions; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of personal information; and the right not to receive discriminatory treatment for exercising these rights. To submit a CCPA/CPRA request, please contact us at privacy@whalepages.com or submit a request through our Data Removal portal. We will respond within the timeframes required by law.

EEA and UK Residents. If you are located in the European Economic Area or the United Kingdom, you have rights under the General Data Protection Regulation or UK GDPR, including the right of access, rectification, erasure, restriction of processing, data portability, and the right to object to processing based on legitimate interests. You also have the right to lodge a complaint with your local supervisory authority. Our legal basis for processing data obtained from public records and third-party sources is our legitimate interest as a commercial data intelligence provider. Our legal basis for processing data you submit directly is contract performance and, where applicable, your consent.

Marketing Communications. If you have opted into marketing communications from Whalepages, you may opt out at any time by following the unsubscribe instructions in any marketing email or by contacting us at privacy@whalepages.com. Please note that transactional and service-related communications are not subject to opt-out.

9. Cookies and Tracking Technologies

Whalepages uses cookies, pixel tags, web beacons, local storage objects, and other tracking technologies on the Site and within the Services. These technologies allow us to recognize returning visitors, personalize content, analyze usage patterns, measure the performance of our marketing campaigns, and build behavioral profiles that may be incorporated into our data products or shared with our analytics partners.

We use both session cookies, which expire when you close your browser, and persistent cookies, which remain on your device for a defined period or until deleted. We also permit third-party analytics and advertising partners to set cookies and other tracking technologies on the Site, subject to those partners' own privacy policies.

You may configure your browser to refuse cookies or to alert you when cookies are being sent. However, disabling cookies may impair the functionality of certain features of the Site and Services. We do not currently respond to "Do Not Track" signals from browsers, as no uniform standard for such signals has been established.

10. Children's Privacy

The Site and Services are intended solely for use by adults and institutional entities. We do not knowingly collect personal information directly from individuals under the age of 18. However, as a data broker operating across public records and third-party datasets, information pertaining to minors who appear as beneficiaries, dependents, or household members in records relating to adult data subjects may be present in our datasets. Such information is handled in accordance with applicable law and is not made available in stand-alone form.

If you believe that we have inadvertently collected personal information directly from a minor, please contact us at privacy@whalepages.com and we will take appropriate steps to remove such information from our direct-submission systems.

11. Changes to This Policy

Whalepages reserves the right to amend this Policy at any time. When we make material changes to this Policy, we will update the "Last Updated" date at the top of this page and, where required by applicable law, provide you with notice via email or through the Services. Your continued use of the Site or Services following the effective date of any amendment constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically.

12. Contact Information

If you have questions, concerns, or requests relating to this Policy or our data practices, please contact us at:

For data removal and suppression requests, please use our dedicated Data Removal portal at whalepages.com/removal. General legal inquiries should be directed to legal@whalepages.com. Response times for privacy requests are governed by applicable law and shall not exceed the statutory deadlines in your jurisdiction.