Loading

Remove Content Policy

Remove Content Policy | NiamonX LTD.

The original document is in English only. The last date of document revisions and edits was November 15, 2025.

🗑️ CONTENT REMOVAL POLICY

NiamonX — Remove Content Policy

Policy on Removal and Blocking of Data

Version: 1.0

Last updated: 15 November 2025

Legal entity: NiamonX LTD (No. 16710504)

Registered address: 71–75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

Primary contact for takedown requests:

[email protected]

1. Purpose and Scope

This Remove Content Policy (the "Policy") sets out:

  • the procedure for submitting requests to remove or block data;
  • which categories of data can be excluded from search and further indexing;
  • the timelines and mechanism for removal;
  • the limitations and cases where removal is not possible;
  • the responsibilities of the parties.

This Policy applies to all tools and components of the NiamonX platform, including (but not limited to):

  • breach and credential search;
  • dark web monitoring;
  • OSINT search;
  • credential and identity analysis;
  • indexing and temporary caching.

Important: NiamonX may, at its sole discretion, request identity verification and additional documentation. All requests are subject to review by the NiamonX legal and security teams, and processing timelines may vary depending on the specific circumstances and team workload.

2. Supported Data Types Eligible for Removal / Blocking

NiamonX allows data subjects and authorised representatives to request the exclusion of the following categories of data from our search and indexing systems (to the extent technically and legally feasible):

Data type Description
auto Automatically recognised type (email / phone / hash, etc.)
email Personal and corporate email addresses
username Unique user names / handles (subject to limitations below)
phone Mobile and landline phone numbers
hash Hashes of accounts, passwords, tokens
domain Domains and email domains of organisations
ip IPv4/IPv6 addresses
password / wifikey Compromised passwords, WPA keys and other sensitive keys
essid / bssid Wi‑Fi network names (SSID/ESSID) and MAC addresses of access points
Other categories Considered on a case‑by‑case basis by the NiamonX legal/security teams

Once removed, such data:

  • will be excluded from search results;
  • will no longer be visible in analytical tools;
  • will not be re‑indexed during future updates, subject to technical limitations and the correct functioning of the takedown registry.

3. Removal Mechanism and Exclusion from Search

After a takedown request has been verified and approved by NiamonX:

  1. The relevant data is added to the internal takedown / block registry, which typically includes, at minimum:
    • id — internal unique record ID;
    • value — the value to be blocked (email, phone, IP, etc.);
    • type — data type (e.g. email, phone, ip);
    • reason — reason for blocking/removal;
    • created_at — timestamp of creation;
    • created_by — internal administrator or process ID (or NULL for automated processing).
  2. The value is excluded from all relevant indices, such as:
    • Search Core;
    • Darkweb Engine;
    • Leak Intelligence Engine;
    • and other internal search or analytics components using the shared takedown list.
  3. Within a reasonable timeframe (typically up to 72 hours after approval):
    • the value is removed from operational search indices;
    • the value is purged from relevant caching layers, subject to technical constraints;
    • the value is added to a "do not re‑index" list to prevent re‑ingestion.
  4. During subsequent crawls and ingestion runs (re‑crawl cycles), all values present in the takedown registry are recognised and ignored, meaning they will not be re‑added to the system.

Important: All timeframes in this Policy are indicative and may be extended in complex cases, where additional legal review, technical investigation or identity verification is required.

4. Important Limitations

4.1. Data Remains Available at Original Sources

NiamonX can remove or block data only within its own platform. We cannot remove data from:

  • third‑party servers;
  • forums or message boards;
  • dark web sites or marketplaces;
  • previously published breach dumps;
  • other external websites or data repositories.

Our actions are limited to excluding such data from NiamonX search and indexing. We do not control the original sources.

4.2. Removal of Usernames

In general, if a breach or dataset contains only a username, and it is not linked to:

  • an email address;
  • a phone number;
  • a password or hash;
  • or other personal identifiers,

then removal may not be possible, because a username in isolation does not always constitute uniquely identifiable personal data under GDPR / UK‑GDPR / CCPA / CPRA and similar laws.

To process a removal request related to usernames, the requester may need to provide a linked identifier (for example, the email address or other data that ties that username to a specific individual) and sufficient evidence that they are the relevant data subject.

All such requests are subject to legal and factual assessment by the NiamonX legal team.

4.3. Corporate Data and Domains

Corporate domains may be blocked or excluded from certain detection features. However, the consequences must be clearly understood:

  • blocking a domain may prevent the detection of future breaches involving that domain;
  • this may reduce the security posture of the organisation and its ability to detect compromised accounts;
  • the decision to block a corporate domain lies with the domain owner or an authorised representative.

Corporate Domain Verification

For corporate takedown requests, NiamonX may, at its discretion, require verification of control or ownership, for example via:

  • MX or DNS records review;
  • placement of a specific TXT record in DNS;
  • sending an email from an address at the relevant domain;
  • other reasonable verification methods.

Additional documentation (such as corporate authorisation letters, proof of identity, proof of role) may be requested, at the discretion of the NiamonX legal and security teams.

4.4. Publicly Available Data

We cannot remove or block data which:

  • is part of an official public register (e.g. governmental or statutory registers, in jurisdictions where such publication is mandated by law);
  • has been deliberately and publicly published by the data subject themselves (e.g. public blog posts, public social media profiles);
  • constitutes purely technical non‑personal data that does not relate to an identified or identifiable individual.

In such cases, removal from our platform may be limited or unavailable where it would conflict with legal obligations or public interest considerations. Each request is reviewed individually.

5. How to Submit a Takedown / Removal Request

All takedown and removal requests MUST be sent to:

[email protected]

Requests sent to other addresses may be redirected and therefore processed with delay.

NiamonX may require you to go through a verification process to establish your identity and/or authority (in the case of corporate or third‑party requests). This may include additional documents and information, assessed by the legal and security teams on a case‑by‑case basis.

5.1. Information to Include in Your Request

To allow us to review your request efficiently, please provide at least:

  1. The exact value to be removed

    e.g. email address, phone number, IP address, domain, username, hash, or other specific identifier.

  2. Data type (if known)

    e.g. email, phone, ip, domain, username, etc.

  3. Reason for removal

    e.g. your personal data is exposed in a breach; the data is inaccurate or outdated; specific legal grounds (e.g. GDPR/CCPA rights); other substantiated reasons.

  4. Proof of ownership / association (depending on the data type)

Verification Requirements by Data Type:

Email address:

  • sending the request from the same email address to be removed is strongly preferred;
  • or replying to a verification message sent by NiamonX to that address.

Phone number:

  • receiving and returning a verification code via SMS or other supported methods;
  • any other reasonable evidence of control, at the discretion of NiamonX.

Domain:

  • adding a specific TXT record to DNS; or
  • sending an email from an address at the relevant domain; or
  • providing authoritative WHOIS or registrar documentation demonstrating control.

IP address:

  • documentation showing ownership or administrative control (e.g. allocation records, RIR/WHOIS data, or confirmation from the network operator).

Wi‑Fi keys and BSSID/ESSID:

  • in general, such data is removed and blocked upon request and preliminary plausibility check;
  • additional verification may be requested in cases of doubt.

Depending on the nature of the request, identity documents (e.g. ID or passport copy), corporate authorisation letters, power of attorney or other supporting documentation may be required. The scope and type of such documentation is determined by the NiamonX legal team in light of applicable privacy laws, security requirements, and potential abuse risks.

6. Takedown / Block Registry (Takedown‑List)

NiamonX maintains an internal takedown and block registry ("takedown‑list"). Each record typically contains:

  • id — unique internal record identifier;
  • value — the specific value to be blocked (e.g. email, phone number, IP, domain, hash);
  • type — data type (e.g. email, phone, ip, domain, hash);
  • reason — the rationale for blocking (e.g. user request, legal requirement, policy violation);
  • created_at — date and time the record was created;
  • created_by — internal administrator or system ID (or NULL when processed automatically).

All indexing and search engines within the NiamonX ecosystem are designed to consult this takedown‑list and honour the block entries, subject to technical and operational limitations.

7. Processing Timelines

The following timelines are indicative and may vary depending on the complexity of the request, the need for legal analysis, the necessity of identity verification, and the current workload of the NiamonX teams.

Action / Step Indicative timeline
Acknowledgement of request Within 48 hours
Initial exclusion from search results Within 24 hours after verification/approval
Full exclusion from all relevant tools Within 72 hours after approval
Complete removal from system indices Within 7 days, where technically feasible
Exclusion from future indexing (re‑crawl) Effective once the value is added to the takedown‑list

In complex or exceptional cases (e.g. contested ownership, regulatory investigations, large‑scale corporate requests), timelines may be extended. NiamonX will use reasonable efforts to process requests promptly, but does not guarantee fixed deadlines unless required by applicable law.

8. Security and Confidentiality

NiamonX implements a multi‑layered security architecture, including but not limited to:

  • AES‑256‑GCM encryption;
  • Transparent Data Encryption (TDE) at database level;
  • KMS/HSM-based key management and envelope encryption;
  • use of Confidential Computing environments for highly sensitive operations;
  • a zero‑log policy for OSINT search contents;
  • strictly limited and audited personnel access (least‑privilege principle);
  • secure authentication and identity management via Zitadel IAM.

Takedown requests are processed within encrypted infrastructure. Access to such requests is restricted to authorised legal, security and support personnel. Logging is limited to what is strictly necessary to handle and document the request in compliance with applicable law and internal security policies.

9. Grounds for Refusal of a Request

NiamonX reserves the right to refuse or partially refuse a takedown or removal request, including (but not limited to) the following situations:

  • the requester's identity or authority cannot be reliably verified;
  • the value in question does not constitute personal data under applicable law;
  • the data is part of a mandatory public register or required to be publicly available by law;
  • the data has already been removed and no additional action is required;
  • the request is manifestly unfounded, excessive, abusive or clearly incompatible with legal obligations;
  • honouring the request would violate other legal duties, court orders, law enforcement needs, or public interest;
  • the request conflicts with sanctions, export‑control regulations or other policy restrictions.

In such cases, NiamonX may provide a brief explanation, to the extent permitted by law and security considerations. Additional documents or clarifications may be requested before a final decision is taken.

10. Contact Details

For data removal / takedown requests:

[email protected]

For legal and regulatory requests (e.g. from authorities, regulators, or corporate legal teams):

[email protected]

NiamonX will assess each request individually, taking into account the rights of data subjects, security considerations, legal obligations and the potential impact on other users.

© NiamonX LTD. All rights reserved.

Company Number: 16710504 (England & Wales)

🗑️ Remove Content Policy — Version 1.0

For takedown requests: [email protected]

Dashboard

Helpdesk | Support


Support Email

Need assistance with our AI tools, platform, or integrations? Our support team is here to help.

[email protected]

Legal & Compliance

For legal inquiries, compliance questions, or documentation requests, contact our legal team.

[email protected]

Data Removal Requests

To request data removal, takedowns, or privacy-related actions, contact our security desk.

[email protected]