Skip to content

Last updated 2026-04-25

Privacy Policy

Version 1.0 — Effective 2026-05-19

This Privacy Policy describes how Multistate Land Investments LLC ("Skipshit," "we," "us," or "our") collects, uses, stores, shares, and retains information in connection with the Skipshit service (the "Service"). The Service is a paid skip-tracing service distributed as a remote Model Context Protocol ("MCP") server.

This Privacy Policy applies to the Service. It does not apply to any third-party language-model client, MCP host, browser, or other application you use to connect to the Service. Those products are subject to the privacy practices of the parties that operate them.

The Service is available only to users located in the United States. We do not offer the Service to users located in the European Union, the United Kingdom, or the European Economic Area, and we block signups originating from those jurisdictions. This Privacy Policy is not intended to satisfy, and we do not represent that it satisfies, the requirements of the EU General Data Protection Regulation, the UK General Data Protection Regulation, or any other privacy law of those jurisdictions.

1. Two Categories of Information

Skipshit handles two distinct categories of information, and we treat them differently. Understanding the distinction is important.

Account Holder Information is information about the person or organization that holds a Skipshit account — that is, you. We use this information to authenticate you, bill you, communicate with you, and maintain the Service.

Searched-Person Information is information about the person you are looking up. You provide a small set of identifying inputs to the Service, the Service queries a licensed U.S. consumer-data aggregator on your behalf, and the Service returns the response to your connected language-model client. We store a record of the query and the response so that you can retrieve it from your account history. The Searched Person is not our user.

The sections below describe each category in turn.

2. Account Holder Information

2.1 What We Collect

When you sign up for and use the Service, we collect:

  • Identity and contact data received from our authentication provider when you sign up: your name and email address, and a unique identifier assigned to you by the authentication provider.
  • Billing data received from our payment processor when you add a payment method or purchase credits: your payment processor customer identifier and event records related to your purchases. We never see or store your full payment card number, expiration date, or CVC. The payment processor handles your card information directly.
  • Account state and usage data generated by the Service: your credit balance, lifetime credits granted and consumed, account state transitions (signup, attestation acceptance, first purchase, account depletion), the timestamp of your attestation acceptance, and similar operational metadata.
  • API credentials that you generate to connect a language-model client to the Service: a one-way hash of the credential, the first few characters of the credential (for display in your account so you can recognize it), an encrypted copy of the credential (so you can reveal it once on demand), the time of creation, the time of last use, and the time of revocation if applicable. We never store the credential in plaintext.
  • Communication records showing which transactional emails (such as welcome messages, receipts, low-balance warnings) we sent to you and when, for the purpose of avoiding duplicate sends.

2.2 What We Do Not Collect

We do not collect your IP address, telephone number, mailing address, organization, or any payment-instrument data. Our authentication provider, our payment processor, and our infrastructure provider may collect some of those data points in connection with their services to us; see Section 4.

2.3 How We Use It

We use Account Holder Information to: authenticate you and grant you access to the Service; bill you for paid credits and process refunds; provision and revoke API credentials; render your account dashboard and search history; send you transactional email related to your account; maintain operational and security records, including the audit records described in Section 6; investigate and respond to suspected violations of our Terms of Service or Acceptable Use Policy; respond to lawful demands from law enforcement, regulators, or our upstream data source; and comply with applicable law.

We do not sell Account Holder Information. We do not share Account Holder Information for advertising, marketing, or behavioral profiling. We do not use Account Holder Information to train artificial intelligence or machine learning models.

2.4 Retention

We retain Account Holder Information for as long as your account is active. When you delete your account, we mark your account as deleted, revoke all of your API credentials, and instruct our authentication provider and payment processor to delete your records held by them. Your account record itself is retained in a deleted state for our internal audit purposes; the record blocks any further access to the Service.

3. Searched-Person Information

3.1 What You Submit

Each query to the Service accepts a strict, fixed set of inputs about the person you are looking up. The Service does not accept arbitrary metadata; the input schema rejects any unknown field. The accepted inputs are:

  • First, middle, and last name
  • Street address, city, state, and ZIP
  • An identifier for a previously returned record (used when you elevate a related-person stub from an earlier query into a full record)
  • A flag indicating whether to allow nickname matching
  • An indicator of how far back in time historical addresses should be searched
  • A category hint indicating what kinds of appended fields you want returned

We collect only the inputs listed above. We do not accept, log, or store any additional metadata about the Searched Person that you might attempt to send.

3.2 What the Upstream Source Returns

When you run a query, the Service forwards the inputs above to a licensed U.S. consumer-data aggregator and receives a response that may include, if available, names and aliases, addresses, phone numbers, email addresses, age, relatives and associates, real property records, liens, judgments, bankruptcies, business affiliations, and IP addresses associated with the Searched Person. The response is returned to your connected language-model client.

3.3 How We Store It

We store query inputs and responses as follows:

  • Inputs are stored as plaintext in our application database, attached to the record of your query. We store inputs in plaintext so that we can render your search history to you in your account dashboard.
  • Responses are stored as an encrypted blob in object storage. Each response is encrypted with AES-256-GCM using a key derived for your account, with a fresh initialization vector for each encryption. The plaintext response is never written to disk in our infrastructure.

Aside from the encrypted response blob, we do not cache responses. Every paid query is a fresh call to the upstream source.

3.4 Retention and Deletion

Encrypted response blobs are retained until you delete them, with the following mechanics:

  • You may soft-delete an individual query from your account history at any time. We mark the query as deleted, schedule the encrypted response blob for permanent destruction approximately thirty (30) days later, and the daily cleanup job destroys the blob on schedule.
  • When you delete your account, every query you have made is soft-deleted in the same way, and every encrypted response blob is destroyed within approximately thirty (30) days.

After the response blob is destroyed, the input record (name, address, and other inputs you submitted) is retained in our application database as an audit artifact, with the response no longer recoverable. This is a deliberate design choice: it allows us to meet our recordkeeping and audit obligations to our upstream data source while removing the substantive content of the response within a defined window.

If you want a specific input record permanently destroyed and not retained as an audit artifact, please contact us at hello@skipshit.com. We will evaluate the request against our retention obligations and respond to you.

3.5 How We Use Searched-Person Information

We use Searched-Person Information solely to: perform the query you have requested; render your own search history to you; maintain audit records as described in Section 6; respond to lawful demands from law enforcement, regulators, or our upstream data source; and enforce our Terms of Service and Acceptable Use Policy.

We do not sell Searched-Person Information. We do not use Searched-Person Information for advertising or marketing. We do not use Searched-Person Information to train artificial intelligence or machine learning models. We do not aggregate Searched-Person Information across accounts. We do not build profiles or marketing segments from Searched-Person Information.

4. Service Providers and Third-Party Sharing

We use a small number of service providers ("sub-processors") to operate the Service. Each is a third party that processes information on our behalf under a contract that limits their use of the information to providing services to us.

Service providerWhat they do for usWhat they receive
Authentication providerAccount creation, login, session managementYour email, name, and authentication events. They independently retain sign-in IP addresses, device fingerprints, and similar security data under their own terms.
Payment processorProcess payments and store payment methodsYour email, name, payment card data (which they tokenize — we never see it), purchase records, and tax-related billing information they collect at checkout
Email delivery providerSend transactional email such as receipts and low-balance warningsYour email address and the contents of the messages we send you
Cloud infrastructure providerCompute, storage, and edge network for the ServiceOperational data; may retain edge-layer access logs (which can include IP addresses) under their own terms
Error telemetry providerCapture and triage runtime errorsA scrubbed set of operational fields (message, level, environment, request identifier, account identifier, and similar). Query inputs, query results, and account contact data are filtered out by an allowlist before transmission.
Upstream data sourceProvide the consumer-data lookup that the Service exists to deliverQuery inputs as described in Section 3.1

We share Account Holder Information and Searched-Person Information with the providers above only as needed for them to perform their function. We do not sell information to any of them, and we do not authorize any of them to sell information they receive from us.

In addition to the providers above, we may disclose information:

  • In response to lawful process. We may disclose information when required by subpoena, court order, search warrant, or other legal process; or to comply with applicable law.
  • To enforce our rights. We may disclose information to enforce our Terms of Service, our Acceptable Use Policy, or other agreements; to defend ourselves against claims; or to protect the safety, property, or rights of Skipshit, our users, or the public.
  • To our upstream data source's audits. Our upstream data source has audit rights over our use of its data. We may disclose query records and account records to satisfy those audit rights.
  • In a business transaction. If we are acquired, merged, or sell all or substantially all of our assets, information held by us may be transferred to the acquiring party, subject to a privacy policy substantially equivalent to this one.

5. What the Service Does Not Do with Information from Your LLM Client

The Service is delivered through MCP. We want to be explicit about what the Service does not do inside your language-model client environment:

  • The Service does not query, extract, read, or otherwise access your model's memory, your chat history with your model, your conversation summaries, or any files or documents you have uploaded to your language-model client. The MCP interface the Service exposes only accepts the strict input fields described in Section 3.1.
  • The Service does not collect any context data from your language-model client beyond the input fields you provide to its tools.
  • The Service does not instruct your language model to pull behavioral guidance from external sources, and it does not contain hidden, obfuscated, or encoded instructions to the model.

6. Audit and Compliance Records

We retain a record of every query made through the Service, including the inputs you submitted, the response status, the timestamp, the credits consumed, and your account identifier. As described in Section 3.4, the encrypted response blob is destroyed approximately thirty days after a query is deleted, but the input record and operational metadata are retained for the life of your account as an audit artifact.

We retain these records to meet our contractual recordkeeping obligations to our upstream data source, to investigate suspected violations of our Terms of Service and Acceptable Use Policy, to respond to lawful demands, and to defend against claims. We do not conduct automated real-time monitoring of query content.

7. Security

We protect information using a combination of administrative, technical, and physical safeguards. Specific measures include:

  • Encryption in transit between your client and the Service using TLS.
  • Encryption at rest of upstream response blobs using AES-256-GCM, with per-account key derivation and a fresh initialization vector for each encryption.
  • Hashing of API credentials before storage, with encrypted ciphertext stored separately so credentials can be revealed to you on demand but are never written in plaintext.
  • Allowlist filtering of error telemetry to prevent query content and account contact data from reaching third-party error services.
  • Field-name-only operational logging at the request layer (no query values written to application logs).
  • Role-restricted access to production data and credentials.

No security measure is perfect. We cannot guarantee absolute security, and we do not promise that the Service or our systems will never experience a security incident. If we experience a security incident affecting your information, we will notify you to the extent required by applicable law.

8. Your Choices and Rights

Depending on where you reside in the United States, applicable state privacy law may give you specific rights regarding information about you. Those rights generally include:

  • The right to confirm whether we process information about you and to access that information.
  • The right to correct inaccurate information about you.
  • The right to delete information about you, subject to exceptions for information we are required or permitted to retain.
  • The right to opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising, and of certain profiling. We do not sell personal information and we do not share it for cross-context behavioral advertising; there is nothing to opt out of in this respect.
  • The right not to be discriminated against for exercising these rights.

To exercise any of these rights, contact us at hello@skipshit.com from the email address associated with your account. We will verify your identity before responding. We will respond within the time required by the law of your state of residence. If we deny your request in whole or in part, we will explain why.

You may also delete your account at any time from your account settings. Account deletion is described in Sections 2.4 and 3.4.

If you submit information about another person through the Service (a Searched Person) and that person contacts us to exercise rights regarding that information, we will evaluate the request against our retention obligations and our obligations to our upstream data source, and we may direct them to the upstream source. We may also contact you to request that you cooperate with the response.

9. Children

The Service is not directed to, and we do not knowingly collect information from, anyone under 18. If you believe a child has provided information to the Service, contact us at hello@skipshit.com and we will investigate and delete as appropriate.

10. EU/UK/EEA Users

We do not offer the Service to users located in the European Union, the United Kingdom, or the European Economic Area. We block signups originating from those jurisdictions at the authentication layer. The block exists in part to keep the Service outside the territorial scope of the EU and UK General Data Protection Regulations.

If you believe you have signed up despite this block, contact us at hello@skipshit.com and we will close your account and delete your account record.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated policy will be effective when posted, and the version and effective date at the top of the policy will reflect the update. If we make a material change, we will give you reasonable advance notice, which may be by email or through the Service.

12. Contact

Questions, requests, and complaints about this Privacy Policy should be directed to:

Multistate Land Investments LLC 500 Westover Dr, PMB 12840 Sanford, NC 27330-8941 hello@skipshit.com

Questions? Email hello@skipshit.com.