Incident & Breach Notification

How we handle security incidents — and how and when we'll tell you if one affects your data.

Last updated June 29, 2026 · All policies · Security & Compliance · DPA
The short version If something goes wrong with the security of your data, we work to contain it, figure out what happened, and tell affected people without undue delay — as required by law. Here's our process, and how to reach us if you spot something.

Our process

  1. Detect & triage. We monitor our systems and review reports. When a potential incident is identified, we assess its scope and severity.
  2. Contain. We take steps to stop and limit the impact — for example revoking access, isolating systems, or rotating credentials.
  3. Investigate. We determine what happened, what data was involved, and the root cause, preserving relevant information.
  4. Remediate. We fix the underlying issue and apply measures to reduce the chance of recurrence.
  5. Notify. Where required, we notify affected users, customers/controllers, and authorities (see below).
  6. Review. After significant incidents, we review what we learned and improve our safeguards.

When and how we notify

If we determine that a personal data breach has affected your personal data, we will notify you without undue delay after becoming aware of it, consistent with applicable law (for example, the GDPR's 72-hour controller-notification framework, and U.S. state breach-notification laws). For business customers, the notice timing and details are also governed by our Data Processing Agreement.

Our notice will include the information reasonably available at the time — for example, the nature of the incident, the types of data involved, the likely consequences, and the steps we are taking — and we'll follow up as we learn more. We typically notify by email to the affected account address and/or by a notice within the Service.

We do not provide a fixed contractual response-time guarantee for self-service plans beyond what the law requires; specific timelines can be agreed under an enterprise arrangement.

Report something to us

If you believe you've found a security vulnerability or suspect an incident, email legal@digitaltallycounter.com with as much detail as you safely can. Please don't access data that isn't yours, and give us a reasonable opportunity to respond before any public disclosure. We appreciate responsible reporting.

Your responsibilities

Keep your account credentials secure and your contact email current so we can reach you, and maintain your own backups of important data. Many incidents involving individual accounts stem from reused or compromised passwords on the user's side.

DigitalTallyCounter.com is operated by Nowaitn Corporation, a Delaware corporation.

What can I count for you today?

Talia

DigitalTallyCounter Assistant