Our Commitment to Your Security
At ObscureIQ, we understand that your trust is earned through our actions, not just our words. This Data Security Statement outlines the comprehensive measures we've implemented to protect your personal information and maintain the highest standards of data security.
We believe that true privacy protection requires robust security at every level of our operations.
Security at a Glance
- No cookies or tracking technology used
- ISO 27001 compliant data storage standards
- SOC 1 and SOC 2 certified operations
- End-to-end encryption for all data transmission
- Multi-factor authentication required
- Isolated internal databases with no external connections
- Automatic data deletion after service completion
- PCI-certified security infrastructure
🚫Collecting and Tracking Activity
In our commitment to maintaining your privacy and data integrity, we have adopted a strict no-cookies policy. Just as we don't rely on third parties like Google or Mailchimp, we do not collect or use cookies on our website and services. This approach is a testament to our respect for your privacy, ensuring that we do not engage in any form of user tracking via cookies.
🍪No Cookies Policy
We maintain a strict no-cookies policy across all our platforms, ensuring your browsing activity remains completely private.
🔍No User Tracking
We do not employ any tracking mechanisms, analytics tools, or behavioral monitoring systems.
🚫No Third-Party Integration
We avoid third-party services like Google Analytics or Mailchimp that could compromise your privacy.
💾Storing Data
In our approach to data storage and security, we adhere to the highest standards, ensuring that our practices are in line with ISO 27001 standards. This commitment guarantees the security and integrity of the data we store. Additionally, our operations are compliant with SOC 1 and SOC 2 standards, reflecting our dedication to secure management and protection of your data.
To further enhance security, our data processing employs a one-way data stream. This method ensures that the data remains unaltered and safe from tampering during its transmission. Moreover, we maintain an internal database that is strictly isolated, with no external connections. This approach minimizes security risks and helps in safeguarding your information.
One-Way Data Stream Process
Secure collection
One-way stream
No external access
We store only the essential information required for our operations. In line with our commitment to your privacy and data security, we ensure that once our service is no longer needed by you, all your information is securely deleted from our systems.
🛡️Protecting Data
In our commitment to robust security, we ensure that all sensitive data written to disk is encrypted at rest, safeguarding your information even when it's not in active use. Our security infrastructure aligns with top industry standards, including PCI-certified standards, and compliance with SOC 1 and SOC 2 requirements.
Encryption Standards
All data is protected using military-grade encryption protocols:
Data in Transit
Data at Rest
Web Security
Mutual Authentication
For secure data transmission, we employ Secure Socket Layer (SSL) encryption, TLS 1.2 or higher, and adhere to the NIST Cybersecurity Framework. To further bolster account security, we enforce Multi-Factor Authentication (MFA) for accessing our services, adding an essential layer of protection.
🔐Multi-Factor Authentication
MFA is required for all account access, providing an additional security layer beyond passwords.
⏰TOTP Support
Time-Based One-Time Passwords provide secure, rotating authentication codes.
🔑U2F Authentication
Universal 2nd Factor hardware keys for the highest level of account security.
📋NIST Framework
Our security practices align with the NIST Cybersecurity Framework standards.
💳PCI Certified
Payment processing meets PCI Data Security Standards for financial protection.
🔒HTTPS/HSTS
All communications are encrypted with HTTP Strict Transport Security enabled.
We support advanced authentication methods, including Time-Based One-Time Passwords (TOTP) and Universal 2nd Factor (U2F), to enhance security measures. Additionally, our website and services are secured with HTTPS and HTTP Strict Transport Security (HSTS), ensuring all communication is encrypted and secure.
Moreover, we implement Mutual Transport Layer Security (mTLS) for rigorous authentication and data protection, mirroring our commitment to maintaining the highest standards of data security and integrity.
📅Retaining Data
We retain personal data of active customers exclusively for the purpose of active scanning. This data is securely stored and is never displayed publicly. As new data is introduced, it is appended to our storage systems in strict compliance with applicable regulations.
🎯Purpose-Limited Storage
Data is retained only for active scanning purposes and legitimate business operations.
🔒Private Storage
Personal data is never displayed publicly and remains strictly confidential.
📋Regulatory Compliance
All data retention practices comply with applicable privacy regulations and standards.
🗑️Automatic Deletion
Data is automatically purged when no longer needed for service delivery.
📧Communication with You
In our communications, we prioritize your security and privacy. To discuss complex removals, we use email confirmations, ensuring that they are sent only for legitimate purposes. We strictly avoid any unsolicited or unauthorized email communications.
Additionally, we handle your personal information with the utmost care, guaranteeing that it is never shared with unauthorized parties. This approach aligns with our commitment to maintaining the confidentiality and integrity of your data.
✅Legitimate Communications Only
All emails are sent for legitimate business purposes related to your service.
🚫No Unsolicited Messages
We never send spam, marketing emails, or unauthorized communications.
🔐Secure Email Protocols
All email communications use encrypted channels and secure protocols.
🤝Confidentiality Guaranteed
Your information is never shared with unauthorized third parties.
🌐Data About Websites
In our commitment to protecting your personal data, we have a strict policy regarding data sharing. Unlike other services, we do not share any data with privacy researchers, advocates, or regulators, unless we are compelled by legal requirements or have obtained explicit consent from you, our user.
This approach ensures that your information remains confidential and is only disclosed in scenarios where it is absolutely necessary and lawful, or when you have directly authorized us to do so.
🔒Strict No-Sharing Policy
We do not share data with researchers, advocates, or regulators without explicit consent.
⚖️Legal Compliance Only
Data sharing occurs only when legally required by valid court orders or subpoenas.
✋User Consent Required
Any voluntary data sharing requires your explicit, informed consent.
🛡️Maximum Protection
We go beyond industry standards to protect your data from unauthorized disclosure.
🔄Continuous Security Improvement
Our commitment to data security is ongoing. We continuously monitor, assess, and improve our security measures to stay ahead of emerging threats and maintain the highest standards of protection for your information.
📊Regular Security Audits
We conduct comprehensive security assessments and penetration testing regularly.
🔄System Updates
All systems are kept current with the latest security patches and updates.
👥Staff Training
Our team receives ongoing security training and follows strict security protocols.
🚨Incident Response
We maintain a comprehensive incident response plan for any security events.
Security Questions or Concerns?
If you have any questions about our data security practices or need to report a security concern, please contact us immediately:
Security Email
security@ObscureIQ.comPrivacy Email
privacy@ObscureIQ.comPhysical Mail
ObscureIQ, Attn: Security Officer
502 W 7th ST STE 100
Erie, PA 16502