OBSΞDIΛNSecurity Platform
SOC2 Type II Compliant

Privacy Policy & Data Protection

Your privacy and data security are fundamental to our mission. Learn how Obsedian protects, processes, and respects your information.

256-bit
AES Encryption
SOC2
Type II Certified
GDPR
Compliant
Last updated: September 29, 2025

Table of Contents

Quick Actions

Privacy Overview

At Obsedian, we understand that your trust is earned through transparency and demonstrated security practices. This Privacy Policy explains how we collect, use, protect, and share your information when you use our security testing platform and related services.

Our Privacy Commitment

  • We never sell your personal information to third parties
  • We use industry-leading encryption and security measures
  • You have full control over your data and privacy settings
  • We comply with GDPR, CCPA, and other privacy regulations

Information We Collect

Account Information

  • • Name and email address
  • • Company and job title
  • • Account preferences and settings
  • • Profile information and avatar
  • • Billing and payment information

Usage Information

  • • Platform usage and feature interaction
  • • Security scan results and configurations
  • • API usage patterns and performance metrics
  • • Error logs and diagnostic information
  • • Session duration and frequency

Technical Information

  • • IP address and geolocation data
  • • Browser type and version
  • • Operating system and device information
  • • Network and connection details
  • • Cookies and tracking identifiers

Security Data

  • • Application security scan results
  • • Vulnerability assessment reports
  • • Code analysis and findings
  • • Security configuration data
  • • Threat intelligence and indicators

Important Note on Security Data

Your application source code and sensitive security data are processed locally and encrypted in transit. We implement strict access controls and data isolation to ensure your security information remains confidential and is only accessible to authorized personnel for platform improvement purposes.

How We Use Information

Service Delivery

Provide security testing, vulnerability assessment, and platform functionality

Account Management

Manage your account, process payments, and provide customer support

Platform Improvement

Analyze usage patterns to enhance features and security capabilities

Detailed Use Cases

Authenticate and authorize access to your account and data
Process security scans and generate vulnerability reports
Provide technical support and troubleshooting assistance
Send important service updates and security notifications
Comply with legal obligations and regulatory requirements
Detect and prevent fraud, abuse, and security threats
Conduct research to improve our security detection capabilities
Personalize your platform experience and recommendations

Information Sharing

We do not sell, rent, or trade your personal information. We only share information in the following limited circumstances:

Service Providers

Trusted third-party vendors who help us operate our platform:

  • • Cloud infrastructure providers (AWS, Azure)
  • • Payment processors (Stripe, PayPal)
  • • Email and communication services
  • • Analytics and monitoring tools

Legal Requirements

When required by law or to protect our rights:

  • • Legal process or court orders
  • • Regulatory compliance requirements
  • • Protection against fraud or abuse
  • • Emergency situations involving safety

Business Transfers

In the event of a business transaction:

  • • Merger or acquisition
  • • Asset sale or transfer
  • • Bankruptcy or insolvency
  • • Corporate restructuring

With Your Consent

When you explicitly agree to share information:

  • • Integration with third-party tools
  • • Sharing reports with team members
  • • Public testimonials or case studies
  • • Research participation

Data Security & Protection

Security is at the core of everything we do. We implement multiple layers of protection to safeguard your data:

Encryption

  • • AES-256 encryption for data at rest
  • • TLS 1.3 encryption for data in transit
  • • End-to-end encryption for sensitive communications
  • • Hardware security modules (HSMs) for key management

Access Controls

  • • Multi-factor authentication (MFA)
  • • Role-based access control (RBAC)
  • • Zero-trust architecture
  • • Regular access reviews and audits

Infrastructure Security

  • • SOC 2 Type II compliant data centers
  • • 24/7 security monitoring and incident response
  • • Regular penetration testing and vulnerability assessments
  • • Automated backup and disaster recovery

Operational Security

  • • Employee security training and background checks
  • • Secure software development lifecycle (SSDLC)
  • • Regular security audits and compliance reviews
  • • Incident response and breach notification procedures

Security Certifications & Compliance

SOC 2
Type II Certified
ISO 27001
Certified
GDPR
Compliant
CCPA
Compliant

Data Retention

We retain your information only as long as necessary to provide our services and comply with legal obligations:

90 days
Log Data
System logs and access records for security monitoring
2 years
Security Scans
Vulnerability reports and scan results for trend analysis
7 years
Financial Records
Billing and payment information for legal compliance

Data Deletion Policy

When you delete your account or request data deletion:

  • • Personal information is deleted within 30 days
  • • Anonymized usage data may be retained for analytics
  • • Legal and regulatory records are retained as required
  • • Backup systems are purged within 90 days

Your Privacy Rights

You have comprehensive rights regarding your personal information. We provide tools and processes to exercise these rights:

Access Your Data

Request a copy of all personal information we have about you

Correct Information

Update or correct any inaccurate personal information

Delete Your Data

Request deletion of your personal information and account

Data Portability

Export your data in a machine-readable format

Restrict Processing

Limit how we process your personal information

Object to Processing

Object to certain types of data processing activities

How to Exercise Your Rights

Email Us
privacy@obsedian.live
Account Settings
Manage in dashboard
Phone Support
+1 (555) 123-4567

Cookies & Tracking

We use cookies and similar technologies to enhance your experience, provide functionality, and analyze usage patterns.

Essential Cookies

Required for basic platform functionality:

  • • Authentication and session management
  • • Security and fraud prevention
  • • Load balancing and performance
  • • User preferences and settings

Analytics Cookies

Help us improve the platform:

  • • Usage patterns and feature adoption
  • • Performance monitoring and optimization
  • • Error tracking and debugging
  • • A/B testing and experimentation

Cookie Management

You can control cookie preferences through your browser settings or our privacy center. Note that disabling essential cookies may impact platform functionality.

International Transfers

Obsedian operates globally while ensuring your data receives adequate protection regardless of where it's processed.

Data Processing Locations

Primary: United States (AWS US-East)
Europe: Ireland (AWS EU-West)
Asia-Pacific: Singapore (AWS AP-Southeast)

Data Residency Options

Enterprise customers can choose specific data residency locations to meet regulatory requirements.

Transfer Safeguards

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions recognition
  • Data Processing Agreements (DPAs)
  • Regular compliance audits

EU Data Protection

For EU residents, we provide additional protections under GDPR, including data processing within the EU where possible and enhanced rights exercising procedures.

Compliance & Certifications

We maintain industry-leading certifications and comply with global privacy regulations to earn your trust.

SOC 2 Type II

Annual audit of security, availability, and confidentiality controls

Certified

ISO 27001

International standard for information security management

Certified

GDPR Compliance

European Union General Data Protection Regulation

Compliant

CCPA Compliance

California Consumer Privacy Act requirements

Compliant

HIPAA Ready

Healthcare data protection capabilities

Available

FedRAMP

Federal government cloud security program

In Progress

Continuous Compliance

Regular Audits

  • • Annual SOC 2 examinations
  • • Quarterly internal security assessments
  • • Monthly vulnerability scans
  • • Continuous compliance monitoring

Transparency Reports

  • • Annual transparency reports
  • • Security incident disclosures
  • • Compliance status updates
  • • Third-party audit results

Contact Information

Have questions about our privacy practices? We're here to help. Contact our privacy team for assistance with any privacy-related inquiries.

Privacy Team

privacy@obsedian.live
+1 (555) 123-4567
Obsedian Security, Inc.
123 Security Boulevard
San Francisco, CA 94105

Data Protection Officer

dpo@obsedian.live

For EU residents and GDPR-related inquiries, contact our dedicated Data Protection Officer.

Quick Actions

Response Time

We respond to privacy inquiries within 30 days. For urgent matters, we aim to respond within 72 hours. GDPR requests are processed within the required 30-day timeframe.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes through email or platform notifications.