Last updated: 2026-07-05

This is a starting draft that reflects how the product works. Have legal counsel review and adapt it before launch.

1. Data we collect

2. How we use it

To run the monitoring service, attribute exposures to you, alert you, generate your reports, provide support, and process your subscription. We do not sell your data.

3. Sources we observe

We read publicly available content (public repositories, package registries, paste sites, the open and archived web, and similar public sources) to find exposures. We honor robots directives on general web crawling and observe rate limits. We do not access private systems or content behind authentication.

4. Isolation & security

Your findings are visible only to your account. We enforce tenant isolation at the database level (row-level security) so one customer can never see another's data. Secrets are redacted at detection; access to systems is limited and logged.

5. Sharing

We share data only with service providers that operate the platform (e.g. our payment processor and infrastructure hosts), under contract, and when required by law. As a SOCHQ product, data may be processed within the SOCHQ platform to deliver the service.

6. Retention & your rights

We keep account and finding data while your account is active and for a reasonable period after, then delete or de-identify it. You may request access to, correction of, or deletion of your data at privacy@sochq.io.

7. Contact

Privacy questions: privacy@sochq.io.