Privacy Policy

Effective 2026-04-27 · Version 1.0

This is a placeholder for the formal Privacy Policy. Our intent is summarised below.

What we collect

• Account data — name, email, company, billing address.
• Telemetry (off by default) — binary version, OS family, scan duration. No findings or target identifiers.
• Support correspondence — email threads, attached log snippets you choose to share.

What we do NOT collect

• Engagement directories (~/.obexum/scans/).
• Target credentials or SSH keys.
• Findings, evidence, or remediation playbook content from scans you run locally.

Where data lives

Stripe (billing). Cloudflare (web). Customer-selected region for the future SaaS portal. Nothing else — we keep the data perimeter small.

Your rights

Access, correction, deletion, portability per GDPR / CCPA / equivalents. Email privacy@obexum.com; we respond within 30 days.

Cookies

This site uses one functional cookie (theme preference) and no third-party tracking cookies. The SaaS portal will use session cookies with strict same-site / secure flags.

Questions? privacy@obexum.com.