Privacy Policy

Last updated: April 2026

1. Introduction

Obskur.tech ("we", "our") is a SaaS platform for analyzing the security of websites and source code. We detect technical vulnerabilities, exposed secrets, and generate audit reports with the help of artificial intelligence.

This Privacy Policy explains how we collect, use, and protect your personal data when you use our service available at https://obskur.tech.

By using our Service, you accept the practices described in this document.

2. Data Controller

Obskur.tech
Email: support@obskur.tech

3. Data We Collect

  • Data you provide us:
    • Email address and account information
    • First and last name (optional)
    • Password (stored hashed)
    • Payment data (processed by Stripe, not stored by us)
  • Data collected automatically:
    • IP address and technical data (browser, OS)
    • Service usage data
    • URLs of sites you scan
    • Security scan results
  • Data processed during scans:
    • HTTP headers, SSL configuration, cookies, CORS
    • Potentially exposed secrets in frontend code (API keys, tokens, etc.)
    • Site structure and crawled pages

Important: Detected secrets are analyzed in memory and are never permanently stored in our databases. They only appear in your personal report.

4. Purposes and Legal Basis

PurposeLegal basis
Provide the Service and generate scansContract performance
Create and manage your accountContract performance
Process your paymentsContract performance
Send transactional emailsContract performance
Improve our algorithms (anonymized data)Legitimate interest
Comply with legal obligationsLegal obligation

5. Data Sharing

We work with the following processors:

  • Stripe – Payments
  • Anthropic, OpenAI, Google, DeepSeek – AI report generation

All transfers outside the EU are governed by Standard Contractual Clauses.

6. Data Retention

  • Account data: 3 years after last activity
  • Scan results and reports: max 12 months
  • Payment data: legal duration (10 years for invoicing)
  • Detected secrets: deleted immediately after report generation

7. Your GDPR Rights

  • Access, rectification, erasure (“right to be forgotten”)
  • Restriction of processing
  • Objection
  • Data portability
  • Withdrawal of consent

To exercise these rights: support@obskur.tech

8. Security

We apply appropriate technical and organizational measures (TLS encryption, secure storage, restricted access, regular audits).

9. Cookies

We use essential cookies for the operation of the Service. You can manage your preferences via the cookie banner or your browser settings.

10. Contact

For any questions: support@obskur.tech