Security
You're handing us your name, address, phone, and email so we can use them to remove your information from data brokers. The fewer hands those fields touch, the better. Here's how we treat them.
Data at rest
Encrypted with AES-256 in our managed Postgres database (Cloud SQL). Keys managed via Google Cloud KMS, rotated automatically. We do not store your data in any unencrypted form, including backups.
Data in transit
TLS 1.3 enforced on every connection. HSTS preload-listed. No plaintext channels for any service that touches your data — the broker opt-out submissions go out over HTTPS, and the verification emails route through a managed inbox secured with TLS and 2FA.
Access control
Internal access is least-privilege and logged. Operations staff who handle opt-out submissions can see what they need to file the request — no broader access. Engineering access to the database requires named, audited credentials. Production access is two-person for any data-mutation operation.
Retention
We keep your data while you have an active account plus 30 days after cancellation (in case of dispute or re-activation). After 30 days, your data is permanently deleted from primary systems and from backups during the next backup-rotation cycle (90 days max). You can request immediate deletion at any time.
What we don't collect
We don't collect your social security number, your date of birth, your driver's license number, your bank or credit information beyond what payment processing requires, or your medical information. The broker opt-outs don't need any of that — your name, address, phone, and email are sufficient.
Reporting a vulnerability
If you found a security issue, write us at security@frontlineprivacy.com. We acknowledge within 24 hours, including weekends. We don't run a paid bug bounty yet, but we will publicly credit researchers who report responsibly.