Privacy Policy

Data Collection

OBSIDIAN iD collects only the minimum data necessary to provide identity and access management services. This includes authentication credentials, user profile information, and system logs required for security and compliance.

Data Usage

Your data is used exclusively to:

• Provide authentication and authorization services
• Maintain security and prevent fraud
• Generate compliance and audit reports
• Improve service performance and reliability

Data Sharing

We do not sell, rent, or share your data with third parties for marketing purposes. Data may be shared only when:

• Required by law or legal process
• Necessary to protect our rights or safety
• With service providers under strict confidentiality agreements

Data Retention

User data is retained for the duration of your subscription plus applicable legal retention periods. Audit logs are retained for up to 7 years for Enterprise customers, or as configured in your service agreement.

Security

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). We maintain SOC 2 Type II certification and conduct regular security audits. Zero-knowledge architecture options are available for maximum privacy.

Your Rights

You have the right to:

• Access your personal data
• Request data correction or deletion
• Export your data in machine-readable format
• Opt out of non-essential data collection
• Lodge a complaint with supervisory authorities

Contact

For privacy-related inquiries, contact: privacy@obsidianid.com