Privacy Policy

Inviolable ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital forensic security services. We understand that privacy is paramount, especially for our users who may be journalists, activists, or professionals working in sensitive environments. Our service is designed with privacy as a fundamental principle.

We collect the minimum information required to operate the service: • Account Information: email address, name, and preferences (language, timezone). • Risk Profile (optional): the country and the profile you choose (journalist, activist, human-rights defender, lawyer). Used only to route you to the right emergency-response organization when a threat is detected. • Device Fingerprint: a cryptographic hash (SHA-256) derived from your device's IMEI, MAC address, serial number and model. We store this hash to bind analyses to a single account and prevent reselling of the subscription. We do NOT use IMEI/MAC/serial to contact your carrier, to correlate with external data sets, or to identify you outside the platform. The individual identifiers themselves are stored in the clear only because the hash alone is not reversible; they are treated as confidential and never shared with third parties. • Analysis Artifacts: the backup package produced by the collection script. Stored encrypted in S3 for the minimum time required to run the analysis and then deleted. We do not open the backup for any purpose other than matching it against the indicator set. • Payment Information: processed by Stripe. We receive a transaction ID and the amount — never your card data. • Marketing Attribution: the referrer URL, UTM parameters, and the landing page from which you first arrived. Stored in your user record to help us understand which channels work. You can ask for this to be deleted at any time. • Network Signals: IP address at signup and per-session, user-agent. Stored in the audit log for abuse prevention. We explicitly DO NOT collect: • Personal content from your device (photos, messages, documents, contacts). • Browsing history outside the inviolable.io domain. • Location data beyond the country level (inferred from IP). • Data from anyone other than the account holder.

Your information is used solely for: • Providing forensic analysis services • Generating security reports and certificates • Communicating analysis results • Improving our detection capabilities • Complying with legal obligations We never use your data for advertising or sell it to third parties.

We implement industry-leading security measures: • End-to-end encryption for all data transfers • AES-256 encryption for data at rest • Isolated analysis environments • Regular security audits and penetration testing • Zero-knowledge architecture where possible Analysis reports are automatically deleted after 90 days unless you request retention.

You have the right to: • Access your personal data • Request deletion of your data • Export your data • Withdraw consent at any time • Lodge a complaint with supervisory authorities Contact us at privacy@inviolable.io to exercise these rights.

If you have questions about this Privacy Policy, please contact us: Email: privacy@inviolable.io Address: Smart Global Technologies Inc., Privacy Department For urgent security matters: security@inviolable.io