SOC 2 certification in progress.Our security practices
/ security

Secure by design.Private by default.

We exist to protect your privacy, which means security is non-negotiable — not a feature. Here's how we build the infrastructure that holds your most sensitive data.

GDPRIn progress
SOC 2 Type IIIn progress
/ technical measures

Infrastructure security

Encryption at rest

All persisted data is encrypted using AES-256. Database backups are encrypted before leaving our infrastructure.

Encryption in transit

All traffic between your browser and our servers is protected by TLS 1.3. We enforce HTTPS site-wide and reject older protocols.

Managed backups

Our managed Postgres provider performs automated backups with point-in-time recovery, so data can be restored after an incident.

User permissions

Each user's data is strictly isolated. No cross-account data access is possible — every query is scoped to the authenticated session's user ID.

Activity records

Security-relevant events such as sign-ins and authorization signings are recorded (including timestamp and IP) so we can investigate and respond to incidents.

/ data principles

How we handle your data

Minimum data collection

We collect only what is needed to run the scan and deliver removals. We don't sell, rent, or share your personal data with third parties.

You own your data

You can export every piece of data Occlo holds about you at any time from Settings → Data Export. You can permanently delete your account and all associated data in one click.

Separation of duties

Your identity information (what you're protecting) is stored separately from your scan results and removal records. Billing is handled by Stripe — we never see or store raw card numbers.

No third-party tracking

The app has no marketing pixels, third-party analytics SDKs, or ad networks. Your in-app behavior stays between you and Occlo.

/ compliance

Standards we meet

GDPR

In progress

We are actively working toward full GDPR compliance. You already have the right to access, rectify, erase, and export your personal data at any time, and we process personal data only under legitimate legal bases with a full Privacy Policy covering all data flows.

Read our GDPR documentation →

SOC 2 Type II

In progress

We are currently undergoing a SOC 2 Type II audit covering security, availability, and confidentiality. Our controls and policies are audit-ready; certification is expected in 2026.

Request our security documentation →

Security questions?

Reach out to our security team at security@occlo.ai. We respond within 24 hours.