Privacy Policy
Learn how OBFUSGATED protects your data. Explore our Privacy Policy for details on data collection, usage, storage, and commitment to your online privacy.
Introduction
This Privacy Policy explains how INFORMATION SYSTEMS Limited Liability Company (LLC) ("we", "us", or "our"), a company incorporated at Yerevan, Erebuni Street, Building 14/1, Armenia that operates OBFUSGATED, processes your personal data. This Policy applies to your use of our website ("Website"), applications, and any services ("Services") provided by INFORMATION SYSTEMS LLC, regardless of the device you use to access them.
Definitions
In this Privacy Policy, the following terms shall have the following meanings:
- "Account": The personal information, payment information, and credentials used by users to access our Services.
- "Data": All information that you submit to the Website or Services.
- "GDPR": General Data Protection Regulation - Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
- "User"/"Users": Any third party that accesses the Website and/or Services.
- "Cookie": A small text file placed on your device when you visit certain parts of the Website, used to identify recurring visitors and analyze their browsing habits.
Data We Collect
We may collect the following data:
- Name
- Email address
- Contact information (such as phone number)
- Payment information (such as credit/debit card details)
- IP address (automatically collected)
- Browser type and version (automatically collected)
- Operating system (automatically collected)
- Device information
- Usage data, including logs of the times you access our Services (may be collected and used solely for the purpose of enforcing the simultaneous session limit as outlined in our Terms of Service)
- Cookies and similar technologies
How We Use Your Data
We process your personal data for the following purposes:
- To provide and maintain our Services
- To process your transactions and manage your subscriptions
- To communicate with you, including responding to your inquiries and providing customer support
- To send you updates, promotional materials, and other information about our Services (you may opt-out at any time)
- To improve our Services and develop new features
- To monitor and analyze usage and trends to enhance your experience
- To ensure the security and integrity of our Services
- To comply with legal obligations and enforce our terms
Legal Grounds for Processing
We process your personal data based on the following legal grounds:
- Contractual Necessity: To provide you with the Services you have requested.
- Legal Obligation: To comply with applicable laws and regulations.
- Consent: When you have given us explicit consent to process your data for specific purposes.
- Legitimate Interests: To improve our Services, prevent fraud, and protect our legal rights.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. When we no longer need your personal data, we will securely delete or anonymize it.
Sharing Your Data
We do not sell, rent, or share your personal data with third parties for marketing, advertising, or any other commercial purposes. We maintain a strict no-data-sharing policy. We may only share your data in the following limited circumstances:
- Service Providers: Trusted third parties who assist us in operating our Services (e.g., payment processors, email service providers) and who have agreed to keep your data confidential and secure. These providers are bound by strict data processing agreements and are only given access to the minimum data necessary to perform their services.
- Legal Obligations: If required by law, we may disclose your data to comply with a legal obligation, respond to a lawful request by public authorities, or protect our rights.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new owner. We will ensure that any such transfer maintains the same level of data protection.
International Data Transfers
Your personal data may be transferred to and processed in countries outside of your country of residence, including Armenia. When transferring personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place in accordance with applicable data protection laws. These safeguards include Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms. We conduct transfer impact assessments to ensure that your personal data receives adequate protection regardless of where it is processed.
Your Rights
You have the following rights regarding your personal data:
- Access: You have the right to request access to the personal data we hold about you.
- Rectification: You have the right to request that we correct any inaccuracies in your personal data.
- Erasure: You have the right to request that we delete your personal data.
- Restriction: You have the right to request that we restrict the processing of your personal data.
- Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
- Objection: You have the right to object to the processing of your personal data for certain purposes.
- Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time.
Exercising Your Rights
To exercise your rights, please contact us at support@obfusgated.com or by opening a new support ticket. We may require you to verify your identity before responding to your request. We will respond to your request within the time frame required by applicable law.
Data Security
We take reasonable measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and secure hosting environments. However, no method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee absolute security.
Cookies and Tracking Technologies
We do not use any tracking cookies, analytics cookies, or advertising cookies on our Website. We do not employ third-party tracking services or analytics providers. The only cookies we use are strictly necessary cookies that are essential for the basic functionality of our Website, such as maintaining your session and ensuring security. We collect anonymous website analytics data without using cookies, but this data is never shared with third parties. For more information about our cookie practices, please refer to our Cookie Policy.
Third-Party Services
Our Services may contain links to third-party websites or services that are not owned or controlled by INFORMATION SYSTEMS LLC. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites or services before providing them with your personal data.
Children's Privacy
Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you become aware that a child has provided us with personal data, please contact us at support@obfusgated.com or by opening a new support ticket, and we will take steps to remove such information.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Services after such changes constitutes your acceptance of the new Privacy Policy.
Data Protection Officer
INFORMATION SYSTEMS LLC has appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Policy. You may contact the DPO at office@obfusgated.com.
Supervisory Authority
If you believe that we have not complied with data protection laws, you have the right to lodge a complaint with the relevant supervisory authority.
Legal Compliance and Law Enforcement
We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We may also disclose your data to enforce our legal rights, prevent harm, or protect our rights, property, or safety, or that of our users or others.
Data Breach Notification
In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, in accordance with applicable laws. Our breach notification procedures include immediate containment, risk assessment, and appropriate remediation measures to protect your personal data.
International Users
By using our Services, you acknowledge that your personal data may be transferred to and processed in countries outside of your country of residence, including Armenia. We will ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.
Data Minimization
We collect only the minimum amount of personal data necessary to fulfill the purposes outlined in this Privacy Policy. We do not collect unnecessary personal data or retain it for longer than needed.
Marketing Communications
With your consent, we may send you marketing communications about our Services. You may opt-out of receiving such communications at any time by adjusting your notifications settings.
Do Not Track
Our Website does not respond to Do Not Track signals. However, you can disable certain tracking as discussed in our Cookie Policy.
Data Processor and Data Controller
INFORMATION SYSTEMS LLC acts as the data controller for the personal data collected through our Services. In certain circumstances, third-party service providers may act as data processors on our behalf.
Enhanced Data Breach Notification Procedures
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify the affected individuals without undue delay. Our breach notification procedures include immediate containment, risk assessment, and appropriate remediation measures.
Records of Processing Activities
We maintain detailed records of all data processing activities as required by applicable data protection laws. These records include the purposes of processing, categories of personal data, recipients, retention periods, security measures, and any transfers to third countries. These records are available for inspection by supervisory authorities and demonstrate our compliance with data protection obligations.
Data Protection by Design and Default
We implement data protection by design and by default principles, ensuring that data protection is built into our systems and processes from the outset. This includes privacy-friendly default settings, data minimization, purpose limitation, and technical and organizational measures to protect personal data throughout its lifecycle.
Enhanced Consent Management
Where we rely on consent as a legal basis for processing, we ensure consent is freely given, specific, informed, and unambiguous. You can withdraw your consent at any time through your account settings or by contacting us at support@obfusgated.com. We maintain records of consent and can demonstrate that valid consent was obtained. We do not use pre-ticked boxes or other forms of consent by default.
Specific Data Retention Periods
We retain personal data for specific periods based on the purpose of processing: Account data (duration of subscription plus 3 years for legal compliance), Payment data (7 years for accounting and tax purposes), Usage logs (maximum 30 days for service optimization), Marketing data (until consent is withdrawn), Support communications (3 years for service improvement). After these periods, data is securely deleted or anonymized.
Data Protection Impact Assessments
We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities, including the introduction of new technologies or processing of sensitive data. Our DPIAs identify and assess risks to individuals' rights and freedoms and implement appropriate measures to mitigate these risks. We regularly review and update our DPIAs to ensure continued compliance.
Third-Party Processor Agreements
All third-party processors who handle personal data on our behalf are bound by strict data processing agreements that ensure GDPR compliance. These agreements include specific obligations regarding data security, breach notification, data retention, and the rights of data subjects. We regularly audit our processors to ensure continued compliance with these agreements.
Regular Compliance Monitoring
We regularly monitor and audit our data processing activities to ensure ongoing compliance with applicable data protection laws. This includes regular staff training on data protection, periodic reviews of our policies and procedures, and assessments of our technical and organizational measures. We maintain documentation of all compliance activities and improvements.
Governing Law
This Privacy Policy is governed by the laws of Armenia, without regard to its conflict of law provisions.
Language
This Privacy Policy may be translated into other languages. In the event of any inconsistencies, the English version shall prevail.
Contact Us
If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at support@obfusgated.com or by opening a new support ticket.
Effective Date
This Privacy Policy is effective as of Sep 19, 2025.