Privacy Policy

1. Overview

Obsinto is an IT compliance intelligence platform. We connect to the cloud infrastructure you authorize (such as AWS, Azure, or GCP), read its configuration and state, map it to IT compliance framework controls (such as SOC 2, NIST, and FedRAMP), and generate evidence artifacts that show what is compliant and what is not. This policy explains what information we collect, how we use it, and your choices. It applies to obsinto.com and the Obsinto platform.

2. Information We Collect

Account information. Name, work email, organization, and role when you sign up or are invited to a workspace.

Connected-system data. When you connect a cloud account, we read configuration and posture metadata needed to evaluate IT compliance framework controls and generate evidence. Obsinto requests read-only access by design and does not modify your systems.

Content you provide. Documents and evidence you upload to your workspace.

Usage and device data. Log data, IP address, browser type, and product interactions, used to operate and secure the service.

Cookies and analytics. Essential cookies plus aggregate analytics to understand usage. See “Cookies & Analytics” below.

3. How We Use Information

We use the information we collect to provide and maintain the service; map your infrastructure to controls and generate evidence and reports; secure accounts and prevent abuse; communicate with you about your account; and meet legal obligations.

We do not sell your personal information. We may use aggregated or de-identified data to operate, evaluate, and improve the service and its compliance-reasoning capabilities.

4. How We Share Information

Service providers. We share data with vetted infrastructure and service providers (for example, cloud hosting, email delivery, and analytics) solely to operate the service, under confidentiality and security obligations.

At your direction. When you connect an integration or invite a teammate, information is shared as you configure.

Legal. We may disclose information where required by law or to protect rights, safety, and the integrity of the service.

Business transfers. Information may transfer as part of a merger, acquisition, or asset sale, subject to this policy.

5. Data Security

We encrypt data in transit and at rest, enforce least-privilege access and tenant isolation, and request read-only scopes from connected systems wherever possible. No method of transmission or storage is perfectly secure, but we work to protect your information and continuously improve our controls.

6. Data Retention

We retain account and evidence data for as long as your workspace is active and as needed to provide the service. You may request deletion of your data; we will honor such requests subject to legal and contractual retention obligations.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing — including, where applicable, under laws such as the EU GDPR and the California CCPA/CPRA. To exercise these rights, contact support@obsinto.com. For workspace content, your workspace administrator may also act on your behalf.

8. Where We Operate

Obsinto is based in the United States and processes information there. If we transfer personal information across borders in the future, we will use appropriate safeguards as required by applicable law.

9. Cookies & Analytics

We use cookies necessary for the site and product to function, and aggregate analytics to improve them. You can control cookies through your browser settings; disabling some may affect functionality.

10. Children’s Privacy

Obsinto is a business product, is not directed to children, and we do not knowingly collect personal information from anyone under 16.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above, and where appropriate we will provide additional notice.

12. Contact

Questions about this policy or your data? Email support@obsinto.com.