DuvetBase
PricingAbout
PricingAbout usTerms & ConditionsPrivacy Policy

Privacy Policy

Last Updated: 03/19/2025

Welcome to DuvetBase! Your privacy and security are our top priorities. As an OSINT service provider, we are committed to a strict no-log policy, ensuring anonymity and data protection at every level. This Privacy Policy outlines how we collect, use, and safeguard information while maintaining a zero-trust security model.

1. Information We Collect

We minimize the collection of personally identifiable information and implement strict data retention policies.

1.1 Account Information

  • System-generated account number
  • License key information
  • Account status and subscription details

1.2 Technical Information

  • IP addresses (used exclusively for security verification and session integrity)
  • Device details (type, operating system, browser)
  • Session metadata (access timestamps, authentication logs)
  • Usage patterns (strictly for anomaly detection and service integrity)

2. How We Use Information

We use collected information strictly for operational and security purposes.

2.1 Service Provision and Maintenance

  • Authenticate and verify accounts securely
  • Process OSINT-related queries through our intelligence tools
  • Deliver search results and intelligence reports
  • Maintain account status and subscription services

2.2 Security and Compliance

  • Verify identity through IP validation
  • Prevent unauthorized access and account sharing
  • Detect and prevent fraudulent activities and abuse
  • Ensure compliance with legal and regulatory obligations

3. Zero-Trust Security Model

DuvetBase adheres to a zero-trust framework, ensuring that every session and action is verified.

3.1 Continuous Verification

  • Every session and request undergoes verification, regardless of source
  • IP validation is conducted per session
  • Authentication tokens have a limited lifespan

3.2 Minimal Data Retention

  • We minimize the collection of personally identifiable information
  • Data is stored only as long as required for service operation
  • Anonymization and pseudonymization techniques are applied where possible

3.3 Encryption and Security Controls

  • All data transmission is encrypted using TLS (HTTPS)
  • Sensitive data is encrypted at rest with advanced cryptographic protocols
  • Access to internal data is strictly controlled and monitored

4. Information Sharing and Disclosure

We do not sell or share personal data except in strictly limited circumstances.

4.1 Third-Party Service Providers

We may share limited, non-personal information with trusted service providers for:

  • Infrastructure security and maintenance
  • Payment processing (if applicable)
  • Compliance with operational requirements

4.2 Legal Compliance

We may disclose information only if required by law, such as:

  • Court orders or subpoenas
  • Legal investigations
  • Preventing fraud, abuse, or unlawful use of our Service
  • Protecting our rights, users, or third parties from security threats

4.3 Business Transfers

In the event of a merger, acquisition, or asset sale, user data may be transferred. We will notify users via a prominent notice before any such transfer occurs.

5. Data Retention

We strictly limit data retention and maintain a no-log policy wherever possible.

5.1 Account Information

  • Retained as long as the account is active
  • Deleted or anonymized upon account termination within a reasonable timeframe

5.2 Usage Data

  • Retained only for security, threat monitoring, and service integrity purposes
  • Automatically deleted after 90 days unless required for security investigations

5.3 Legal Obligations

  • Certain data may be retained as required by law or for dispute resolution
  • Fraud prevention and compliance measures may necessitate minimal retention

6. Security Measures

We implement advanced security protocols to safeguard user information.

  • Secure HTTPS connections with TLS encryption
  • IP-based session validation and monitoring
  • End-to-end encryption for sensitive queries
  • Regular security audits and vulnerability assessments
  • Strict internal access controls with least privilege enforcement

Despite our best efforts, no system is entirely immune to security threats. We continuously enhance security measures to mitigate risks.

7. User Rights and Choices

Users have control over their account and data preferences.

7.1 Managing Account Information

  • Users can review and update account details by contacting support
  • Due to our security-focused model, changes may require additional verification

7.2 No-Tracking Policy

  • We do not use third-party trackers or intrusive analytics
  • Minimal tracking is employed strictly for security and authentication purposes

7.3 Communication Preferences

  • Users can opt out of non-essential communications
  • Essential security-related notifications cannot be disabled

8. International Data Transfers

  • Our data centers operate in secure jurisdictions with strong privacy protections
  • User data may be processed in countries where our service providers operate
  • By using DuvetBase, users consent to these data transfers with strict safeguards

9. Updates to This Privacy Policy

We may update this policy periodically. Users will be notified of any material changes via:

  • A notice on our website
  • Updates to this page with a revised "Last Updated" date

Users are encouraged to review this Privacy Policy periodically.

10. Children's Privacy

  • Our service is strictly not for users under 18
  • We do not knowingly collect personal data from minors
  • If a child’s information is discovered, it will be promptly deleted

For privacy concerns, users can contact us at duvetbase@cipherx.wtf.

By using DuvetBase, you acknowledge and agree to this Privacy Policy.