Privacy Policy

Last updated: February 8, 2026

1. Data Controller

The data controller is SEQ SIA, registration number 40203410806, registered at Lastadijas 12 k-3, Riga, Latvia, LV-1050.

For data protection inquiries, contact us at breach@offseq.com.

2. Data We Collect

We collect the following categories of personal data:

2.1. Account Data

  • Full name, email address, organization name
  • Hashed password (bcrypt; we never store plaintext passwords)
  • Billing information and payment history

2.2. Usage Data

  • Search queries (domains and email addresses you search for)
  • Search results and cached responses
  • Unlocked records and transaction history
  • Monitoring rules and alert configurations
  • Audit logs of account actions

2.3. Technical Data

  • IP addresses (for rate limiting and security)
  • Browser type, device information
  • Session tokens and authentication data

3. Breach Intelligence Data

SEQ SIA does not store, host, or maintain any leaked or breached databases on its own infrastructure.

All breach intelligence data (compromised credentials, exposed passwords, leak records) is retrieved in real-time from third-party intelligence providers via secure, encrypted API connections. The data is queried on-demand and presented to authorized users for the sole purpose of cybersecurity risk assessment and organizational protection.

Search results may be temporarily cached in our database to improve performance and reduce redundant API calls. Cached data is subject to automatic expiration (TTL) and does not constitute permanent storage of breach data.

4. Purpose & Legal Basis

We process your personal data for the following purposes:

  • Contract performance: Providing the Service, processing payments, managing your account
  • Legitimate interest: Improving the Service, security monitoring, fraud prevention, audit logging
  • Legal obligation: Tax and financial record-keeping, law enforcement requests
  • Consent: Marketing communications (only when explicitly opted in)

5. Data Sharing

We share personal data only with:

  • Payment processor (EveryPay): For payment processing and card tokenization
  • Intelligence providers: Search queries are transmitted to retrieve breach data (no account information is shared)
  • Hosting infrastructure: Data is stored on secure, EU-based servers
  • Legal authorities: When required by applicable law

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

6. Data Retention

  • Account data: Retained while your account is active, plus 30 days after deletion
  • Search cache: Automatically expired via TTL indexes (typically 60 minutes)
  • Audit logs: Retained for 24 months for security and compliance
  • Payment records: Retained for 7 years as required by Latvian tax law
  • Unlocked records: Retained while your account is active

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data (“right to be forgotten”)
  • Restriction: Restrict processing of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interest

To exercise any of these rights, contact us at breach@offseq.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija) at www.dvi.gov.lv.

8. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • TLS/SSL encryption for all data in transit
  • Encrypted database storage
  • Bcrypt password hashing
  • JWT-based session management with expiration
  • Rate limiting and IP-based abuse prevention
  • Comprehensive audit logging

9. Cookies

We use essential cookies for authentication and session management. These cookies are strictly necessary for the Service to function and cannot be disabled.

We do not use advertising cookies or third-party tracking pixels.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the platform. The “Last updated” date at the top of this page indicates the most recent revision.

11. Contact

For privacy-related inquiries, contact us at breach@offseq.com or visit our contact page.

SEQ SIA · Reg. 40203410806 · Lastadijas 12 k-3, Riga, Latvia, LV-1050