Trust Center
Last updated: Feb 6 2026. This page is the central place for Obscura security, privacy, and compliance documentation.
At a glance
Security posture
- Data is stored and processed in the United States (Manassas, VA).
- Data in transit is protected using TLS.
- Uploaded documents are encrypted at rest using per-account storage encryption keys that are versioned for planned rotation.
- Production access is limited to authorized personnel.
Operational safeguards
- Monitoring is used to detect availability issues.
- Backups and recovery processes are in place.
- Backups and audit logs are retained for 12 months by default. Longer retention is available by request.
- Customer content is not used to train AI models.
- Security questionnaires are available upon request.
Payments & PCI
Payment processing uses Stripe. When you enter payment details, Stripe's JavaScript loads directly from https://js.stripe.com to keep payment data handled by Stripe.
For PCI scope details or documentation requests, contact support@useobscura.com.
Sub-processors
- Netcup GmbH (hosting only; Manassas, VA data center).
- Backblaze E2 (backup storage; US East).
- Amazon AWS SES (email delivery).
- Stripe (payments; name and address for verification).
Documents
Security & Compliance
Controls, encryption, access, incident response, and certifications.GDPR & UK GDPR Summary
GDPR obligations, transfers, and data subject rights support.Privacy Policy
How we collect, use, and protect personal data.Data Processing Addendum
Data processing terms for regulated workloads.Service Level Agreement
Availability targets and service commitments.Terms of Service
Product terms, use conditions, and account responsibilities.Third-Party Licenses
Open-source and third-party software notices.Questionnaires
Need a security questionnaire response or vendor assessment? Email support@useobscura.com and we will respond promptly.