Last Updated: May 26, 2025
As a data privacy and security company, we are fully committed to the security of our customers’ data. When you sign up for our services, you are entrusting us with your personal information and we take that responsibility very seriously. Consistent with this commitment, Optery has completed its AICPA SOC 2, Type II security audit, and makes its audit report available to Optery for Business corporate customers under Non-Disclosure Agreement (“NDA”). You can learn more about Optery’s SOC 2, Type II security audit here: https://finance.yahoo.com/news/personal-data-removal-startup-optery-130000942.html
This information page explains how we secure our registered users’ data (“user data”) at https://app.optery.com and https://business.optery.com. This page is not intended to replace the official Terms of Service or Privacy Policy for our web site and app, and it does not apply to unregistered visitors to our web site.
As described in our Terms of Service and Privacy Policy, Optery is not a data broker and does not sell or rent personal information for monetary consideration to any third party, and Optery is not affiliated with any data broker. Optery uses collected data from users to deliver its Removal Services. As a registered user or paying customer, you are the only owner of your Personal Data and can request disclosure or deletion at any time.
Introduction
We utilize a number of technical, organizational, process and physical strategies and tactics to secure your personal information. We employ experienced, professional engineers dedicated to the healthy function of our systems and protecting your information. Securing our customers’ data is a continuous priority for our company and is considered seriously in every decision we make.
World-class Infrastructure Hosted in the United States
Optery products run on world-class infrastructure in separate access-controlled environments provided by Amazon Web Service (AWS). AWS provides state of the art security for its platforms and facilities. Amazon complies with the latest industry security standards and has received multiple certifications and reports, including ISO 27001/27017/27018 and AICPA SOC 1, SOC 2, and SOC 3 (SSAE 16/ISAE 3402). For more information on Amazon’s security credentials, please visit aws.amazon.com/security and aws.amazon.com/compliance/soc-faqs/
Data Encryption
All user data in transit, including usernames and passwords, is encrypted using Transport Layer Security (TLS) v1.3 protocol (i.e. HTTPS / SSL) to prevent interception of your data.
All data at rest is encrypted using encrypted database instances at Amazon using the industry standard AWS RDS with Advanced Encryption Standard (AES) 256-bit encryption algorithm. Encryption keys and encrypted data are stored separately using AWS’ Key Management System (KMS). We encrypt user account passwords using the PBKDF2 algorithm with a SHA256 hash.
User Authentication and Passwords
When creating and updating accounts, users are not permitted to save weak or obvious passwords. User account passwords must be a minimum of eight characters long, and contain at least one number, symbol, and uppercase and lowercase character.
Multi-factor Authentication (MFA) / 2-Step Verification (2FA)
Optery supports Multi-factor Authentication (MFA) / 2-Step Verification (2FA) for all user accounts for an additional layer security. MFA / 2FA is highly recommend for Optery users, but is not required.
Adding MFA / 2FA helps prevent your account from being compromised at login from someone that has guessed or stolen your password. In order to enable MFA / 2FA, you first need to install on your mobile device an authenticator application such as Google Authenticator, Authy, or any other compatible authenticator app. The authenticator app will generate a new six digit Time-Based One-Time Passcodes (TOTP) every 30 seconds. This passcode, which is also sometimes referred to as a “token”, will be used when you login as an additional verification that you are true owner of the account, and not an intruder.
Instructions for setting up MFA / 2FA can be found on our Help Desk here.
Optery employees and contractors are required and enforced to utilize MFA / 2FA everywhere possible.
Access Control
Optery minimizes the number of individuals that have access to user data and critical systems necessary to do their jobs using the “least privilege” principle. For those that do have access, we secure access using strong passwords and multi-factor authentication (MFA) everywhere possible. When employees and contractors are terminated from the company, their data and systems access privileges are revoked immediately.
Applications and System Security
Our applications and systems are kept up-to-date to ensure they are and patched with the latest security updates. Critical applications and systems passwords are only issued to a few individuals in the company.
Employee and Contractor Confidentiality Agreements
Prior to the start of employment or services, Optery requires all employees and contractors to sign confidentiality and non-disclosure agreements preventing the employees and contractors from storing or distributing user information outside the scope of their responsibilities for the company.
Third-party Vendors and Service Providers
Optery uses third-party vendors and service providers. You acknowledge and agree that Optery may use and provide your PII to the following third-party vendors and service providers to monitor, analyze, support, service, secure, market, improve, and/or provide our Service. Any such third-party vendors and service providers will only be given access to your PII and personal data as is reasonably necessary to monitor, analyze, support, service, secure, market, monetize, improve, and/or provide our Service.
Last Updated: January 30, 2026
Below is the list of subprocessors currently authorized to handle personal data in the delivery of our Removals Product.
1. Core Infrastructure & Removals Subprocessors
These entities are essential to the technical delivery and execution of the data removal service.
| Entity Name | Role / Purpose | Data Storage Location |
| Amazon Web Services (AWS) | Cloud hosting, database management, and secure data storage for the Optery platform. | USA |
| OpenAI (Optional/Opt-in) |
AI-driven analysis for verifying data broker profile matches and generating Removals Reports. | USA |
| Stripe | Secure processing of subscription payments and billing information. | USA |
2. Support & Operations Subprocessors
These entities assist our team in managing your account and providing technical support.
| Entity Name | Role / Purpose | Data Storage Location |
| Slack | Internal coordination to support customer operations. | USA |
| Google Workspace (Google Cloud for Business) | Internal coordination to support customer operations. | USA |
| Crisp | Customer support ticketing and live chat interface. | USA |
Important Disclosures
Third-Party Marketing Controllers. Optery uses third-party analytics tools for our own internal marketing and website optimization. Because these parties determine their own means of processing for advertising purposes, they are categorized as Third-Party Controllers and are governed by our Privacy Policy, not this Subprocessor list. To opt-out of third-party marketing trackers, click on the “Your Privacy Choices” link at optery.com.
Service Providers. Optery uses third-party services providers for our own business purposes, such as entities providing sales prospecting, marketing, fraud prevention, information security, and financial reporting services. These third-party service providers are governed by our Privacy Policy.
Data Brokers as Independent Data Controllers. When Optery submits a removal request to a data broker, that data broker is a Third-Party Recipient or an Independent Controller. They are not processing your data on behalf of Optery. Rather, Optery is providing your data to them, at your direction and per your written instructions, for the sole purpose of exercising your privacy rights on your behalf.
Reporting Security Concerns
If you believe you’ve found a potential user data security vulnerability with Optery, or if you believe we have not honored this statement, please Contact Us providing as much information as possible and we will review and act on your inquiry carefully and as necessary.