LEGAL
Privacy Policy
Effective February 1, 2026
How Expunge Data collects, uses, and protects the information involved in providing IT asset disposition and data sanitization services.
1. Information We Collect
ExpungeData collects information necessary to provide IT asset disposition (ITAD) and data sanitization services:
- Device Information: Hardware serial numbers, model numbers, firmware versions, SMART data, and storage capacity collected during the automated inventory process.
- Sanitization Records: Wipe method, verification status, timestamps, and cryptographic hashes documenting the sanitization process.
- Account Information: For client portal access, we collect name, email address, and company affiliation.
- Operator Information: Staff login credentials managed via Google OAuth.
2. How We Use Information
We use collected information to:
- Generate tamper-evident sanitization certificates
- Provide online certificate verification via QR codes
- Maintain audit trails for regulatory compliance
- Grant portal access to authorized clients
- Calculate environmental impact metrics (CO2e savings, e-waste diversion)
3. Data Sharing
We do not sell, trade, or rent personal information. Device and sanitization data may be shared with:
- The client who commissioned the sanitization job
- Regulatory bodies when required by law
- Our infrastructure provider (Cloudflare) for hosting purposes
4. Data Security
All data is encrypted in transit (TLS 1.3) and at rest. Sanitization certificates use SHA-256 cryptographic hashes for tamper detection. Access to operational systems requires authenticated sessions.
5. Contact
For privacy inquiries, contact us at info@expungedata.com.