Privacy Policy

Effective Date: February 1, 2026

1. Information We Collect

ExpungeData collects information necessary to provide IT asset disposition (ITAD) and data sanitization services:

• Device Information: Hardware serial numbers, model numbers, firmware versions, SMART data, and storage capacity collected during the automated inventory process.
• Sanitization Records: Wipe method, verification status, timestamps, and cryptographic hashes documenting the sanitization process.
• Account Information: For client portal access, we collect name, email address, and company affiliation.
• Operator Information: Staff login credentials managed via Google OAuth.

2. How We Use Information

We use collected information to:

• Generate tamper-evident sanitization certificates
• Provide online certificate verification via QR codes
• Maintain audit trails for regulatory compliance
• Grant portal access to authorized clients
• Calculate environmental impact metrics (CO2e savings, e-waste diversion)

3. Data Sharing

We do not sell, trade, or rent personal information. Device and sanitization data may be shared with:

• The client who commissioned the sanitization job
• Regulatory bodies when required by law
• Our infrastructure provider (Cloudflare) for hosting purposes

4. Data Security

All data is encrypted in transit (TLS 1.3) and at rest. Sanitization certificates use SHA-256 cryptographic hashes for tamper detection. Access to operational systems requires authenticated sessions.

5. Contact

For privacy inquiries, contact us at info@expungedata.com.