Effective Date: January 1, 2026
Policy Status: Active // Zero-Log Architecture

At Skia Privacy, we do not just sell privacy; we operate under a "Zero-Trust" architecture. This document outlines exactly how we handle your data—from your first visit to the destruction of your file.

1. Website & Visitor Data

We treat every visitor as a confidential entity. Our public-facing website (`skiaprivacy.com`) is architected to be a "Zero-Knowledge" environment.

• No Cookies: We do not use persistent tracking cookies or pixels.
• No Analytics: We do not use Google Analytics or third-party trackers to monitor your behavior.
• No Server Logs: We do not store IP addresses or User-Agent strings on our web server.

2. Secure Intake & Encryption

We do not accept sensitive PII (Personal Identifiable Information) via standard email or unencrypted web forms.

• Encrypted Transmission: All client onboarding is conducted via a separate, end-to-end encrypted portal (JotForm Encrypted) protected by a private key held offline.
• Zero-Access: Even our form provider cannot read the data you submit. Only Skia analysts possessing the physical decryption key can access your intake file.

3. Identity Verification Documents

To remove your data from Tier-1 brokers (e.g., LexisNexis), we are legally required to verify your identity. We adhere to a strict "Sanitized ID" Protocol:

• Redaction Required: We require all clients to redact (black out) their photo, license number, and signature before upload.
• Watermarking: Upon receipt, we apply a digital watermark ("FOR OPT-OUT PURPOSES ONLY") to your document to prevent misuse.
• Single-Use: These documents are used solely for the purpose of verifying identity with data brokers and are never stored in a central searchable database.

4. Operational Security (OpSec)

To protect your anonymity during the removal process, we employ the following tradecraft:

• Burner Emails: We generate unique, isolated email accounts for every client to interact with data brokers. This ensures your primary personal email is never exposed to spam lists.
• Limited Power of Attorney: We act as your "Authorized Agent" solely for the scope of data deletion. We do not claim rights to your data for any other purpose.

5. Data Retention & Destruction

We believe that data which does not exist cannot be stolen.

• Active Clients: We retain your "Shadow File" (list of exposed URLs and account credentials) only as long as necessary to perform the scrub and monitoring services.
• File Purge: Upon termination of service, all copies of your ID, intake forms, and operational emails are permanently deleted from our systems within 30 days.

6. Contact

For questions regarding this protocol or to initiate a data purge request:

Open Secure Channel