We take your data security seriously

TRACE-X is in the business of finding and eliminating your personal data from all the people-finder directories we can find. We handle data that you have expressly said you don’t want to get into the wrong hands. So, naturally, we take your personal data security seriously — way more seriously than required by law. We do this in ways that we can’t talk about publicly, because that would defeat the purpose. But we also follow a set of industry-leading information security practices that we do want you to know about:

No personal devices are used to handle your information

First and foremost is that we have a strict no-BYOD* policy. No TRACE-X client data is stored on employee’s personal devices. All our workstations are locked-down and encrypted and have the latest updates and security software. Finally, TRACE-X employees are not permitted to take client information home, and you will never find our employees working from a café on some unsecured laptop or wireless network.

*Bring Your Own Device (BYOD) is also sometimes referred to as Bring Your Own Technology (BYOT), Bring Your Own Phone (BYOP), and Bring Your Own Personal Computer (BYOPC).

We regularly test our own data security for compliance

Our entire operation is subjected to regular security audits and penetration testing. We engage Certified Information Systems Security Professionals — whose job it is to see if there are any holes in our security policies and practices. These are some of the sharpest tacks in the box, they work to ensure that your data is not subjected to leaks, breaches, or exploits from within or without.

Our in-house data security is second-to none

We take extraordinary measures to ensure that your data is secured locally:

  • All TRACE-X authentication information is secured inside an AES-256 bit encrypted password manager vault, on a passphrase-protected and root-level encrypted system (itself in a locked, secured, and alarm-monitored physical office location).
  • All TRACE-X staff adhere to and are regularly tested on industry best practices for Operational Security, encryption, phishing prevention, and other security measures.
  • Security audit logs are maintained on file and available for inspection by clients or external auditors.

We hold our information technology partners to the highest security standards

When we have data stored with a rock solid secure cloud storage provider, we ensure their security practices far exceed industry standards and regulations. Here are just a few highlights of those practices currently in place:

  • Connections feature zero-knowledge, end-to-end encryption.
  • Pass-phrases and private encryption keys are accessible only by TRACE-X, never by the cloud storage provider where they could be stolen via a break-in or social engineering.
  • PBKDF2 key stretching is used with a high iteration count. That’s nerd-speak for making encryption keys from existing passwords that are even more complex and harder to crack. Feeling nerdy yourself? Learn more, here.
  • Each file is locked with a 256 bit AES GCM data key, itself locked with a TRACE-X 2048 bit RSA key. Think of a super strong lock, whose key is locked in a box with a super strong padlock — cracking these would take hundreds of millions of years, using the most powerful supercomputer available.
  • Secure Socket Layer, also known as SSL / TLS (the “https” you see in your address bar) is used for all data transfers. However, it is not relied on for any meaningful security, as SSL on its own cannot be trusted. SSL is applied as an extra layer on top of the 2048 bit RSA and 256 bit AES encryption used to encrypt each file. This ensures that in the event SSL is compromised (for example, via a “man in the middle” attack, or an SSL software vulnerability), the file data remains encrypted and impossible to access.

You have better things to worry about than all the latest information security best practices. Let TRACE-X sweat the details while you rest assured, knowing your information is safe with us. Sign up today to remove from over 100 people-finder sites, all year round.