Designed to protect your privacy.
In The Event Of helps you see and manage your digital footprint, so we hold your trust to a high standard. Here is exactly how your data is handled.
AES-256 encryption
Sensitive values such as your connected-inbox OAuth tokens are encrypted with AES-256-GCM at the application level, on top of encryption at rest.
TLS in transit
All data moving between your browser and our services is protected with TLS.
Data minimisation
We only collect what a feature needs. The footprint scanner reads email metadata, not the body of your emails.
Per-scope consent
Each connection is requested separately at the point you enable it, and you can revoke any of them independently at any time.
Transparent sub-processors
Our Privacy Policy lists every sub-processor, what it handles, and the region it operates in.
Independent security audits
Our app has completed a Cloud Application Security Assessment (CASA), an independent third-party security review, and we run regular security audits as the product evolves.
Export & deletion
You can export your data as JSON or CSV, or delete your account and personal information, at any time from your profile.
Encryption
Data is encrypted in transit with TLS and at rest in our infrastructure. On top of that, the most sensitive values, such as the OAuth tokens for any inbox you connect, are encrypted at the application level using AES-256-GCM, so they are protected even within our own systems.
Data minimisation and your Gmail/Outlook scope
We request the minimum access each feature needs. The Digital Footprint scanner uses read-only, metadata-level access (sender, subject, labels and timestamps) to identify the services linked to you. It does not read the body of your emails. Our optional Scam Radar feature processes message content transiently to classify scams and then discards it; the body is never stored in our databases, logs or analytics.
Consent and control
Connecting an inbox is optional and separate from how you sign in. Each scope is requested individually at the point of connection, and you can revoke any connection independently, through your account settings or directly with Google or Microsoft, at any time. Sensitive actions are recorded with consent receipts and audit trails so there is a clear record of what happened and when.
What we store and what we do not
We store your account profile, encrypted connection tokens, scan results and the footprint records generated from them. We do notstore the body content of your emails, and full payment card details never touch our systems; payments are handled by Stripe. Where we use AI to classify scams, it runs in a zero-retention mode and the provider's terms prohibit training on our inputs.
Sub-processors and data residency
We are transparent about who processes your data. Our Privacy Policy lists every sub-processor, what it handles, and the region it operates in. Where data is processed outside Australia, we rely on recognised cross-border transfer protections, consistent with Australian Privacy Principle 8.
Audits and assessments
Our application has completed a Cloud Application Security Assessment (CASA), an independent third-party security review, and we run regular security audits alongside ongoing reviews and hardening as the product evolves.
Export and deletion
Your data is yours. You can export it in JSON or CSV format at any time from your profile page, and you can request deletion of your account and personal information whenever you choose.
Putting it into practice
Want to act on your own security? Our guides walk you through securing your email after a breach and what to do if your email is in a data breach.
ISO 27001 program underway
We are working towards ISO 27001 certification to formalise our information-security management as the company grows.