diff --git a/_includes/footer.html b/_includes/footer.html index 15e26d0..607f8ec 100644 --- a/_includes/footer.html +++ b/_includes/footer.html @@ -33,53 +33,11 @@
{{site.footer}}
+ Privacy RSS
- - - - \ No newline at end of file + \ No newline at end of file diff --git a/_layouts/contact.html b/_layouts/contact.html index 068b07d..f07f44a 100644 --- a/_layouts/contact.html +++ b/_layouts/contact.html @@ -49,7 +49,7 @@ -

We respect your privacy. The information you provide will only be used to respond to your inquiry and will never be shared externally.

+

We respect your privacy. The information you provide will only be used to respond to your inquiry and will never be shared externally. Learn more in our Privacy policy.

diff --git a/_layouts/privacy.html b/_layouts/privacy.html new file mode 100644 index 0000000..b3fadea --- /dev/null +++ b/_layouts/privacy.html @@ -0,0 +1,124 @@ + + + {%- include head.html -%} + + {%- include header.html -%} +
+
+ +
+
+
+
Last updated: May 8, 2025
+
+

Privacy policy

+

At Distrust, privacy is not just a policy—it’s a principle. We do not view mainstream privacy regulations as a gold standard—our approach goes far beyond compliance. Instead of relying on regulatory frameworks, we apply a first-principles security model that assumes well-funded adversaries may be interested in our clients and our work. Our privacy and security posture is built to mitigate such threats at every level.

+
+
+ +
+
+

Our security and privacy philosophy

+

Our internal security model assumes hostile threat actors, not just benign regulatory oversight. This is why we:

+
    +
  • Perform all client work in dedicated local virtual machines under an offline host OS.
    • +
  • Handle all authentication and password management via dedicated PIN+touch controlled personal HSMs.
    • +
  • Use Matrix for internal and client communications, bridging where necessary to platforms like Slack while ensuring end-to-end encryption.
    • +
  • Encrypt all contracts and sensitive agreements using hardware-backed encryption.
    • +
  • Require hardware-backed PGP keys for encrypting sensitive documents and emails.
    • +
+
+
+ +
+
+

What data we do not collect

+
    +
  • We do not collect analytics, tracking, or marketing data.
    • +
  • We do not use third-party tracking services (e.g., Google Analytics, cookies for behavioral tracking, or advertising tools).
    • +
  • We do not share or sell any data to third parties.
    • +
+
+
+ +
+
+

What data we collect & how it is secured

+

The only personal data we collect is what you voluntarily provide through the contact form on our website. Depending on what you choose to submit, this may include your name, email address, and any details you provide in your message.

How we secure your data:

+
    +
  • Your data and intellectual property (IP) are always stored with AES-256 encryption, unlockable only with our personal HSMs.
    • +
  • Your data and IP are never exposed in plain text, except on your systems or systems we physically control.
    • +
  • If we ever access client code, we create an isolated environment to ensure complete code isolation and integrity.
    • +
  • We exclusively use hardware-backed encryption for all stored and transmitted data.
    • +
+
+
+ +
+
+

How we use your data

+

Any information you submit via our contact form is used solely for the purpose of responding to your inquiry. We do not use this data for marketing, advertising, or any other external purpose.

+
+
+ +
+
+ Data retention policy +
    +
  • We retain contact form submissions for up to 12 months after the last interaction unless you request deletion earlier.
    • +
  • If no further communication occurs, your data is automatically deleted.
    • +
+
+
+ +
+
+ Data storage & security +
    +
  • We store contact form submissions securely on internal systems.
    • +
  • Access to stored submissions is restricted to essential personnel only.
    • +
  • We take extreme measures to prevent unauthorized access, modification, or disclosure of your information.
    • +
+
+
+ +
+
+ Data sharing & external access +

We do not share, sell, or distribute your personal data externally. Your data remains fully encrypted and is never accessible to third parties, including government agencies or regulatory bodies. We believe privacy is a fundamental right, and we operate under a strict zero-trust assumption regarding external entities. +

Furthermore, we open source and self-host all infrastructure whenever possible. Unlike companies that rely on third-party cloud providers with unknown security postures, we build and maintain our own secure infrastructure to eliminate external dependencies and reduce risk.

+
+
+ +
+
+

Your rights and control over your data

+

While mainstream regulations like GDPR, CCPA, and PIPEDA provide legal rights regarding personal data, we take a simpler and more absolute approach:

+
    +
  • You control your data. If you want it deleted, email us at [contact email], and we will remove it—no bureaucracy required.
    • +
  • We store as little data as possible and do not retain unnecessary personal information.
    • +
  • Unlike regulatory models that allow exemptions for data retention, we do not make exceptions—if you request deletion, it is final.
    • +
+
+
+ +
+
+

Changes to this policy

+

We may update this Privacy Policy to reflect changes in our practices. Any modifications will be posted on this page with the updated date.

+
+
+ +
+
+

Contact us

+

If you have any questions about this Privacy Policy or wish to request data access or deletion, please reach out to us at: team@distrust.co

+
+
+ +
+
+ {%- include footer.html -%} + + + diff --git a/_sass/base.scss b/_sass/base.scss index cfd5a3e..2ca3873 100644 --- a/_sass/base.scss +++ b/_sass/base.scss @@ -372,6 +372,15 @@ a:hover { padding-left: 0px; } +.table-of-contents a:hover { + color: var(--light-purple); +} + +.privacy-container { + margin-bottom: 1.5rem; +} + + .arrow { display: inline-block; margin-left: 4px; @@ -677,6 +686,14 @@ footer { vertical-align: middle; } +.footer-social a:hover { + color: white; +} + +.footer-social a { + color: var(--light-grey); +} + .footer-social a img { height: 20px; width: 20px; @@ -1159,12 +1176,17 @@ input[type=submit]:hover { } .submit-policy { - max-width: 500px; + max-width: 550px; margin-top: 9px; font-size: 0.8rem !important; filter: brightness(80%); } +.submit-policy a:hover { + color: var(--light-purple); + filter: brightness(100%); +} + *:focus { outline: none; } diff --git a/privacy.md b/privacy.md new file mode 100644 index 0000000..51084df --- /dev/null +++ b/privacy.md @@ -0,0 +1,8 @@ +--- +title: Privacy Policy +tagline: Distrust | Privacy Policy +summary: The type of data we refuse to collect +layout: privacy +permalink: /privacy.html +thumbnail: /assets/base/privacy-thumbnail.png +--- \ No newline at end of file