How We Practice the Privacy We Preach

Trust

How we practice the privacy we preach

You review vendors for a living. This page is written for that review — the architecture, the receipts, and the licensing, in the plain language you'd want from any vendor you assess.

The architecture: your data has nowhere to go

Most privacy software asks you to send your most sensitive operational data — incidents, assessments, vendor findings — to the vendor's cloud, and then asks you to trust the vendor's security. PrivOptic products are built the other way around.

Apps and toolkits are self-contained files that run entirely in your browser. There is no PrivOptic server behind them. Close the tab, and the session existed only on your machine.
Platforms (Privacy Portal, TPRM, Data Governance Manager, PrivOptic Command) deploy to your infrastructure — your cloud subscription, your identity provider, your access policies. We ship code; you run it. Command's single opt-in egress point — the signed regulatory update feed — is off by default and fetches pure data, never code.
No telemetry, no license servers, no phone-home. Our products cannot report on your usage because nothing in them talks to us. We find out you renewed the same way you'd want us to: you tell us.

The receipts: verify, don't trust

Claims are cheap in this industry, so our enterprise products ship with the evidence. PrivOptic Command includes its security scan report — 100% parameterized SQL across every query, zero string concatenation — and the complete 48-case end-to-end test suite that proves the platform's behavior, including adversarial tests: tampered update packs rejected, oversized payloads refused, version downgrades blocked, role-based access denials enforced. You can run the suite yourself in your own deployment in seconds. The Privacy Management Portal has been penetration tested. We publish what we can prove and label planning defaults as planning defaults.

The licensing: one price, zero strings

One purchase covers your organization. Unlimited users. No per-seat pricing, because charging per seat punishes you for rolling privacy out widely — the opposite of what a privacy vendor should want.
No subscriptions required. Your license is perpetual — what you buy keeps working, with nothing to renew and no lapse that turns your tools off. Where a subscription exists (Command's regulatory pack feed), it's optional content, not a leash — the platform runs indefinitely without it.
Your data is yours, contractually. Our license says so in plain terms, because it would be strange for a privacy company to claim otherwise. Full terms are in our Terms of Service and each product's license.

What happens when you buy

Checkout is handled entirely by Shopify — we never see or store your card details. Your files arrive by secure download link. We don't require an account, we don't build a profile of you, and the only emails you get are the ones the transaction requires. It's the buying experience we'd want from a vendor we were assessing.

Who's behind it

PrivOptic is built by a working privacy practitioner with 15+ years running global privacy programs — DSAR queues, breach clocks, vendor reviews, regulator correspondence, audits. Every product exists because it was needed in a real program and couldn't be bought anywhere at a defensible price. That's also why the products are honest about their limits: tooling supports judgment, it doesn't replace it, and nothing we sell is legal advice.

The test we hold ourselves to is simple: could the founder, wearing her privacy-officer hat, approve PrivOptic as a vendor without blushing? Every architecture and licensing decision above exists to keep that answer yes. Questions before you buy? Read the FAQ or write to sales@privoptic.com.