Security & Trust

Built by a pen-tester founder

DoxxScan was founded by a CEO with offensive-security background. We take "secure by default" seriously because we know how the other side thinks. Below: how we handle data, what we sign, and what we're working toward.

Request the full security pack →

Data handling

  • What we collect. Only what's necessary to deliver the monitoring product: protected individual's email(s), phone(s), known handles/aliases, and (for Comprehensive tier) home address and family-member identifiers.
  • What we never collect. Government IDs, financial account numbers, medical records, biometric data, employer credentials. We do not need these to do our job.
  • Where it lives. US-based encrypted database, AES-256 at rest, TLS 1.3 in transit. EU and on-prem residency available for regulated customers.
  • Who can access it. Production data accessible only to the assigned specialist on Enhanced+ tiers, plus engineering on-call. Access is logged. No third-party data resale or sharing.
  • How long we keep it. Active during contract term. On termination: monitoring data deleted within 30 days. Audit logs retained for 12 months for compliance reasons.

Compliance posture

FrameworkStatusNotes
SOC 2 Type IIn progress (Q3 2026)Auditor engaged. Preliminary control mapping complete. Type II will follow Q1 2027.
HIPAA / BAAAvailableWe sign BAAs for healthcare customers. We are a Business Associate, not a Covered Entity. PHI is not stored.
GDPRCompliantEU data subjects supported. DPA template available. Lead supervisory authority: Ireland.
CCPA / CPRACompliantCalifornia consumer rights honored. Right-to-delete and right-to-know supported.
ISO 27001RoadmapTargeted for 2027 alongside SOC 2 Type II.

Latest available security review materials shared under NDA during evaluation.

What we'll sign

Mutual NDA

Standard mutual NDA, no edits required for evaluation conversations.

BAA (Healthcare)

Custom Business Associate Agreement for any healthcare customer. Standard template available; redlines welcomed.

DPA (Data Processing)

EU-style Data Processing Agreement with SCCs included for cross-border data transfers.

Custom MSA

Master Service Agreement with customer-preferred terms for Comprehensive-tier engagements.

Vendor review pack

Available under NDA during a serious evaluation. Includes: most-recent third-party pen-test report, SOC 2 readiness audit, system architecture overview, data-flow diagrams, incident-response runbook, business-continuity plan, sub-processor list, and security-review questionnaire pre-filled (CAIQ / SIG-Lite).

Honest about where we are. We are a small, focused team. We have not yet completed SOC 2 Type II. We do not have ISO 27001. We're transparent about this because we'd rather you discover it on this page than mid-evaluation. The trade-off: we ship faster, charge less, and the founder is on every customer kickoff call.

Common questions

Can you complete our security questionnaire?

Yes. We've responded to standard CAIQ, SIG-Lite, and SIG-Core questionnaires for prior customers. Typical turnaround is 5-7 business days.

How do you handle a breach of your own systems?

Customer notification within 24 hours of confirmed incident. Public post-mortem within 30 days. Standard incident-response runbook available in the vendor pack.

Where can I report a vulnerability?

Email support@galaxywarden.com. We honor responsible disclosure with a 90-day window before public disclosure. Bug bounties available for critical findings.

Request the full security pack → Back to enterprise overview
Built by the same team that secures Fortune 500 and Inc. 500 companies. · 15B+ breach records · 95+ platforms monitored · 8 years in cybersecurity · Zero data sales, ever.
♦ ♦ ♦
GalaxyWarden logo
GalaxyWarden
DoxxScan™ · Beyond ‘you’re pwned.’
A BATech LLC product
Security Guides | Security Blog | Wardens | Discord | Affiliate Program | For Public Figures
Privacy Policy | Terms of Service | Responsible Use | Do Not Sell or Share My Personal Information | Privacy Request
Discord Community support@galaxywarden.com About BATech LLC DoxxScan vs Others
© 2026 GalaxyWarden® is a product of BATech LLC. DoxxScan™ is our exposure-scanning engine. All rights reserved. We do not sell your personal information.
Chat
W
AI Assistant DoxxScan
Checking...
Hey! I'm the DoxxScan AI Assistant. Got questions about your scan or cybersecurity? I'm here to help right away. A human teammate reviews every chat and may follow up by email — usually within 24 hours.