Official Onerep update following article by Krebs on Security
In light of a recent article that came out linking Onerep and me to current multiple data brokers (untrue) and other entities such as Spamit (no affiliation, past or present), it seems appropriate to make a few things clear.
Operations
Onerep operates completely independently and is privately owned. While we started in Eastern Europe, our workforce has been globally distributed for years (from the US, to Eastern and Western Europe, and Asia). Together with my family, I have personally lived in the US since early 2022.
Sharing data with 3rd parties
We never sell user information. The information is only used for performing Onerep services in adherence with our privacy policy.
Security and data handling
- Our security program is built according to the SOC 2 security framework. We passed the SOC 2 Type I audit and are on track to pass SOC 2 Type II audit before Sept 1, 2024.
- Access to end user personal data is strictly restricted and limited based on the principle of least privilege, meaning that users or programs should only be granted access to the resources, files, and systems that they need to do their jobs, and no more.
- Our infrastructure is located in the US. We store all data in Microsoft Azure in the cloud, all inside the US. All data is encrypted both in transit and at rest.
Onerep’s origin story
Earlier in my career, a few friends and I dabbled with Google AdSense for extra income. From about 2010 to 2014, we put up some web pages and optimized them–a widely used SEO practice–and then ran AdSense banners on them. As we progressed and learned more, we saw that a lot of the inquiries coming in were for people.
Once we understood that and got deeper into the extent of information available on the web, it became clear that individuals would want their personal information removed and at the time, their only choice was doing it themselves or hiring expensive consultants who would do it for them manually.
This is how the fully automated idea and tech came about, to become Onerep. We led the market with it in 2015, and despite new entrants copying some of what we do, are still leading the market with the technology today. Currently, we scrub personal information from about 200 websites. To date, we have removed 16 million listings on behalf of consumers.
Affiliation with data brokers
- Whatever old domains may be found and still associated with my name I have long since abandoned; if they appear operational, they are not being operated by me.
- We advertise on a handful of data broker sites in very specific circumstances; our ad is served once someone has manually completed an opt-out form on their own. The goal is to let them know that if they were exposed on that site, there may be others, and bring awareness to there being a more automated opt-out option, such as Onerep.
- My only remaining ownership stake in any people search business is Nuwber, Inc. However, as mentioned extensively, there is zero cross-over or information-sharing with Onerep.
I get it. My affiliation with a people search business may look odd from the outside. In truth, if I hadn’t taken that initial path with a deep dive into how people search sites work, Onerep wouldn’t have the best tech and team in the space. Still, I now appreciate that we did not make this more clear in the past and I’m aiming to do better in the future.
We sincerely value the amazing customers, partners and consumers who have put their trust in our product over the years and continue to do so. Your support means the world.
Dimitri is a tech entrepreneur and CEO at Onerep. He is keen on sharing his expertise in cybersecurity and privacy matters and is regularly published on various platforms.