Privacy & Disclosure

Privacy Policy & Affiliate Disclosure

Last updated: May 16, 2026. A more comprehensive attorney-reviewed version is in progress; this page is the operational summary as of the date above.

What we collect

Obsidian Ridge collects only the information needed to respond to inquiries, deliver security services, and operate this website responsibly. Specifically:

• Briefing form submissions— name, email, audience, and the context you choose to share. Used to schedule and prepare for our conversation.
• Newsletter signups— email address and the source page that captured it. Used to send the content you signed up for.
• Service customer data— whatever is required to operate the Huntress-platformed services and Ridge Watch on your behalf. Governed by the Business Associate Agreement (HIPAA), Master Services Agreement, or equivalent we sign before any engagement.
• Site analytics— privacy-respecting page-view and event counts via Plausible, our cookieless analytics processor. No cross-site tracking, no third-party advertising pixels, no personal data sold.

What we don't do

• We don't sell, rent, or share personal information with third parties for marketing.
• We don't place advertising pixels (Meta, Google Ads, X) that track you across the web.
• We don't require an account to read articles, use the Phish-or-Real game, or browse pricing.
• We don't store payment information on our servers — Stripe handles that for billing.

Affiliate & reseller relationships

Obsidian Ridge earns revenue three ways: direct service fees from clients (Ridge Watch, managed cybersecurity programs, Cyber Insurance Readiness sprints), reseller margin on partner products we bundle into managed services, and affiliate commissions when readers click certain product-recommendation links and complete a purchase with the partner vendor.

Per the FTC Endorsement Guides (16 CFR Part 255), we disclose affiliate relationships clearly and conspicuously near the link itself, not buried in this footer. Every external partner link on the site routes through obsidianridge.io/go/<vendor> so you can see, before you click, which vendor you're heading to and what our relationship with them is.

The editorial bar.We recommend tools we would deploy at our own families' homes and the small businesses we serve. We earn nothing when we tell you to stay with the free option or skip a product entirely — and we publish those recommendations alongside the affiliate ones. If a vendor's payout terms would change our honest recommendation, we walk away from the deal, not from the recommendation.

Current partner relationships

The status of each partner relationship is published openly at the routing layer:

• /go/guardio— AI scam protection
• /go/1password— password manager
• /go/bitwarden— password manager
• /go/protonpass— password manager
• /go/nordvpn— VPN
• /go/protonvpn— VPN
• /go/backblaze— backup
• /go/yubico— hardware MFA keys

Each link page declares whether the affiliate relationship is live, pending, prospect, or editorial (we cover the vendor for completeness but take no money from them).

How we're paid, in plain English

• Affiliate path: the partner vendor (e.g., 1Password, Guardio) bills you directly at their published price. We earn a commission when you purchase. You owe us nothing. The partner handles support, billing, and your account.
• Reseller path:Obsidian Ridge bills you for a bundled managed service that includes the partner's product plus our practitioner-led oversight (alert triage, cancellation handling, annual review). You see one invoice; we handle the vendor relationship on your behalf.
• Direct services: when you engage Obsidian Ridge for Ridge Watch, managed cybersecurity, or a Cyber Insurance Readiness sprint, you pay us directly per our published pricing or signed engagement agreement.

Cookies & tracking

We use only the cookies strictly necessary to make the site work (session continuity, form CSRF protection). We do not use cross-site advertising cookies. Outbound clicks to partner vendors may result in those vendors setting their own cookies on their domain; that's governed by their privacy policies, not ours.

Your data rights

Regardless of your state of residence, you can email us at security@obsidianridge.io to:

• See what we have on file
• Correct anything that's wrong
• Delete it entirely
• Unsubscribe from any communications

Residents of California, Colorado, Connecticut, Texas, Virginia, and other states with comprehensive consumer privacy laws have specific statutory rights. We honor those requests within the timeframe each state requires (typically 45 days). North Carolina does not yet have a comprehensive consumer privacy law, but we apply the same standards to NC residents.

Contact

Privacy questions, deletion requests, or anything else: security@obsidianridge.io.

Copyright takedown notices (DMCA) go to our designated agent at copyright@obsidianridge.io. The full procedure is in our Terms of Use, Section 6.