Sensitive Data Policy

Last updated: June 22, 2026

ExpertStack supports live technical collaboration, but messages, uploads, booking notes, and video sessions should not be used to exchange credentials or highly sensitive data. This policy applies to clients, Experts, and administrators.

What users must not share

Do not share production passwords, root credentials, private keys, API secrets, full payment card numbers, protected health information, raw customer databases, government-classified data, or highly regulated data unless separate safeguards and agreements are in place.

Never place authentication codes, recovery codes, signing keys, or complete secret values in messages, uploads, booking notes, or safety reports.

What Experts must do if sensitive data appears

If sensitive data appears during a session, the Expert should stop, tell the client to rotate, revoke, redact, or remove the sensitive item where appropriate, avoid copying or storing it, and report the incident to ExpertStack if there is a material exposure.

Safe collaboration practices

Use screen sharing, redacted logs, staging environments, read-only or scoped access, temporary credentials, sandbox data, and expiring links whenever possible.

  • Grant only the minimum access needed and remove it promptly after the session.
  • Use test accounts and sanitized examples instead of production records.
  • Rotate or revoke any credential that was accidentally exposed.
  • Keep regulated or contract-restricted data out of ExpertStack unless separate approved safeguards are in place.

Reporting a concern

Session participants can use the Report Sensitive Data Issue link in their session. For concerns outside a session, contact ExpertStack support. Do not repeat the exposed secret or sensitive value in the report.

Platform action rights

ExpertStack may cancel, suspend, remove, restrict, or investigate sessions or accounts that create sensitive-data, security, or legal risk.