Sensitive Data Policy
Last updated: June 22, 2026
ExpertStack supports live technical collaboration, but messages, uploads, booking notes, and video sessions should not be used to exchange credentials or highly sensitive data. This policy applies to clients, Experts, and administrators.
What users must not share
Do not share production passwords, root credentials, private keys, API secrets, full payment card numbers, protected health information, raw customer databases, government-classified data, or highly regulated data unless separate safeguards and agreements are in place.
Never place authentication codes, recovery codes, signing keys, or complete secret values in messages, uploads, booking notes, or safety reports.
What Experts must do if sensitive data appears
If sensitive data appears during a session, the Expert should stop, tell the client to rotate, revoke, redact, or remove the sensitive item where appropriate, avoid copying or storing it, and report the incident to ExpertStack if there is a material exposure.
Safe collaboration practices
Use screen sharing, redacted logs, staging environments, read-only or scoped access, temporary credentials, sandbox data, and expiring links whenever possible.
- Grant only the minimum access needed and remove it promptly after the session.
- Use test accounts and sanitized examples instead of production records.
- Rotate or revoke any credential that was accidentally exposed.
- Keep regulated or contract-restricted data out of ExpertStack unless separate approved safeguards are in place.
Reporting a concern
Session participants can use the Report Sensitive Data Issue link in their session. For concerns outside a session, contact ExpertStack support. Do not repeat the exposed secret or sensitive value in the report.
Platform action rights
ExpertStack may cancel, suspend, remove, restrict, or investigate sessions or accounts that create sensitive-data, security, or legal risk.