Minimal Knowledge
For the most part, being a company offering a paid service lets us offer a superior user experience with greater security and usability to do-it-yourself systems. But there is a major disadvantage to purchasing a key management service from a commercial entity: you give up personal identifying information. The customer database from a key management service is a valuable collection of data that is an appealing target for attackers.
To counteract this, we collect as little data as possible about our customers. For example, we collect shipping information, but then we delete it after we make the necessary shipments. And our customers can provide us whatever shipping information or email address they want, they are free to be pseudonymous.
We collect only data that is necessary to running the service, as specified in our pioneering Privacy and Data Protection Policy. Unlike many privacy policies, we also specify all the data we don’t collect. To the extent that we do collect customer data, we limit access to that data internally to those that need to know it. There is no reason for an engineer to have access to customer contact information, for example.