RudieSec uses Open Source Intelligence (OSINT) to help clients better understand real-world external cybersecurity threats without crossing ethical or legal lines.  This pledge is how we keep our work disciplined, defensible, and aligned with our values.  The internet is an information ecosystem, not a free-for-all, and “because we can” is NEVER an acceptable reason to collect, analyze, or retain data.

We commit to lawful collection and lawful use.  We do not hack, exploit, or access systems or accounts without explicit authorization.  We do not attempt to bypass paywalls, authentication, access controls, or platform restrictions.  We do not purchase stolen data, request illegal access, or participate in gray-market data practices.  If a collection method feels like it would be embarrassing to explain in daylight, it does not belong in our work.

We commit to purpose, minimization, and proportionality.  We collect only what is necessary to answer a defined intelligence question, and we avoid gathering personal data that is not relevant to that question.  We favor high-signal sources, and we treat excessive collection as a liability, not a flex.  When sensitive information appears incidentally, we handle it with care and do not amplify it.

We commit to “do-no-harm” tradecraft practices.  We do not doxx, stalk, harass, intimidate, or enable harassment, directly or indirectly.  We do not target private individuals as an objective unless there is a clear, documented, lawful, and mission-relevant reason, and the client has legitimate grounds for the request.  We do not collect or exploit information about minors.  We do not engage in “revenge research,” gossip operations, or personal vendettas dressed up as security.

We commit to honest methods and clean attribution.  We do not use deception, impersonation, or pretexting to obtain information, especially from private individuals.  We document sources, capture context, and keep a transparent chain of reasoning so that our conclusions and recommendations can be reviewed and challenged.  We communicate uncertainty plainly, we label assumptions as assumptions, and we do not overclaim confidence simply because it sounds impressive.

We commit to secure handling, controlled retention, and client responsibility.  We protect collected data, limit access through RBAC (Role-based Access Control) to those with a “need to know,” and retain only what is necessary for the work and for accountability.  Because our pre-incident intelligence may, at some point, become post-incident evidence, our intel provenance requires evidence-grade access control and retention.  When we deliver results, we do so with appropriate safeguards and clear guidance on responsible use.  If a client request crosses ethical lines, violates laws, or poses unacceptable harm risk, we will refuse it and propose a safer alternative.

RudieSec is committed to complying with all regulatory requirements regarding sanctioned individuals, entities, and nation-states.  We will maintain full compliance with all U.S. and local guidelines at all times.

This pledge is not marketing copy.  It is operational doctrine at RudieSec.  It keeps our OSINT work reliable, lawful, and aligned with the principle that intelligence should improve decisions, not create collateral damage.

This is our Ethical OSINT pledge to you, our clients, and partners.

– Mike Urbanski, Founding Principal