Legal & Compliance

Last updated: 2025-01-15

This page is informational. It does not create an offer, engagement, or legal warranty. Contracts and the Privacy Policy control.

Company

Controller: Deviant Group S.R.L. (Romania)

Fiscal code (CUI): 51809350

Contact: contact@thedeviantgroup.com

Operating from Bucharest. Registered in Romania. No public office or walk-in services.

What Deviant does

Private intelligence research and advisory. Focused on synthesis and decision protocols.

Data sources: open-source, licensed commercial datasets, and client-provided materials under contract.

Deviant is not: law enforcement, a private military company, an intrusion/hacking provider, a "surveillance-for-hire" outfit, or a vendor of illicit access.

Deviant does not provide: licensed legal advice, regulated financial advice, or guaranteed predictions.

Data protection & security

Processing is conducted in accordance with GDPR. See Privacy Policy for lawful bases, data subject rights, retention, and transfers.

Security controls include encryption in transit and at rest, role-based access, logging/monitoring, vulnerability management, and least-privilege practices.

SOC 2–aligned security program. Not SOC 2 certified at this time.

Subprocessors: material subprocessors available on request at privacy@thedeviantgroup.com.

Breach notification: handled in line with applicable law and contractual obligations.

Sanctions, export, and eligibility

Screening applied to clients, use-cases, and counterparties.

Complies with EU, UK, and US sanctions/export regimes.

No knowing work for sanctioned parties, embargoed jurisdictions, or prohibited end-uses.

Deviant may decline or terminate engagements that pose sanctions, export, or misuse risk.

KYC/beneficial-ownership information may be required before scoping.

Anti-corruption & ethics

Zero tolerance for bribery, kickbacks, or facilitation payments. Gifts/hospitality only within lawful and reasonable limits.

Human-rights & misuse review

Every engagement is risk-screened. Deviant does not support:

  • Targeting based on protected characteristics.
  • Political repression or unlawful surveillance.
  • Physical harm, coercion, harassment, or doxxing.
  • Computer misuse or access to systems without authorization.

Deviant may refuse deliverables or end an engagement where misuse risk is unacceptable.

Prohibited uses (non-exhaustive)

  • Intrusion, exploitation, malware, credential testing, or "red team" without clear legal authority.
  • Bulk surveillance or persistent tracking without lawful basis and scope.
  • De-anonymization at scale where it infringes rights or law.
  • Any activity intended to evade sanctions, export controls, or data-protection law.

Accuracy, limitations, and client responsibility

Analysis reflects available sources, time windows, and uncertainty. Confidence is scored; certainty is not promised.

Source materials may contain errors, delays, or noise outside Deviant's control.

Clients remain responsible for decisions and outcomes. Deviant supplies analysis and protocols; clients own operational use.

For full warranty/limitation terms, see Terms or the applicable contract.

Notices & contacts

Legal notices: legal@thedeviantgroup.com

Data protection contact: privacy@thedeviantgroup.com

Email is not acceptance of service of process unless expressly agreed in writing. Service details appear in applicable contracts.

Jurisdiction

Deviant operates under Romanian and EU law. Governing law and venue for any engagement are as stated in the contract.

Reporting concerns

Whistleblowing: whistleblow@thedeviantgroup.com

Anonymous reporting accepted where lawful. Submit only what is necessary to report the concern.