Frequently Asked Questions

How can I contact Terbium?

We're here to help. Please contact us at 844-TERBIUM or email with any additional quesitons you might have.

How do you keep things private?

With our patented Data Fingerprinting technology, no original information is ever sent to Terbium. Terbium receives only one-way Data Fingerprints, which are computed on the customer’s own systems – either uploaded via our public API or locally in the client’s the web browser in JavaScript.

What are Data Fingerprints?

Data Fingerprints are generated by dividing any text (for example a personal information record) into 14 character tiles — characters 1-14, characters 15-28, and so on. Each one of these tiles is then hashed using a standard SHA-512 hash, and the resulting collection of hashes makes up the Data Fingerprint for that customer Asset. That Fingerprint—not the original data—is sent to Terbium.

What are hashes?

A hash is a random but deterministic set of characters. For a given input you will receive the same output, but there is no way to return to the original data without guessing every possible combination.

Why 14 characters?

We wanted to be efficient, yet secure. A 14-character combination is long enough that it would take around tens of thousands of years to uncover the original input, but is short enough that our Crawler can read and hash data at that same resolution efficiently, at the tune of billions of Fingerprints a day.

Can I search for things under 14 characters?

With our Data Feed product you can track the appearance of non-sensitive keywords or patterns of any length. Data Feeds are forward looking—we begin identifying matches from the moment the Data Feed is created.

What types of data can you put under monitoring?

Example use cases for Records under monitoring include employees’ personal information, client lists, clients’ personally identifiable information, bank account numbers, credit card numbers, health records, social security numbers, and sensitive documents or source code.

Can you search for information in all languages?

Yes. Our Crawler is language agnostic.

Can you search for pdfs/videos/photos?

Not currently. Right now we operate at a character level, so our crawler will find any matches for the file names attached to pdfs/videos/photos, but we do not crawl those files directly.

What types of companies do you work with?

We have worked with companies across a number of different industries like healthcare, law enforcement, and financial institutions, including one of the top 5 banks, one of the two major card networks, and two of the largest credit card issuers in the nation. With our affordable pricing structure, we can work with any company wanting to search and monitor sensitive information, varying in size from small startups to Fortune 500 companies.

Do you keep copies of clients’ information?

No. Because the only thing that our clients give to us are Data Fingerprints, we only have copies of hashes in our system.

What sites do you crawl? How do you know you are crawling everything?

We focus on dark web sites, including Tor hidden services, login-protected forums, i2p, paste sites, etc.—any place that stolen information may appear for sale or vandalism. We have a team of analysts who provide quality assurance on our crawl coverage, making sure that the automated Crawler is staying on top of trends in the marketplace and crawling the right sites.

How do you gain access into password protected sites?

Our automated Crawler can crawl behind password protected sites and forums. Terbium never hacks any site and we never buy stolen data. Terbium Labs is restricted by the laws and regulations that apply to commercial companies in the United States.

If Matchlight finds something, what next? Do you help with remediation?

In the event of a data leak, we recommend our clients work with law enforcement and conduct an internal review to identify where the information was accessed on the client’s systems. We are happy to provide our customers with any additional information on the data related to internal investigations and remediation procedures.

What does setup look like?

There is no software to install. Matchlight is accessible through our easy-to-use web interface or via our public API. We also offer a software development kit (SDK) so that you can transparently view the source code to know where your data is going, and to better understand how to integrate Matchlight into your existing systems and workflows.

Do you offer a free trial?

You can monitor up to five personal information records free forever, and upgrade at any time to monitor additional Records and to open Paid and Pro features like Data Feeds and Retrospective Search. If you cancel within 30 days, Terbium will refund your paid subscription. Once you upgrade to a paid account, you cannot return to a free account.

Can I delete my subscription at any time?

Yes, you can delete your subscription at any time. Within the first 30 days of any paid subscription, you will be refunded the full amount. After the 30-day period, your refund will be prorated.