[personZ]

Obviously I can't go into too much detail

That isn't obvious at all. Quite contrary, I'd say a refusal to go into detail puts the whole thing under a pretty dark cloud, making the entire thing sound entirely scammy.

Even if we assume that you have all of the data you need (as an external service, with the limited information the various services provide) to create such a usage profile, there is no credible reason why you can't detail the mechanisms.

[urb]

There are various reasons why a cybersecurity company can't disclose the methods and mechanisms it uses in detail. We have our users' interest in mind.

[personZ]

There is also a reason why shysters and charlatans can't disclose their methods and mechanisms as well. This isn't to say that such is your tactic, but to be honest when I've heard your type of pitch before it has generally been because someone knows that one day they'll figure out how to make sense of the data, but for now they can just see potential so it's all kind of fuzzy.

We aren't an ignorant crowd. There is limited information that you can monitor.

Password reset emails. Sure. Access suddenly being revoked. Right. Weird posts at odd times of night. I guess.

Outside of that, there is little belief that you're circumventing any sort of mechanisms at any of these providers.

[RexRollman]

Generally, if it really works, then it should work even if all the details are known.

[dmix]

Reminds of all the people who keep their startups ideas 'steath' thinking that the idea is what makes a business. While missing out on tons of opportunities for early feedback, early customers, and potentially cofounders. This approach has been utterly destroyed over the years as a bad idea.

No-one is running to this website because they have a secret sauce of heuristics. Nor is it stop a motivated competitor from reversing it.

Lose-lose situation.