Privacy Policy

Effective Date: June 14, 2025
Last Updated: June 14, 2025
Prepared by: Dean Sapp, CIPP/US, Data Protection Officer

1. Information We Collect

In accordance with data minimization principles, we only collect information necessary to provide our cybersecurity consulting services:

• Contact Information: Name, email address, phone number, company name
• Service Requests: Details about cybersecurity consulting needs and risk assessment requirements
• Payment Information: Processed securely through Stripe (we do not store payment card details)
• Technical Data: IP address, browser type, and usage analytics (anonymized)
• Communications: Records of our professional correspondence and consultation notes

2. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contractual Necessity: To provide cybersecurity consulting and risk assessment services
• Legitimate Interest: To improve our services and communicate about cybersecurity matters
• Consent: For marketing communications (you may withdraw consent at any time)
• Legal Obligation: To comply with applicable cybersecurity and privacy regulations

3. How We Use Your Information

Your information is used exclusively for legitimate business purposes:

• Delivering cybersecurity consulting and risk assessment services
• Processing secure payments through our encrypted systems
• Providing expert witness services and legal support
• Communicating critical security updates and recommendations
• Maintaining compliance with legal and regulatory requirements
• Improving our cybersecurity methodologies and service delivery

4. Information Sharing and Disclosure

We follow strict data sharing principles and never sell personal information. Limited sharing occurs only when:

• Service Providers: Vetted vendors (Stripe for payments, AWS for hosting) under strict data processing agreements
• Legal Requirements: When compelled by valid legal process or regulatory investigation
• Professional Collaboration: With your explicit written consent for expert witness cases
• Security Incidents: To protect against cybersecurity threats or fraud (anonymized data only)

5. Data Security and Protection

As cybersecurity professionals, we implement enterprise-grade security measures:

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Multi-factor authentication and principle of least privilege
• Infrastructure: Secure cloud hosting with AWS security best practices
• Monitoring: Continuous security monitoring and incident response procedures
• Compliance: Regular security audits and vulnerability assessments
• Staff Training: All personnel receive ongoing cybersecurity awareness training

6. Your Data Rights

You have comprehensive rights regarding your personal data:

7. Contact Information