1 Introduction
Protect9 Security, LLC ("Protect9," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. As a cybersecurity consulting firm, we understand the critical importance of data protection and handle all information with the utmost care and professionalism.
This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website (www.protect9.com), engage our services, or interact with us in any capacity. This policy applies to all information collected through our website, email communications, client engagements, and any other channels where this policy is referenced.
Please read this policy carefully. By accessing our website or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this policy, please do not access the site or use our services.
2 Information We Collect
We collect information in several ways depending on how you interact with us. The types of information we may collect include:
2.1 Information You Provide Directly
- Contact Information: Name, email address, phone number, company name, job title, and mailing address when you fill out forms, request information, or engage our services.
- Account Information: Login credentials and preferences if you create an account on our client portal.
- Communication Data: Content of emails, messages, and other communications you send to us.
- Professional Information: Business information, industry, company size, and security requirements when you engage our consulting services.
- Payment Information: Billing address, payment card details, and banking information necessary to process payments (processed securely through third-party payment processors).
- Engagement Data: Information related to security assessments, penetration tests, incident response, and other services we provide, which may include technical data about your systems and infrastructure.
2.2 Information Collected Automatically
When you visit our website, we automatically collect certain information about your device and usage, including:
- Device Information: IP address, browser type and version, operating system, device type, and unique device identifiers.
- Usage Data: Pages visited, time spent on pages, click patterns, referring URLs, and navigation paths through our site.
- Location Data: General geographic location based on IP address.
- Log Data: Server logs that record requests made to our web servers, including timestamps, URLs, and response codes.
2.3 Information from Third Parties
- Business Partners: Information from partners who refer clients to us or with whom we collaborate on engagements.
- Public Sources: Publicly available information from professional networking sites, company websites, and business directories.
- Service Providers: Analytics and marketing platforms that help us understand website usage and improve our services.
3 How We Use Your Information
We use the information we collect for the following purposes:
3.1 Service Delivery
- Provide, operate, and maintain our cybersecurity consulting services
- Process and fulfill service requests and engagements
- Communicate with you about projects, deliverables, and service-related matters
- Generate reports, assessments, and recommendations as part of our services
- Provide customer support and respond to inquiries
3.2 Business Operations
- Process payments and manage billing
- Maintain records for accounting, legal, and compliance purposes
- Improve and develop our services and methodologies
- Train our team to deliver better services
- Conduct internal research and analysis
3.3 Communication
- Send service-related notifications and updates
- Respond to your comments, questions, and requests
- Send marketing communications (with your consent where required)
- Provide threat intelligence alerts and security advisories to clients
- Deliver newsletters and educational content you've subscribed to
3.4 Security and Compliance
- Protect against unauthorized access, fraud, and other illegal activities
- Monitor and enhance the security of our website and systems
- Comply with legal obligations and regulatory requirements
- Enforce our terms of service and other agreements
- Respond to legal requests and prevent harm
3.5 Analytics and Improvement
- Analyze website usage patterns and trends
- Measure the effectiveness of our marketing efforts
- Improve user experience on our website
- Develop new services and features based on user needs
4 Legal Basis for Processing
We process your personal information based on the following legal grounds:
| Legal Basis | Description |
|---|---|
| Contractual Necessity | Processing necessary to perform our contract with you or take steps at your request before entering into a contract (e.g., providing consulting services). |
| Legitimate Interests | Processing necessary for our legitimate business interests, such as improving our services, marketing, fraud prevention, and network security, where not overridden by your rights. |
| Legal Obligation | Processing necessary to comply with legal or regulatory obligations, such as tax reporting, responding to lawful requests, or maintaining required records. |
| Consent | Processing based on your explicit consent, such as subscribing to our newsletter or opting into marketing communications. You may withdraw consent at any time. |
6 Data Retention
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:
- Active Client Data: Retained for the duration of our business relationship and as needed to provide ongoing services.
- Engagement Records: Security assessment reports, penetration test results, and related documentation are retained according to contractual terms, typically 3-7 years after engagement completion.
- Financial Records: Retained for 7 years to comply with tax and accounting requirements.
- Marketing Data: Retained until you unsubscribe or request deletion.
- Website Analytics: Aggregated analytics data may be retained indefinitely; individual user data is typically retained for 26 months.
When personal information is no longer needed, we securely delete or anonymize it in accordance with our data destruction policies.
7 Data Security
As a cybersecurity firm, we implement industry-leading security measures to protect your personal information. Our security program includes:
7.1 Technical Safeguards
- Encryption of data in transit (TLS 1.3) and at rest (AES-256)
- Multi-factor authentication for all internal systems
- Regular security assessments and penetration testing
- Intrusion detection and prevention systems
- Secure, access-controlled data centers
- Regular security updates and patch management
7.2 Administrative Safeguards
- Background checks for all employees
- Security awareness training
- Role-based access controls (principle of least privilege)
- Incident response procedures
- Regular security policy reviews
7.3 Physical Safeguards
- Secure office facilities with access controls
- Secure disposal of physical media
- Clean desk policies
While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected parties in the event of a data breach as required by applicable law.
8 Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information:
8.1 Access and Portability
You have the right to request a copy of the personal information we hold about you and to receive it in a structured, commonly used, machine-readable format.
8.2 Correction
You have the right to request correction of inaccurate or incomplete personal information.
8.3 Deletion
You have the right to request deletion of your personal information, subject to certain exceptions (such as legal retention requirements).
8.4 Restriction and Objection
You may request that we restrict processing of your information or object to processing based on legitimate interests.
8.5 Withdraw Consent
Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.
8.6 Marketing Opt-Out
You can opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or contacting us directly. Note that you may still receive service-related communications.
8.7 California Residents (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.
8.8 European Residents (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation, including the right to lodge a complaint with a supervisory authority.
To exercise any of these rights, please contact us using the information provided in the Contact Us section below. We will respond to your request within the timeframe required by applicable law.
10 Third-Party Services
Our website may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices.
We encourage you to review the privacy policies of any third-party services you access. Third-party services we may integrate with include:
- Analytics: Google Analytics, for website usage analysis
- Communication: Email service providers for newsletter delivery
- Payment Processing: Secure payment gateways for billing
- Social Media: Links to our social media profiles
11 International Data Transfers
Protect9 is headquartered in the United States. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.
When we transfer personal information from the European Economic Area, United Kingdom, or Switzerland, we implement appropriate safeguards, such as:
- Standard Contractual Clauses approved by the European Commission
- Binding Corporate Rules where applicable
- Transfers to countries with adequate data protection laws
- Your explicit consent for specific transfers
12 Children's Privacy
Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible.
If you believe we have collected information from a child, please contact us immediately.
13 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Post the updated policy on our website
- Notify you by email or through a prominent notice on our website for significant changes
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
14 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Protect9 Security, LLC
Privacy Inquiries
📧 Email: privacy@protect9.com
📞 Phone: (877) 572-6447
📍 Address: 101 6th Ave, New York, NY 10013
We will respond to your inquiry within 30 days or as required by applicable law.