Privacy Policy

Information You Provide

• Contact information (name, email address, phone number)
• Business information (company name, website URL, industry)
• Technical details provided for engagement scoping (domains, IP ranges, system descriptions)
• Communications sent to us via email or contact forms

Information Collected During Engagements

• Security scan results and vulnerability data (collected under explicit authorization)
• System configuration details relevant to the engagement scope
• Network topology and service information within the authorized testing boundary

Information Collected Automatically

• Browser type, operating system, and device information
• Pages visited and time spent on our website
• IP address and approximate geographic location

• Service delivery — perform the security, SEO, and OSINT services you have engaged us to provide
• Communication — discuss your engagement, deliver findings, and provide recommendations
• Deliverables — generate reports and documentation specified in your engagement agreement
• Improvement — refine our services, tools, and methodologies using aggregated, anonymized data
• Legal compliance — meet applicable legal and regulatory obligations

We implement technical and organizational measures appropriate to the sensitivity of the data we handle:

• Encryption of data in transit (TLS 1.2+) and at rest
• Access controls limited to authorized personnel on a need-to-know basis
• Secure deletion of engagement data upon completion and report delivery
• Regular security reviews of our own infrastructure and practices

No system is impervious. If we discover a breach affecting your data, we will notify you within 72 hours with details of what was accessed and the steps we are taking.

We do not sell, rent, or trade your personal information or engagement data. We share information only in the following circumstances:

• With your consent — when you explicitly authorize disclosure
• Legal requirements — when compelled by a valid subpoena, court order, or legal process. We will notify you unless legally prohibited from doing so.
• Aggregated data — anonymized, non-identifiable data may be used for industry research or service improvement

Engagement data and reports are retained for 12 months following delivery, unless the client requests earlier deletion or a longer retention period is agreed upon. Contact information for business relationship purposes is retained until you request its removal. Website analytics data is retained for 26 months. Payment records are retained as required by tax and financial reporting obligations.

Our website uses essential cookies required for site functionality. We do not use third-party advertising cookies or cross-site tracking. Analytics cookies, if used, collect only aggregated, non-personal usage data.

You have the right to:

• Request a copy of any personal data we hold about you
• Request correction of inaccurate information
• Request deletion of your personal data (subject to legal retention requirements)
• Opt out of any non-essential communications
• Request that we restrict processing of your data in certain circumstances

California Residents (CCPA)

Under the California Consumer Privacy Act, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. We will not discriminate against you for exercising these rights.

European Residents (GDPR)

If you are located in the European Economic Area, you have additional rights under the GDPR, including the right to access, rectification, erasure, data portability, and restriction of processing. Our legal basis for processing is contract performance and legitimate interest in platform security.

To exercise any of these rights, contact us using the information in Section 10.

Our services are not directed at individuals under 18. We do not knowingly collect information from minors. If we learn that a minor has provided us with personal data, we will delete it promptly.

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Updates take effect upon posting to this page. We will make reasonable efforts to notify active clients of material changes.

Privacy-related inquiries, data requests, and concerns should be directed to heardchef86ix.org/contact.