Last updated: 10 May 2026. This policy applies to all services provided by OPSEC Privacy.
1. Who We Are
OPSEC Privacy ("we", "us", "our") is a cybersecurity and privacy protection firm providing services including executive cyber protection, penetration testing, online data removal, OSINT investigations, dark web investigations, credentials monitoring, attack surface mapping, business email compromise response, and AI security assessments.
For questions about this policy, contact us at info@opsecprivacy.com.
2. Information We Collect
Information you provide directly
- Name, email address, telephone number, and job title submitted via our contact or enquiry forms
- Company name and details when engaging our services
- Any information you voluntarily share in correspondence with us
Information collected automatically
We do not use analytics tools, tracking scripts, or advertising cookies. We do not profile visitors or track behaviour across sessions. Standard infrastructure-level logs (IP address, requested URL, timestamp) are generated by our hosting provider (AWS CloudFront) as a function of serving web traffic. These logs are not actively monitored or linked to any individual identity and are retained in accordance with AWS's default infrastructure logging policies.
Information collected as part of service delivery
Where you engage us for specific services, we may process additional personal data necessary to perform that service — for example, personal information about individuals as part of an OSINT investigation, or credentials information as part of a compromised credentials monitoring engagement. This processing is governed by the terms of your specific engagement agreement.
3. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Responding to enquiries and providing information about our services | Legitimate interests / Pre-contractual steps |
| Delivering services you have engaged us to provide | Performance of a contract |
| Sending service updates and relevant security information | Legitimate interests |
| Complying with legal and regulatory obligations | Legal obligation |
| Improving our website and service quality | Legitimate interests |
| Marketing communications (where consent has been given) | Consent |
4. Who We Share Your Data With
We do not sell your personal data. We may share information with:
- Service providers — third-party tools and platforms used to operate our business (hosting, email, analytics), bound by data processing agreements
- Professional advisers — lawyers, accountants, and insurers under confidentiality obligations
- Law enforcement or regulators — where required by law or to protect the rights, property, or safety of OPSEC Privacy or others
Information shared in the course of a client engagement is handled with strict confidentiality in accordance with your engagement agreement.
5. Data Retention
We retain personal data only for as long as necessary for the purposes set out in this policy:
- Enquiry data — up to 12 months from last contact if no engagement follows
- Client engagement data — 6 years from the end of the engagement (in line with standard limitation periods)
- Website analytics data — up to 24 months
6. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. As a cybersecurity firm, security is not an afterthought — it is central to how we operate. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
7. Your Rights
Depending on your state of residence, you may have certain rights regarding your personal information. California residents have rights under the California Consumer Privacy Act (CCPA/CPRA), including:
- Right to know — request disclosure of the personal information we collect, use, and share about you
- Right to delete — request deletion of personal information we hold about you, subject to certain exceptions
- Right to correct — request correction of inaccurate personal information
- Right to opt out — we do not sell or share your personal information for cross-context behavioural advertising, so this right does not currently apply
- Right to non-discrimination — we will not discriminate against you for exercising any of these rights
To exercise any of these rights, contact us at info@opsecprivacy.com. We will respond within 45 days as required under CCPA.
9. Cookies
Our website does not use cookies. We do not use tracking cookies, session cookies, analytics cookies, or third-party advertising cookies. If this changes, we will update this policy and, where required by law, obtain your consent before setting any cookies.
10. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.
11. Changes to This Policy
We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. We encourage you to review this policy periodically. Continued use of our website or services following any changes constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at info@opsecprivacy.com.