Privacy Policy
Last updated: March 2026
Encryption AES-256-GCM
Retention Zero After Delivery
GDPR Compliant
Sub-processors Minimal
1. Information We Collect
We collect only what is strictly necessary to deliver your protection protocol:
- • Contact information for secure communication
- • Payment data processed entirely through our PCI-compliant processor
- • Security assessment data you voluntarily provide (encrypted)
We do not collect, store, or track:
- ✗ Browsing history or behavioral analytics
- ✗ Location data
- ✗ Device fingerprints
- ✗ Marketing or advertising identifiers
2. Data Processing & Retention
Your data is processed exclusively to generate your personalized protection protocol. All sensitive information is encrypted and automatically deleted after delivery.
Assessment Data 48 hours
Contact Inquiries 30 days
Order Records Legal req.
3. Sub-Processors
We use minimal, vetted third-party services:
Payment Processor PCI DSS Level 1
Required Database EU hosted, encrypted at rest
Required Edge Network DDoS protection, secure hosting
Required Email Delivery Encrypted transport only
Required 4. Your Rights (GDPR)
Under GDPR, you have the following rights:
Right of Access
Request a copy of your data
Right to Erasure
Request deletion of your data
Right to Rectification
Correct inaccurate data
Right to Portability
Receive data in structured format
Contact: contact@ironcladconsulting.io (include "Data Protection Request")
5. Security Measures
Encryption AES-256-GCM
Key Derivation PBKDF2 / 100k
Integrity SHA-256
Transport TLS 1.3
6. Contact
Ironclad Consulting
Email: contact@ironcladconsulting.io
For data protection inquiries, include "Data Protection Request" in the subject line.