Privacy Policy
Last updated: March 2026
1. Information We Collect
We collect only what is strictly necessary to deliver your protection protocol:
- • Contact information for secure communication
- • Payment data processed entirely through our PCI-compliant processor
- • Security assessment data you voluntarily provide (encrypted)
We do not collect, store, or track:
- ✗ Browsing history or behavioral analytics
- ✗ Location data
- ✗ Device fingerprints
- ✗ Marketing or advertising identifiers
2. Data Processing & Retention
Your data is processed exclusively to generate your personalized protection protocol. All sensitive information is encrypted and automatically deleted after delivery.
3. Sub-Processors
We use minimal, vetted third-party services:
4. Your Rights (GDPR)
Under GDPR, you have the following rights:
Request a copy of your data
Request deletion of your data
Correct inaccurate data
Receive data in structured format
Contact: Secure Channel (include "Data Protection Request")
5. Security Measures
All user data is encrypted client-side with AES-256-GCM. Only you hold the keys. We cannot read your data.
6. California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Request disclosure of data collected about you
Request deletion of your personal information
Request correction of inaccurate data
Receive data in portable format
We do not sell or share your personal information with third parties for advertising or marketing purposes. We use minimal data collection as documented in this policy.
To exercise your California privacy rights, contact us via Secure Channel with "California Privacy Request" in the subject.
7. Contact
Ironclad Consulting
Contact: Secure Channel
For data protection inquiries, include "Data Protection Request" in the subject line.