Privacy Policy

Dassell Network Resilience ("Company," "we," "us," or "our") is committed to protecting the privacy and security of the personal information we collect from our clients, website visitors, and other individuals who interact with our services. This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you visit our website, use our services, or otherwise interact with us.

This Privacy Policy applies to all information collected through our website, services, email communications, and any other channels through which you may interact with Dassell Network Resilience. By using our services or visiting our website, you consent to the practices described in this policy.

Last Updated: January 2025

Information We Collect

1.1 Personal Information Provided Directly

We may collect personal information that you voluntarily provide to us, including:

• Contact Information: Full name, email address, phone number, mailing address, and company name.
• Professional Information: Job title, department, role, and organizational details relevant to our services.
• Account Information: Login credentials, authentication details, and account preferences for client portal access.
• Communication Records: Content of emails, messages, support tickets, and other communications you send to us.
• Payment Information: Billing address, payment method details, and transaction history. Payment card numbers are processed by secure third-party processors and are not stored on our systems.
• Service-Related Information: Network diagrams, system configurations, IP addresses, domain names, and other technical information provided in connection with our cybersecurity services.

1.2 Information Collected Automatically

When you visit our website, we may automatically collect certain information:

• Device Information: Browser type and version, operating system, device type, screen resolution, and device identifiers.
• Usage Data: Pages visited, time spent on pages, click patterns, referring URLs, and navigation paths.
• Network Information: IP address, Internet Service Provider (ISP), approximate geographic location, and connection type.
• Cookie Data: Information stored by cookies and similar tracking technologies.

1.3 Information from Third Parties

We may receive information from third-party sources, including:

• Business partners and referral sources who recommend our services.
• Publicly available databases and industry directories.
• Threat intelligence feeds and cybersecurity information sharing platforms.
• Background check providers, when necessary for personnel with access to sensitive client systems.

How We Use Your Information

• Service Delivery: To provide, maintain, and improve our cybersecurity services, including intrusion detection monitoring, vulnerability assessments, firewall optimization, endpoint security management, and system hardening.
• Communication: To respond to inquiries, provide technical support, send service notifications, deliver security alerts, and communicate important changes.
• Billing and Administration: To process payments, manage client accounts, generate invoices, and maintain accurate financial records.
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
• Service Improvement: To analyze usage patterns, gather feedback, and improve the quality and effectiveness of our services.
• Marketing (with consent): To send relevant industry insights, security advisories, and information about our services, only where explicit consent has been provided.

Legal Bases for Processing

• Contract Performance: Processing necessary for the performance of our service agreements.
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving services and preventing fraud.
• Legal Obligation: Processing necessary to comply with legal requirements.
• Consent: Processing based on your explicit consent, which you may withdraw at any time.

Information Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following limited circumstances:

• Service Providers: Trusted third-party providers who assist us in operating our business, contractually obligated to protect your information.
• Legal Requirements: When required by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with mergers, acquisitions, reorganizations, or other corporate transactions.
• With Your Consent: When you have provided explicit written consent.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected:

• Client account information: Duration of service agreement plus seven (7) years.
• Communication records: Three (3) years from the last communication.
• Financial records: Seven (7) years as required by tax and accounting regulations.
• Website analytics data: Twenty-four (24) months in aggregate form.
• Security logs and threat data: Twelve (12) months for forensic and compliance purposes.

When personal information is no longer needed, we will securely delete or anonymize it using industry-standard data destruction methods.

Data Security

As a cybersecurity company, we take information security extremely seriously. Our safeguards include:

• AES-256 encryption for data at rest and TLS 1.3 encryption for data in transit.
• Multi-factor authentication (MFA) for all internal systems and client portals.
• Role-based access controls (RBAC) ensuring least-privilege access.
• Regular security assessments and penetration testing of our own infrastructure.
• Quarterly employee security awareness training.
• Incident response procedures for prompt detection and remediation.
• Physical security controls at our office facilities.

While we strive to protect your information using commercially reasonable measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we maintain the highest practical standards.

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies:

• Essential Cookies: Required for basic website functionality.
• Analytics Cookies: Collect anonymous usage information to help us improve our website.
• Functional Cookies: Remember your preferences and settings for a more personalized experience.

You can control cookie settings through your browser preferences. Disabling certain cookies may limit website functionality.

Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

• Right of Access: Request a copy of the personal information we hold about you.
• Right of Rectification: Request correction of inaccurate or incomplete information.
• Right of Erasure: Request deletion of your personal information, subject to legal retention requirements.
• Right to Restrict Processing: Request limitation of how we process your information.
• Right to Data Portability: Request transfer of your information in a commonly used format.
• Right to Object: Object to processing for certain purposes, including direct marketing.
• Right to Withdraw Consent: Withdraw previously given consent at any time.

To exercise any of these rights, please contact us. We will respond within thirty (30) days.

California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the CCPA and CPRA, including the right to know what personal information we collect, the right to delete your information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

International Data Transfers

If you are accessing our services from outside the United States, your information may be transferred to, stored, and processed in the United States. We take appropriate safeguards to ensure that personal information transferred across borders receives adequate protection consistent with applicable data protection laws.

Third-Party Links

Our website may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date. We encourage you to review this policy periodically.