Skip to content
Legal

Privacy Policy

We handle data the way we'd want our own data handled — carefully, transparently, and only for the purposes we say we will. This page explains what we collect, why, how long we keep it, and the rights you have over it.

Effective: April 22, 2026 Last updated: April 22, 2026 Version: 1.0

Scope

This Privacy Policy applies to information Torchsec Technologies, LLC ("Torchsec," "we," "us") collects through torchsec.com, through direct communications with prospects and clients, and through the systems we operate on behalf of our managed-service clients under a signed Master Services Agreement (MSA).

Data we process on behalf of a client — endpoint telemetry, SIEM events, identity logs, and similar — is governed by that client's MSA and our Data Processing Addendum, not this public-facing policy. This page covers the information we collect about visitors, prospects, and client administrative contacts.

Regulated industries. Clients in healthcare, defense, finance, and legal work with us under framework-specific agreements (HIPAA Business Associate Agreement, DFARS/CMMC flow-downs, PCI responsibility matrix). Those contracts control over this general policy.

Information we collect

Information you provide

  • Contact forms & assessments. Name, business email, company, phone, and whatever you write in the message field when you reach out or request a free security assessment.
  • Client onboarding. Billing contacts, authorized administrator details, and technical points of contact needed to deliver services.
  • Support communications. Emails, tickets, and call notes when you contact Sales & Support.

Information collected automatically

  • Log data. IP address, user-agent, referrer, requested URL, and timestamp — kept for security monitoring and abuse prevention.
  • Site analytics. We use privacy-respecting, aggregate analytics to understand which pages are useful. We do not build advertising profiles and do not sell this data.
  • Cookies. Only what's strictly necessary to operate the site (see Cookies & tracking).

Information from third parties

  • Publicly-available business information when we're researching a prospective client (company name, industry, size).
  • Information passed to us by partners with your consent — for example, when you start a security assessment through a partner tool.

How we use your information

We use the information above for a narrow set of purposes:

  • Respond to inquiries and deliver the assessments, proposals, or support you've asked for.
  • Deliver contracted services — monitoring, incident response, compliance engineering, IT operations.
  • Operate and secure the site, including detecting abuse and fraud.
  • Improve our services using aggregate, de-identified usage data.
  • Comply with legal obligations, enforce our contracts, and protect our legal rights.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

When we share information

We share information only in these limited circumstances:

  • Service providers who help us run the business — email, hosting, CRM, billing — under written confidentiality and data-protection obligations.
  • Security and telemetry partners (e.g., XDR, SIEM, threat intelligence) that are necessary to deliver the services you've contracted for.
  • Legal and safety — when required by law, legal process, or to protect the rights, property, or safety of Torchsec, our clients, or the public.
  • Business transfers — if Torchsec is involved in a merger, acquisition, or asset sale, data may transfer as part of that transaction, subject to the commitments in this policy.

Data retention

We keep information only as long as we need it for the purpose we collected it, plus a reasonable period to meet legal, tax, and contractual obligations. Typical retention periods:

  • Sales and prospect contact forms: up to 24 months from last interaction.
  • Client administrative records: duration of the relationship plus 7 years.
  • Security and access logs: 12 months rolling, longer where required by framework (e.g., HIPAA, CMMC).
  • Billing records: 7 years for tax and audit purposes.

How we protect information

We eat our own cooking. The same controls we build for clients — MFA, least-privilege access, endpoint protection, encrypted-in-transit and at-rest data, 24/7 monitoring, documented incident response — we apply to our own systems.

No system is perfectly secure. We'll notify affected clients and, where required, regulators and individuals without undue delay if we discover a breach of personal information we hold.

Your rights & choices

Depending on where you live, you may have the right to:

  • Access a copy of the personal information we hold about you.
  • Correct information that is inaccurate or incomplete.
  • Delete information, subject to legal and contractual retention requirements.
  • Restrict or object to certain processing.
  • Opt out of marketing emails (use the unsubscribe link in any message).
  • Lodge a complaint with a data protection authority in your jurisdiction.

To exercise any of these, email [email protected]. We'll verify your identity before acting and respond within 30 days (or as required by applicable law).

California residents (CCPA/CPRA)

California residents have additional rights, including the right to know the categories of personal information we collect and the right to non-discrimination for exercising privacy rights. We do not sell personal information and do not share it for cross-context behavioral advertising.

Cookies & tracking

We use a minimal, strictly-necessary set of cookies and local storage entries — enough to load the site, remember your theme preference, and keep the site secure. We don't use advertising cookies, and we don't run cross-site tracking pixels.

You can block or delete cookies in your browser settings. The site will continue to work; preferences may reset.

Children's privacy

Torchsec's services are sold to businesses, not individuals. The site is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact [email protected] and we'll delete it.

Changes to this policy

We'll update this policy as our practices evolve. Material changes will be posted here with a new "Last updated" date; for significant changes affecting client data, we'll also notify your designated administrative contact.

Contact us

Questions, requests, or concerns about this policy can go to our privacy team:

Privacy Contact

Torchsec Technologies

[email protected]

380-900-7099 — Sales & Support