Privacy Policy

Effective Date: April 11, 2026  |  Last Updated: April 11, 2026

1. Introduction

ZironSec LLC (“ZironSec,” “we,” “us,” or “our”) is a Texas-based cybersecurity consultancy committed to protecting the privacy and security of all individuals who interact with our website, services, and platforms. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit zironsec.com or engage with our services.

We operate under privacy-by-design principles aligned with NIST SP 800-53, FedRAMP, SOC 2, and ISO 27001 control frameworks.

2. Information We Collect

Information You Provide

  • Contact details (name, email, phone number) submitted through our contact form or scheduling tools
  • Business information provided during engagement onboarding
  • Communications you send to us via email or other channels

Information Collected Automatically

  • Non-identifiable analytics data (page views, session duration, referral source)
  • Device and browser type, operating system, and IP address (anonymized where possible)
  • Cookies strictly necessary for site functionality

3. How We Use Your Information

  • Respond to inquiries and provide requested security services
  • Facilitate engagement onboarding and service delivery
  • Improve our website experience and security posture
  • Comply with legal obligations and enforce our agreements
  • Send service-related communications (never unsolicited marketing without consent)

4. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We share data only under the following limited circumstances:

  • Service providers — trusted processors operating under Data Processing Agreements (e.g., scheduling, secure email relay)
  • Legal compliance — when required by law, court order, or governmental regulation
  • Business transfers — in connection with a merger, acquisition, or sale of assets, with equivalent data protections maintained

5. Artificial Intelligence & Data Protection

ZironSec maintains strict controls over the use of AI and Large Language Models in our operations:

  • No client Confidential Information, PII, PHI, security findings, or credentials are entered into third-party public AI tools
  • Any permitted AI use is limited to enterprise-grade tools with contractual guarantees of no model training on input data, zero data retention, and tenant data isolation
  • All AI usage is governed by our internal Acceptable Use Policy and reviewed quarterly

6. Confidentiality & Client Data

All client engagements are governed by executed Mutual Non-Disclosure Agreements and Master Service Agreements that include:

  • Strict confidentiality obligations with need-to-know access controls
  • Enhanced protections for security vulnerabilities, credentials, and incident data
  • HIPAA/HITECH-compliant handling for Protected Health Information when applicable
  • Cross-border transfer restrictions — data processed exclusively within the continental United States unless otherwise agreed in writing
  • Survival of confidentiality obligations: 5 years for general information; indefinite for trade secrets; ongoing for credentials, vulnerability data, PII, and PHI

7. Data Retention & Deletion

  • Personal data is retained only as long as necessary for the purpose it was collected or as required by law
  • Upon termination of a client engagement, Confidential Information is returned or securely destroyed in accordance with our agreements
  • You may request deletion of your personal data at any time by contacting compliance@zironsec.com

8. Security Controls

We implement and maintain administrative, physical, and technical safeguards aligned with industry frameworks:

Access Control (AC-3)

Role-based access enforcement on all internal systems

Integrity (SI-7)

Software and data integrity validation

Encrypted Transport (SC-8)

TLS encryption for all data in transit

Data at Rest (SC-28)

Encryption of stored sensitive information

9. Your Rights

Depending on your jurisdiction, you may have rights under GDPR, CCPA, or other applicable privacy laws, including:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request deletion of your personal data
  • Portability — request your data in a portable format
  • Opt-Out — we do not sell personal information; no opt-out action is needed

To exercise any of these rights, contact us at compliance@zironsec.com. We will respond within 30 days.

10. Cookies

Our website uses only strictly necessary cookies for site functionality. We do not use tracking cookies, advertising pixels, or behavioral profiling technologies. Third-party integrations (e.g., Calendly for scheduling) are loaded only when you interact with them and are governed by their own privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The “Last Updated” date at the top of this page indicates when the most recent revision was made. Material changes will be communicated through our website.

12. Contact

For privacy-related inquiries, data requests, or concerns:

ZironSec LLC

Privacy & Compliance

compliance@zironsec.com

T: (281) 766-7909