top of page

RedLab Security Privacy Policy

1. Introduction

RedLab Security LLC (“Company,” “we,” “our,” or “us”) is committed to protecting the privacy of visitors to our website at redlabsecurity.com (the “Site”) and individuals who engage our cybersecurity consulting services. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

2. Information We Collect

2.1 Information You Provide

  • Contact information: name, email address, phone number, company or practice name, job title — provided when you submit our contact form, schedule a consultation, or engage our services.

  • Inquiry details: the content of messages you send us through the Site, email, or during consultations.

  • Scheduling information: date, time, and details when you book a call through our scheduling tool.

  • Payment information: billing address and payment details for invoicing. We do not store credit card numbers; payment processing is handled by third-party processors.

2.2 Information Collected Automatically

  • Device and browser information: browser type, operating system, device type.

  • Usage data: pages visited, time on pages, referring site, general navigation patterns.

  • IP address: used for analytics and security. We do not use IP addresses to identify individual visitors.

This data is collected through standard analytics tools and server logs, used in aggregate to improve the Site. We do not combine it with personal information to identify individuals.

2.3 Client Engagement Information

During consulting engagements, clients may provide documentation, system access, and other materials necessary for us to perform the agreed-upon services. This information is governed by the confidentiality provisions in our engagement agreements and is not covered by this Privacy Policy except as noted below regarding security and retention.

2.4 What We Do Not Collect

We do not collect personal information from children under 13. We do not access, collect, or store our clients’ customers’ or patients’ protected health information (PHI) or personally identifiable information. Our assessments evaluate security controls; we do not extract the underlying regulated data.

3. How We Use Your Information

  • To respond to inquiries and schedule consultations.

  • To deliver consulting services as described in engagement agreements.

  • To process payments and manage billing.

  • To improve our Site using aggregated, non-identifying analytics.

  • To send relevant communications (with your consent; you may opt out at any time).

  • To comply with legal obligations or protect our rights and safety.

4. How We Share Your Information

We do not sell your information. We have never sold personal information and have no plans to do so.

We may share information only with:

  • Service providers: Third parties that help us operate (hosting, payment processing, email, scheduling). They are contractually required to protect your information.

  • Legal requirements: When required by law, subpoena, or court order.

  • Protection of rights: When necessary to protect our rights, enforce our Terms, or protect the safety of any person.

  • Business transfers: In connection with a merger, acquisition, or sale of assets, provided the successor agrees to this Privacy Policy.

  • With your consent: When you explicitly authorize us to share your information.

5. Data Security

We protect your information using encryption in transit and at rest, multi-factor authentication, access controls based on least privilege, and secure disposal of engagement data upon completion of the applicable retention period. No method of electronic transmission or storage is completely secure, but we maintain protections consistent with the standards we recommend to our clients.

6. Data Retention

  • Contact and inquiry information: retained while you are an active or prospective client, plus three years after last interaction.

  • Engagement files: retained per the applicable engagement agreement, or one year after completion if no period is specified, then securely destroyed.

  • Financial records: retained seven years per tax and accounting requirements.

  • Analytics data: retained in aggregate, non-identifying form only.

7. Your Rights

Access and correction: You may request access to or correction of your personal information by contacting us.

Deletion: You may request deletion of your personal information, subject to legal retention requirements.

Opt-out: You may opt out of marketing communications at any time via the unsubscribe link or by contacting us. This does not affect transactional communications related to active engagements.

California residents (CCPA/CPRA): You have the right to know what information we collect, request deletion, and opt out of the sale of personal information (we do not sell personal information). Contact us to exercise these rights.

Other state privacy laws: If your state has a comprehensive privacy law, we are committed to honoring applicable rights. Contact us for details.

8. Cookies

Our Site may use essential cookies (required for functionality) and analytics cookies (to understand how visitors use the Site). We do not use advertising cookies, retargeting pixels, or third-party ad tracking. You can control cookies through your browser settings.

9. Third-Party Links

Our Site may link to third-party websites. We are not responsible for their privacy practices. Review their policies before providing personal information.

10. Children’s Privacy

The Site is not directed to children under 13 and we do not knowingly collect their personal information. If we learn we have collected such information, we will promptly delete it.

11. Do Not Track

Our Site does not currently respond to Do Not Track signals, as no universal standard exists. We do not track visitors across third-party websites.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be on this page with the updated effective date. Material changes will be noted with a prominent notice on the Site.

bottom of page