Privacy Policy
Your privacy and data protection are fundamental to how we operate
Our Commitment to Your Privacy
NonaSec ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our cybersecurity services.
Table of Contents
1. Information We Collect
Personal Information You Provide
We collect information you voluntarily provide when you:
- Contact us through our website forms
- Request a free security assessment
- Subscribe to our newsletter or updates
- Engage our cybersecurity services
- Participate in surveys or feedback requests
Types of Personal Information:
- Contact Information: Name, email address, phone number, company name, job title
- Business Information: Industry, company size, security challenges, compliance requirements
- Communication Data: Messages, feedback, and correspondence with our team
- Technical Information: Information related to your cybersecurity infrastructure (when providing services)
Information Automatically Collected
- Website Analytics: Pages visited, time spent, referral sources, device information
- Technical Data: IP address, browser type, operating system, screen resolution
- Chatbot Interactions: Conversation history, responses to qualification questions, lead scoring data, service preferences
- CRM Integration: HubSpot tracking cookies, lead source attribution, conversion events
- Cookies and Tracking: See our Cookie Policy section for detailed information
Interactive Chatbot Data Collection:
Our website features an interactive chatbot that helps qualify your security needs. During these conversations, we collect:
- Responses to security assessment questions
- Company size and industry information
- Budget ranges and timeline preferences
- Service interest and priority levels
- Lead qualification scores based on responses
This data is used solely to provide relevant recommendations and connect you with appropriate services.
2. How We Use Your Information
Legitimate Business Purposes
- Service Delivery: Providing cybersecurity assessments, AI governance advisory, business continuity planning, and security services
- Communication: Responding to inquiries, providing updates, and maintaining customer relationships
- Lead Qualification: Using chatbot responses and behavioral data to provide relevant service recommendations
- Business Operations: Processing requests, scheduling consultations, and managing client relationships
- Analytics & Optimization: Tracking user behavior through Google Analytics, HubSpot, and conversion metrics
- Legal Compliance: Meeting regulatory requirements and maintaining necessary business records
- Website Improvement: Analyzing usage patterns to enhance user experience and website functionality
- Security: Protecting our systems and detecting fraudulent or suspicious activity
Marketing Communications (With Consent)
We may send you marketing communications about our services, cybersecurity insights, and industry updates only if you have:
- Explicitly opted in to receive marketing communications
- Are an existing client with whom we have a legitimate business relationship
- Have not opted out of receiving such communications
3. Information Sharing and Disclosure
We Do NOT Sell Your Personal Information
NonaSec does not sell, rent, or lease your personal information to third parties for marketing purposes.
Limited Sharing Circumstances
- Service Providers: Trusted third-party vendors including HubSpot (CRM), Google Analytics, email services, and website hosting (under strict confidentiality agreements)
- Social Media Platforms: LinkedIn, Facebook, and Instagram for business marketing purposes (only with your explicit interaction)
- Legal Requirements: When required by law, court order, or to protect our legal rights
- Business Transfers: In the event of a merger, acquisition, or sale of assets (with notification to affected users)
- Consent: When you have given explicit consent for specific sharing purposes
4. Data Security
As a cybersecurity company, we implement industry-leading security measures to protect your personal information:
Technical Safeguards
- SSL/TLS encryption for data transmission
- Encrypted data storage
- Multi-factor authentication
- Regular security audits and monitoring
Administrative Safeguards
- Access controls and role-based permissions
- Employee training on data protection
- Incident response procedures
- Regular policy reviews and updates
5. Your Privacy Rights
Regardless of your location, you have the following rights regarding your personal information:
Access and Portability
Request a copy of the personal information we hold about you in a portable format.
Correction and Update
Request correction of inaccurate or incomplete personal information.
Deletion
Request deletion of your personal information (subject to legal and contractual obligations).
Opt-Out
Unsubscribe from marketing communications or withdraw consent at any time.
7. California Consumer Privacy Act (CCPA) Rights
If you are a California resident, you have additional rights under the CCPA:
Your California Rights:
- Right to Know: Request disclosure of categories and specific pieces of personal information collected
- Right to Delete: Request deletion of personal information (subject to exceptions)
- Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
- Right to Non-Discrimination: Equal service and pricing regardless of exercising privacy rights
To exercise your CCPA rights, please contact us using the information in the Contact section below.
8. General Data Protection Regulation (GDPR) Rights
If you are located in the European Economic Area (EEA), you have rights under the GDPR:
Your GDPR Rights:
- Right of Access: Obtain confirmation of data processing and access to your personal data
- Right to Rectification: Correct inaccurate or incomplete personal data
- Right to Erasure: Request deletion of personal data under certain circumstances
- Right to Restrict Processing: Limit how we use your personal data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests or for direct marketing
- Right to Withdraw Consent: Withdraw consent where processing is based on consent
Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Consent: When you have given clear consent for specific processing activities
- Contractual Necessity: To perform our cybersecurity services and fulfill contractual obligations
- Legitimate Interests: For business operations, website improvement, and security purposes
- Legal Compliance: To comply with applicable laws and regulations
9. Children's Privacy
Our services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.
10. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:
- Posting the updated policy on our website
- Updating the "Last Updated" date at the top of this policy
- Sending email notifications for significant changes (where we have your consent)
11. Contact Information
Data Protection Officer & Privacy Inquiries
Contact Methods:
Response Time:
We will respond to privacy requests within:
- GDPR requests: 30 days (may extend to 60 days for complex requests)
- CCPA requests: 45 days (may extend to 90 days for complex requests)
- General inquiries: 5-10 business days