Privacy Policy — SECURIQUE

1. Who We Are and What This Covers

SECURIQUE Security Inc. ("SECURIQUE," "we," "us") provides cybersecurity consulting, penetration testing, AI governance, and compliance services. This privacy policy explains how we collect, use, and protect personal information gathered through our website at securique.io.

Important distinction: This policy covers website visitor data only. Data collected during professional engagements — including penetration test findings, vulnerability reports, security assessments, and client infrastructure details — is governed by separate engagement agreements, NDAs, and rules of engagement specific to each client. That data is subject to significantly stricter controls than what is described here.

2. Information We Collect

We keep this minimal by design. As a security firm, we believe in collecting only what we need.

Information you provide

When you submit our contact form, we collect:

Name — so we know who we're talking to
Company — so we understand your context (optional)
Email address — so we can respond to you
Message — whatever you'd like to tell us

That's the complete list. We don't ask for phone numbers, physical addresses, or any other personal details through the website.

Information collected automatically

When you visit our website, our hosting infrastructure may automatically collect:

IP address
Browser type and version
Pages visited and timestamps
Referring URL

This data is stored in standard server logs and is used solely for security monitoring and maintaining site availability. We do not use this data to profile or track individual visitors.

3. How We Use Your Information

We use the information we collect for these specific purposes:

Data	Purpose
Contact form submissions	To respond to your inquiry and communicate about our services
Email address	To reply to your message and, only with your consent, send relevant follow-up information
Server logs	To monitor for security threats, maintain site availability, and investigate incidents

We do not use your data for advertising, profiling, automated decision-making, or any purpose beyond what's listed here.

4. Legal Basis for Processing

For visitors in jurisdictions that require a legal basis for data processing (including the EU/EEA under GDPR), we process your data under the following grounds:

Consent — When you submit the contact form, you consent to us processing the information you provide in order to respond to your inquiry.
Legitimate interest — We have a legitimate interest in maintaining website security, monitoring for threats, and responding to business inquiries. We balance this against your privacy rights and only collect what's necessary.
Legal obligation — We may process data where required by applicable law, such as responding to a lawful request from a regulatory authority.

You may withdraw your consent at any time by contacting us at hi@securique.io.

5. Who We Share Your Data With

We'll be direct: we do not sell, rent, or trade your personal information. Ever.

We may share your data only in these limited circumstances:

Service providers — Our hosting provider (Netlify), form processing service (Web3Forms), and email service provider process data on our behalf to deliver their services. They are contractually bound to protect your data and may not use it for their own purposes.
Legal requirements — If required by law, subpoena, court order, or regulatory request, we may disclose data to the extent legally necessary.
Business transfer — In the event of a merger, acquisition, or asset sale, your data may transfer to the successor entity. We would notify you before your data becomes subject to a different privacy policy.

We do not share data with advertisers, data brokers, or any third party for marketing purposes.

6. Cookies and Tracking

We keep this simple because we believe in practicing what we preach.

Essential cookies only — We may use strictly necessary cookies for basic site functionality (e.g., session management). These do not track you.
No analytics cookies — We do not use Google Analytics, Meta Pixel, or any third-party analytics or tracking tools.
No advertising cookies — We do not serve ads or use retargeting pixels.
No social media trackers — We have no social media integrations that track your activity.

Because we only use strictly necessary cookies, most jurisdictions do not require a cookie consent banner for our site. You can still configure your browser to block cookies if you prefer.

7. How Long We Keep Your Data

We don't keep data longer than we need to. Here are our retention periods:

Data Type	Retention Period
Contact form submissions	12 months from submission, unless a professional engagement begins (in which case, governed by the engagement agreement)
Server logs	90 days
Email correspondence	Duration of the business relationship, plus 12 months

After the retention period, data is securely deleted. You can request early deletion at any time.

8. How We Protect Your Data

We're a cybersecurity firm. We take this seriously — and we're specific about it.

Encryption in transit — All data transmitted to and from our website is protected by TLS encryption.
Encryption at rest — Stored data is encrypted using industry-standard encryption methods.
Access controls — Access to personal data is restricted to personnel who need it to respond to your inquiry. We apply the principle of least privilege.
Regular reviews — We conduct periodic security reviews of our own infrastructure and processes.
Incident response — In the event of a data breach affecting your personal information, we will notify you and any applicable regulatory authorities without undue delay and no later than required by applicable law (72 hours under GDPR).

9. Your Rights

Regardless of where you're located, we respect your control over your data. Here's what you can do:

Everyone

Access — Request a copy of the personal data we hold about you.
Correction — Ask us to correct any inaccurate data.
Deletion — Ask us to delete your personal data.
Withdraw consent — Withdraw any consent you've previously given.

EU/EEA Residents (GDPR)

In addition to the above, you have the right to:

Restrict processing of your data
Data portability (receive your data in a structured, machine-readable format)
Object to processing based on legitimate interest
Lodge a complaint with your local data protection authority

California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act and California Privacy Rights Act, you have the right to:

Know what personal information we collect and how it's used
Request deletion of your personal information
Opt out of the sale or sharing of personal information — though we don't sell or share your data, so there's nothing to opt out of
Non-discrimination for exercising your privacy rights

Other US States

If you reside in a state with comprehensive privacy legislation (including Colorado, Connecticut, Virginia, Texas, Oregon, and others), you may have similar rights under your state's law. Contact us and we'll honor your request consistent with applicable law.

To exercise any of these rights, email us at hi@securique.io. We'll respond within 30 days (or sooner where required by law). We won't make you jump through hoops.

10. A Note on Client Engagement Data

If you become a client, data associated with professional engagements is handled under entirely separate and stricter controls. This includes:

Penetration testing data — vulnerability findings, scan results, exploitation artifacts
Security assessments — audit reports, risk assessments, compliance documentation
Infrastructure details — network configurations, system inventories, architecture diagrams
AI governance work — model assessments, risk frameworks, compliance documentation

This data is protected by:

Mutual non-disclosure agreements (NDAs)
Master service agreements with specific data handling, retention, and destruction clauses
Rules of engagement documents unique to each engagement
Encrypted storage and transmission throughout the engagement lifecycle
Secure destruction of raw test artifacts after the engagement concludes, per contractual terms

We treat client engagement data as highly confidential. It is never referenced in marketing, case studies, or any external communication without explicit written consent.

11. International Data Transfers

Our website and services may process data in jurisdictions outside your own. Where we transfer personal data internationally, we ensure appropriate safeguards are in place consistent with applicable data protection laws, including standard contractual clauses where required by GDPR.

12. Children's Privacy

Our services are designed for business professionals. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have inadvertently collected data from a child, we will delete it promptly.

13. Do Not Track Signals

We don't track you in the first place, so Do Not Track browser signals don't change our behavior. There's nothing to turn off.

14. AI and Automated Decision-Making

We do not use artificial intelligence or automated systems to make decisions about you based on the personal data collected through this website. Given that we provide AI governance services, we hold ourselves to the same standard we advise our clients to meet.

15. Changes to This Policy

We may update this policy as our practices evolve or as regulations change. When we do, we'll update the effective date at the top of this page. For significant changes that affect how we handle your data, we'll make reasonable efforts to notify you directly if we have your contact information.

We review this policy at least annually to ensure it remains accurate and current.

16. Contact Us

Questions, concerns, or requests related to your privacy? Reach out. We're not hiding behind a form.

Email: hi@securique.io

Subject line suggestion: "Privacy Request" — so it gets routed quickly.

We aim to respond to all privacy-related inquiries within 5 business days.