Privacy Policy

Principle Security LLC is a cybersecurity advisory firm providing vCISO services, risk quantification, GRC, infrastructure, and managed security services headquartered in the United States.

Data Controller: Principle Security LLC — privacy@principlesec.com

Contact Forms

Name, email, phone, company, and message when you reach out to us.

Lead Magnets & Email Subscriptions

Name and email when you download a resource or subscribe to communications. Unsubscribe anytime.

Meeting Booking (Calendly)

Name, email, phone, company, and time zone via Calendly, subject to Calendly’s Privacy Policy.

Analytics & Usage Data

IP address, browser type, pages visited, time on site, and device info via cookies and analytics tools.

• ‣Respond to inquiries and provide support
• ‣Deliver requested resources and educational content
• ‣Schedule and confirm meetings
• ‣Send emails about services and insights (with consent where required)
• ‣Analyze site usage to improve performance and content
• ‣Detect and prevent fraud, abuse, or security incidents
• ‣Comply with legal obligations

We do not sell your personal information or use your data for automated decision-making.

• ‣Consent — Form submissions, resource downloads, email subscriptions
• ‣Legitimate Interests — Analytics, fraud prevention, service improvement
• ‣Contract — Processing necessary to fulfill a services agreement
• ‣Legal Obligation — Compliance with applicable law

• ‣Essential cookies — Required for core site functionality
• ‣Analytics cookies — Aggregate visitor behavior data (Google Analytics)
• ‣Functional cookies — Remember preferences and settings

Manage cookies via your browser settings or opt out of Google Analytics using the Google Analytics Opt-out Add-on.

• ‣Google Analytics — Traffic analysis. Google Privacy Policy
• ‣Calendly — Meeting scheduling. Calendly Privacy Policy
• ‣Email service provider — Email communications and resource delivery
• ‣Webflow — Website hosting. Webflow Privacy Policy

We do not share your data with any third party for their own marketing purposes.

We do not sell, trade, or rent your personal information. Limited sharing only occurs in these circumstances:

• ‣Service Providers — Vendors assisting us, bound by confidentiality obligations
• ‣Legal Requirements — When required by law, court order, or governmental authority
• ‣Business Transfers — In connection with a merger or acquisition, with user notice
• ‣Protection of Rights — To protect safety of Principle Security, users, or the public

• ‣Contact inquiries — Up to 3 years from last contact
• ‣Email subscribers — Until you unsubscribe or request deletion
• ‣Analytics data — Per provider settings (typically 14–26 months)
• ‣Booking data — Per Calendly’s retention practices

After the retention period, data is securely deleted or anonymized.

California residents have the following rights under the CCPA as amended by the CPRA:

• ‣Know — Categories and specific pieces of personal information collected
• ‣Delete — Request deletion of your personal information
• ‣Correct — Request correction of inaccurate personal information
• ‣Opt Out — We do not sell or share data for behavioral advertising
• ‣Non-Discrimination — We will not discriminate for exercising CCPA rights

Email privacy@principlesec.com. We respond within 45 days.

EEA and UK residents have the following rights:

• ‣Access — Obtain a copy of your data and how it is processed
• ‣Rectification — Correct inaccurate or incomplete data
• ‣Erasure — Request deletion in certain circumstances
• ‣Restrict Processing — Limit how we use your data
• ‣Portability — Receive data in structured, machine-readable format
• ‣Object — Object to processing based on legitimate interests
• ‣Withdraw Consent — At any time, without affecting prior processing

Contact privacy@principlesec.com or lodge a complaint with your local data protection authority.

Principle Security is based in the United States. If you access our site from outside the US, your information may be transferred to and processed in the US. Where required by applicable law, we implement appropriate safeguards such as Standard Contractual Clauses for EU/UK transfers.

• ‣HTTPS encryption for all data in transit
• ‣Access controls limiting who can access personal data
• ‣Reputable third-party platforms with industry-standard security certifications
• ‣Regular review of our data handling practices

No method of transmission over the internet is 100% secure. You provide information at your own risk.

Our site is not directed to individuals under age 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, contact privacy@principlesec.com and we will promptly delete it.

We may update this policy periodically. When we do, we will update the “Last Updated” date above. If changes are material, we will provide additional notice such as a site announcement or email notification.