1. Information Governance

At ISP Security, we treat data security with the same rigor we apply to our penetration testing engagements. This policy outlines how we collect, process, and protect information when you visit our website or engage our consulting services.

2. Data Collection Protocols

We collect data through two primary vectors:

• Direct Engagement: Information provided via our "Get Quote" or contact forms (e.g., Name, Company, Corporate Email).
• Technical Telemetry: Anonymized usage data, IP addresses (sanitized), and browser configurations for security monitoring and site optimization.

3. Security Engagement Data

During a security assessment, we may encounter sensitive organizational data. Our standard operating procedure (SOP) includes:

• Encryption of all data at rest and in transit (AES-256).
• Strict "need-to-know" access controls for consultants.
• Automated data purging 30 days after project finalization unless otherwise specified by contractual NDAs.

4. Third-Party Intelligence

We do not sell, trade, or leak your information to third-party data brokers. We only utilize trusted technical sub-processors for website hosting and encrypted corporate communications.

5. Your Digital Rights

Under global privacy frameworks (GDPR, CCPA), you have the right to request a readout of the data we hold or its permanent deletion from our infrastructure. Contact privacy@ispsecurity.com for all legal inquiries.