Privacy Policy

Effective Date: 1/1/2022
Last Updated: 12/1/2022

​

Inception Security ("we," "us," or "our") is committed to protecting your privacy. This Privacy & Cookie Policy explains how we collect, use, disclose, and safeguard your personal information when interacting with our website, services, and digital assets at https://inceptionsecurity.com (the “Site”). This policy also outlines your rights and choices under applicable privacy laws such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), and other regional data protection frameworks.

​

1. Scope of This Policy

This policy applies to:

• Visitors to our website

• Prospective and current customers

• Job applicants

• Partners and affiliates

• Individuals contacting us via forms, email, or other channels

It covers both online and offline collection and use of personal information.
 

2. Information We Collect

We collect the following categories of information:
 

A. Personal Identifiers

• Name

• Email address

• Phone number

• Company name

• Title or role

• IP address (when associated with an individual)
   

B. Sensitive Personal Information (only if voluntarily submitted or contractually required)

• Government-issued ID (in rare cases for verification or employment)

• Geolocation data (if enabled by your browser or device)

• Authentication credentials (hashed, encrypted, or tokenized)
   

C. Technical & Usage Data

• IP address and device ID

• Browser type and version

• Operating system

• Time zone and language preferences

• Page response times, navigation paths, and error messages

• Clickstream data and referral sources

• Session recordings (where legally permitted)
   

D. Professional Information

• Job title

• Employer

• Business contact details

• Industry sector
   

E. Marketing & Communication Preferences

• Newsletter opt-ins

• Downloads and content interactions

• Email open/click rates

We may combine information from different sources to improve accuracy and completeness.

​

3. How We Collect Information

We collect data through:

• Forms on our website (e.g., contact, demo request, downloads)

• Direct communication (email, phone, chat)

• Web analytics platforms (e.g., Google Analytics, Hotjar)

• CRM and marketing platforms (e.g., HubSpot, Mailchimp)

• Cookies and other tracking technologies

• Social media interactions (LinkedIn, X, YouTube, etc.)

We only collect what is necessary, proportionate, and legally justified.

​

4. How We Use Your Information

We use your information to:

• Respond to inquiries and provide services

• Customize content and communications

• Process transactions and contracts

• Maintain security, fraud detection, and threat analysis

• Improve website performance and user experience

• Conduct analytics and business intelligence

• Deliver marketing communications (only with consent or where legally permitted)

• Fulfill legal obligations and regulatory compliance

We do not use your personal data for automated decision-making or profiling that produces legal or significant effects without human intervention.

​

5. Legal Basis for Processing (GDPR)

Where GDPR applies, we rely on the following lawful bases:

• Consent: For marketing, non-essential cookies, and optional data fields

• Contractual necessity: To provide services or process employment applications

• Legal obligation: To meet regulatory or compliance requirements

• Legitimate interest: To secure our platform, prevent fraud, and conduct B2B communications (balanced against your rights)

You can withdraw consent at any time by contacting us or using provided unsubscribe links.

​

6. How We Share Information

We do not sell your personal information. We may share your information with:

​

A. Trusted Third Parties

• Hosting providers (e.g., AWS, Azure)

• Email platforms (e.g., Mailgun, HubSpot)

• Analytics and tracking tools

• CRM and marketing automation platforms

• Legal and compliance advisors
   

B. Subprocessors

For services we provide to our customers (e.g., MDR or forensic investigations), subprocessors may handle limited personal data strictly under Data Processing Agreements (DPAs).

​

C. Legal Disclosure

We may disclose information if required by law, court order, subpoena, or to respond to lawful requests from public authorities, including to meet national security or law enforcement requirements.

​

7. International Data Transfers

We are based in the United States but may process data globally. If we transfer personal information outside your jurisdiction (e.g., EU → U.S.), we will:

• Use Standard Contractual Clauses (SCCs) approved by the European Commission

• Ensure equivalent protection through supplementary safeguards

• ​

8. Retention of Information

We retain personal data only as long as:

• Required to fulfill the purpose for which it was collected

• Necessary to meet legal, contractual, or operational obligations

• Retention is mandated by law (e.g., employment, financial records)

When no longer required, we securely delete or anonymize data.

​

9. Data Security

As a cybersecurity company, data protection is the foundation of our operations. We implement:

• Role-based access controls (RBAC)

• Endpoint detection and response (EDR)

• Network segmentation and encryption

• Multi-factor authentication (MFA)

• Security Information and Event Management (SIEM) monitoring

• Regular penetration testing and vulnerability assessments

We follow industry frameworks such as NIST CSF, ISO/IEC 27001, and CIS Controls in managing our security controls.

​

10. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

​

Access - Request access to your personal data

Rectification - Correct inaccurate or incomplete data

Erasure ("Right to be Forgotten") - Request deletion of your personal data

Restriction - Limit how we use your data

Data Portability - Receive a copy of your data in machine-readable format

Object- Object to data processing under certain legal bases

Withdraw Consent - Withdraw consent for marketing or optional tracking

Opt-Out (CCPA/CPRA) - Opt out of data sharing with third parties for advertising

​

To exercise your rights, please get in touch with us at privacy@inceptionsecurity.com.

We will respond within the timeframes required by applicable laws (e.g., 30 days under GDPR, 45 days under CCPA).

​

11. Children’s Privacy

We do not knowingly collect or solicit personal data from individuals under 16. If we discover we have received data from a minor without parental consent, we will delete it promptly.

​

12. Cookies & Tracking Technologies

We use cookies and similar technologies to improve your experience, personalize content, analyze traffic, and support marketing efforts.

​

Types of Cookies:

• Strictly Necessary: Site operation and security

• Performance: Usage analytics (e.g., page visits, bounce rates)

• Functionality: Preferences and site customization

• Targeting/Advertising: Personalized ads and campaign tracking

You can manage cookies through:

• The "Cookie Settings" banner on our website

• Your browser settings

• Tools such as www.allaboutcookies.org

Detailed cookie descriptions are available in our Cookie Policy.

​

13. Data Breach Notification

In the event of a data breach involving your personal information, we will notify you and/or relevant authorities without undue delay, in compliance with applicable breach notification laws.

​

14. Changes to This Policy

We may update this Privacy & Cookie Policy periodically to reflect changes in legal requirements, services, or our privacy practices. Updates will be posted on this page with a revised "Effective Date." You are encouraged to review this page regularly.

​

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy & Cookie Policy or our handling of your data, please contact:

​

Inception Security

• privacy@inceptionsecurity.com

• https://inceptionsecurity.com