Effective Date: May 22, 2025
This Privacy Policy describes how Owens Cybersecurity Advisory LLC (“Owens Cybersecurity Advisory,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you visit our website, engage with us as a prospective client, or become a client of our cybersecurity compliance advisory services.
By accessing our website or using our services, you agree to the terms of this Privacy Policy.
1. Introduction
Owens Cybersecurity Advisory LLC, located at 113 S. Perry Street, Suite 206 #11312, Lawrenceville, Georgia 30046 US, is committed to protecting the privacy and security of the personal information we collect. Our primary purpose is providing cybersecurity compliance advisory services. This policy applies to visitors of our website, prospective clients, and current clients.
2. Information We Collect
We collect various types of information, depending on your interaction with us:
- Contact Information: When you use our contact form, engage with us, or sign contracts, we collect your name, phone number, email address, and business address.
- Business Information: Information related to your company and its operations as necessary to provide our cybersecurity compliance advisory services.
- Financial Information: If you make payments to us, we collect billing information necessary to process ACH or credit card payments. We do not store bank account or credit card details directly; this information is handled by our third-party payment processor.
- Technical Information: In the course of providing our cybersecurity services, we may collect technical information to support compliance initiatives. This could include, but is not limited to, data related to your systems’ security posture, network configurations, or other technical details relevant to the services.
- Access Credentials: To provide certain cybersecurity services (e.g., for assessments or configurations related to compliance), we may require temporary access to your systems or credentials. This access is strictly for the purpose of delivering the agreed-upon services and is handled with the utmost care and security.
We do not knowingly collect any “sensitive” personal information (such as racial or ethnic origin, political opinions, religious beliefs, health data, genetic data, biometric data, or data concerning a person’s sex life or sexual orientation). We also do not knowingly collect information from children.
3. How We Collect Information
We collect information through various methods, including:
- Directly from you: When you fill out forms on our website, communicate with us via email or phone, sign contracts, or provide information through our client portal.
- During the course of providing services: As we deliver our cybersecurity compliance advisory services, we may collect or access information relevant to those services.
4. How We Use Your Information
We use the personal information we collect for the following primary purposes:
- Providing Services: To deliver the requested cybersecurity compliance advisory services, including assessments, recommendations, and ongoing support.
- Communication: To communicate with you regarding your services, inquiries, updates, and general client support.
- Client Management: To build and maintain your client profile within our CRM system.
- Billing and Payment Processing: To process invoices, manage payments, and handle financial transactions for our services.
- Internal Record Keeping: For our administrative purposes, internal audits, and general business operations.
We do not use your information for automated decision-making or profiling that would have legal or similarly significant effects on individuals.
5. How We Share Your Information
We do not sell personal information to third parties. We may share your information only in the following limited circumstances:
- Service Providers: We share necessary information with trusted third-party service providers who assist us in operating our business and providing our services. These include:
- CRM Provider: Your name, email address, and other contact information are shared with our CRM provider for the purpose of managing client relationships and communications.
- Payment Processor (Stripe): When you make payments, billing information is shared with our payment processor (Stripe) to facilitate secure transactions. We do not store your full payment card details or bank account information on our systems.
- Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency request).
- Protection of Rights: We may disclose your information to protect the rights, property, or safety of Owens Cybersecurity Advisory LLC, our clients, or others, or to investigate fraud.
- With Your Consent: We may share your information with third parties when we have your explicit consent to do so.
We do not transfer personal information internationally. Our services are currently limited to clients located within the United States and US territories.
6. Data Security
We are committed to protecting the security of your personal information. We leverage industry-standard security measures and work with service providers who adhere to robust security practices.
Our CRM provider leverages leading tools from Amazon Web Services (AWS) to manage security and access controls, in line with industry best practices. All of our CRM provider’s servers are within a virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from getting to the internal network. Our CRM provider uses Advanced Encryption Standard (AES 256) to encrypt data at rest and Transport Layer Security (TLS) to encrypt data in transit. This ensures that all traffic between you/your clients and our CRM provider is secure during transit and at rest. Our CRM provider uses third-party security tools to continuously scan for vulnerabilities. An internal dedicated security team responds to issues raised. Twice yearly, our CRM provider engages third-party security experts to perform detailed penetration tests on their application and infrastructure. Our CRM provider accepts external vulnerability reports that are submitted by security researchers. Our CRM provider’s payment system integrates with Stripe, which has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. When using our CRM provider’s payment system, all sensitive data is transferred directly to Stripe servers over a secured and encrypted channel, fully complying with US regulations. Our CRM provider does not store bank accounts or credit card information.
7. Data Retention
We retain personal information for the duration of your client relationship with Owens Cybersecurity Advisory LLC. After the client relationship ends, we retain your data for a period of 5 years for record-keeping purposes, to comply with potential legal or regulatory obligations, and for operational needs. You have the right to request the deletion of your data; however, we may be required to retain certain records for legal or regulatory compliance, even if you request deletion.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Right to Access/Know: The right to request copies of the personal data we hold about you.
- Right to Rectification/Correction: The right to request that we correct any inaccurate or incomplete personal data we hold about you.
- Right to Erasure/Deletion (“Right to Be Forgotten”): The right to request the deletion of your personal data under certain conditions.
- Right to Restriction of Processing: The right to request that we restrict the processing of your personal data under certain conditions.
- Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
- Right to Object: The right to object to our processing of your personal data under certain conditions.
To exercise any of these rights, please contact us using the information provided in the “Contact Us” section below. We may need to verify your identity before fulfilling your request.
9. Cookies and Other Tracking Technologies
Our website is built on the WordPress platform, and we are currently assessing the exact types of cookies, if any, that are used by default for website functionality or by any plugins. We aim to provide clear information about any cookies used and how you can manage them. Please check back for updates to this section as we finalize our assessment.
10. Third-Party Links
Our website only contains a link to our CRM scheduler as “Book a Call”. No other third-party links are on this website.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our website and by sending an email notification at least 30 days before the changes become effective.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us:
Email: info@owens-security.com
While we do not have a dedicated Data Protection Officer, the business owner serves as the primary contact for privacy concerns.
13. Governing Law and Jurisdiction
This Privacy Policy is governed by and construed in accordance with the laws of the State of Georgia, United States, without regard to its conflict of law principles. Our services are provided to clients exclusively within the United States and US territories.
