Privacy Policy

Auri Security Inc. ("Auri Security", "we", "us", "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us. This policy complies with applicable privacy laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Personal Information Protection and Electronic Documents Act (PIPEDA), and other relevant privacy legislation.

For the purposes of this Privacy Policy, "Auri Security" includes our related or affiliated partnerships, partners, principals, employees, agents, authorized representatives, and affiliated corporations and their respective officers, directors, shareholders, employees, agents, and authorized representatives.

Information We Collect

Personal Information

We collect personal information that you voluntarily provide to us when you:

• Request our cybersecurity services or consultations
• Contact us through our website, email, or phone
• Subscribe to our newsletters or communications
• Participate in our training programs or events
• Apply for employment with us
• Engage with us on social media platforms

This may include:

• Contact information (name, email address, phone number, mailing address)
• Business information (company name, job title, industry)
• Account credentials and preferences
• Payment and billing information
• Communications and correspondence with us
• Resume and employment-related information

Technical Information

We automatically collect certain technical information when you visit our website:

• IP address and device information
• Browser type and version
• Operating system
• Pages visited and time spent on our site
• Referring website addresses
• Cookies and similar tracking technologies

Cybersecurity Service Data

In providing our digital forensics and incident response services, we may process sensitive data including:

• Digital evidence and forensic data
• System logs and network traffic data
• Employee communications and files
• Financial and business records
• Client infrastructure information
• Incident response documentation

How We Use Your Information

Service Delivery

• Provide digital forensics and incident response services
• Conduct cybersecurity assessments and investigations
• Deliver training and consulting services
• Process payments and manage billing
• Communicate about service updates and changes

Business Operations

• Improve our services and develop new offerings
• Conduct market research and analytics
• Manage client relationships and support
• Comply with legal and regulatory requirements
• Prevent fraud and ensure security

Marketing and Communications

• Send newsletters and industry updates
• Invite you to events and webinars
• Provide relevant cybersecurity insights
• Respond to your inquiries and requests

Legal Basis for Processing (GDPR)

For EU residents, we process your personal data based on the following legal grounds:

• Contract Performance: To fulfill our contractual obligations to you
• Legitimate Interest: To operate our business and provide services
• Consent: When you have given explicit consent for specific processing
• Legal Obligation: To comply with applicable laws and regulations
• Vital Interests: To protect your or others' vital interests in emergency situations

Your Rights and Choices

Access and Portability

• Request access to your personal information we hold
• Receive a copy of your data in a portable format
• Verify the accuracy and completeness of your information
• Request corrections to inaccurate or incomplete data

Control and Deletion

• Request deletion of your personal information (subject to legal obligations)
• Object to processing of your personal information
• Restrict processing in certain circumstances
• Withdraw consent at any time (where applicable)

Marketing Communications

• Opt-out of marketing emails using unsubscribe links
• Update your communication preferences
• Request to be removed from our mailing lists

Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Our retention periods are based on:

• The nature of the information and purpose for collection
• Legal and regulatory requirements
• Business operational needs
• Client service agreements
• Cybersecurity and forensic investigation requirements

Information Sharing and Disclosure

Service Providers

We may share your information with trusted third-party service providers who assist us in operating our business, including:

• Cloud hosting and data storage providers
• Payment processors and financial institutions
• Email and communication service providers
• Analytics and marketing platforms
• Legal and professional service providers

Legal Requirements

We may disclose your information when required by law or in response to:

• Court orders, subpoenas, or legal process
• Government investigations or regulatory requests
• Law enforcement agencies
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activities

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business assets. We will ensure that any such transfer is subject to appropriate privacy protections and notice requirements.

Keeping information accurate

It is important that your personal information is accurate and complete. Having accurate information about you enables us to give you the best possible service. You have the right to access, verify and amend the information we have about you. If you identify any personal information that is out-of-date, incorrect or incomplete, let us know and we will make the corrections promptly. To keep personal information up-to-date, please inform us of any changes, such as a change of address, telephone number or any other circumstances by contacting our Privacy Officer using the contact information below.

Data Security and Protection

Technical Safeguards

• End-to-end encryption for data in transit and at rest
• Multi-factor authentication and access controls
• Regular security assessments and penetration testing
• Secure data centers with physical and logical security controls
• Network segmentation and intrusion detection systems
• Regular security updates and patch management

Administrative Safeguards

• Comprehensive privacy and security training for all staff
• Background checks and confidentiality agreements
• Role-based access controls and principle of least privilege
• Regular security awareness training and testing
• Incident response and breach notification procedures
• Regular audits and compliance assessments

Cybersecurity Standards

As a cybersecurity company, we maintain the highest standards of data protection:

• ISO 27001 information security management system
• SOC 2 Type II compliance for security controls
• NIST Cybersecurity Framework implementation
• Regular third-party security assessments
• Continuous monitoring and threat intelligence
• Zero-trust security architecture principles

While we implement industry-leading security measures, no system is completely secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents and notifying affected individuals as required by law.

Cookies and Tracking Technologies

Types of Cookies We Use

• Essential Cookies: Required for website functionality and security
• Analytics Cookies: Help us understand website usage and performance
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used for targeted advertising and content

Third-Party Services

We may use third-party services that place cookies on our website:

• Google Analytics for website analytics
• Social media platforms for content sharing
• Marketing automation tools
• Customer support platforms

Your Cookie Choices

You can control cookies through your browser settings:

• Block or delete cookies in your browser
• Set your browser to notify you before accepting cookies
• Use our cookie preference center (if available)
• Opt-out of non-essential cookies

Marketing Communications

We may send you commercial electronic messages to email addresses you have provided. We obtain your consent through:

• Express consent when you subscribe to our communications
• Implied consent when you inquire about our services
• Legitimate interest for existing client communications
• Legal requirements for certain business communications

You can unsubscribe from marketing communications at any time using the unsubscribe link in our emails or by contacting our Privacy Officer. You will still receive essential service-related communications.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated policy on our website with a new effective date
• Notify you via email or other prominent notice
• Obtain your consent where required by law
• Provide a summary of material changes

Complaints and Dispute Resolution

If you have concerns about our privacy practices, you may:

• Contact our Privacy Officer directly
• File a complaint with relevant privacy authorities
• Seek resolution through our internal complaint process
• Exercise your rights under applicable privacy laws

Contact Information

Please contact our Privacy Officer to obtain further information about our policies and procedures or if you have any unresolved inquiries or concerns. We will respond to you promptly and do our utmost to resolve your concerns.

Our Privacy Officer can be contacted as follows: