top of page
Important notice

This privacy policy is provided for informational purposes and represents Phoenix Information Security's current data practices. It does not constitute legal advice. Phoenix Information Security operates in both the United States and Canada and endeavors to comply with applicable privacy laws in both jurisdictions, including PIPEDA, CAN-SPAM, CASL, and applicable US state privacy laws including the California Consumer Privacy Act (CCPA). If you have questions about how this policy applies to you, please contact us at consulting@phoenixinfosec.com.

​

1. Who We Are

Phoenix Information Security ("Phoenix InfoSec", "we", "us", or "our") is a cybersecurity consulting company providing penetration testing, security assessments, compliance consulting, and related services to small and mid-size businesses. We operate in both the United States and Canada.

 

Registered business name: Phoenix Information Security

Website: www.phoenixinfosec.com

Contact email: consulting@phoenixinfosec.com

​

2. Information We Collect

We collect information in the following ways:

 

2.1 Information you provide directly

  • Name and email address when you submit a contact form, download a free resource, or request a consultation

  • Business name, phone number, and job title when provided voluntarily

  • Communications you send us by email or through our website contact form

  • Payment and billing information when you engage our services (processed securely through our payment processor — we do not store full card numbers)

 

2.2 Information collected automatically

  • IP address and approximate geographic location

  • Browser type, operating system, and device type

  • Pages visited, time spent on pages, and links clicked

  • Referring website or source that directed you to our site

  • Cookies and similar tracking technologies (see Section 6)

 

2.3 Information from third parties

  • If you contact us through LinkedIn or another social platform, we may receive basic profile information associated with your message

  • We do not purchase marketing lists or acquire personal information from data brokers

 

3. How We Use Your Information

We use the information we collect for the following purposes:

 

3.1 To deliver our services

  • Respond to consultation requests and inquiries

  • Deliver requested resources such as the SMB Security Checklist

  • Provide cybersecurity consulting, assessment, and advisory services

  • Send invoices and process payments

  • Communicate about the scope, progress, and delivery of engagements

 

3.2 To communicate with you

  • Send follow-up emails related to your inquiry or downloaded resource

  • Share security tips, industry updates, and occasional promotional content — only where you have given consent

  • Notify you of changes to our services or this privacy policy

 

3.3 To operate and improve our website

  • Analyze how visitors use our website to improve content and user experience

  • Monitor website security and prevent fraudulent or abusive activity

  • Comply with legal obligations

 

Our commitment

We do not sell, rent, or trade your personal information to any third party for marketing purposes. Ever.

​

4. Legal Basis for Processing Your Information

We process your personal information on the following legal bases:

 

  • Consent — where you have explicitly opted in, such as by submitting a form to receive emails from us. You may withdraw consent at any time by unsubscribing or contacting us.

  • Contract — where processing is necessary to perform a service you have engaged us for, such as delivering a security assessment.

  • Legitimate interests — where we have a legitimate business interest, such as responding to an inquiry you initiated, improving our website, or maintaining business records. We only rely on this basis where our interests are not overridden by your privacy rights.

  • Legal obligation — where we are required to process information to comply with applicable law.

​

5. How We Share Your Information

We do not sell your personal information. We may share your information in limited circumstances:

 

5.1 Service providers

We work with a small number of trusted third-party service providers who process information on our behalf, including:

  • Wix.com — website hosting and contact form processing

  • Email marketing platform (e.g. Wix Ascend, Mailchimp, or ConvertKit) — for sending email communications to subscribers

  • Payment processor (e.g. Stripe or PayPal) — for processing payments. We do not store payment card information ourselves.

  • Google Analytics or Wix Analytics — for website analytics

 

All service providers are required to handle your information securely and only for the purposes we specify. They are not permitted to use your information for their own marketing purposes.

 

5.2 Legal requirements

We may disclose your information if required to do so by law, court order, or government authority, or where we believe disclosure is necessary to protect the rights, property, or safety of Phoenix Information Security, our clients, or others.

 

5.3 Business transfers

In the event that Phoenix Information Security is acquired, merged, or its assets are transferred, your personal information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

​

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. Cookies are small text files stored on your device that help us recognize you and understand how you use our website.

 

Types of cookies we use:

  • Essential cookies — required for the website to function correctly. These cannot be disabled.

  • Analytics cookies — help us understand how visitors interact with our website so we can improve it. These may be set by Wix Analytics or Google Analytics.

  • Marketing cookies — if we run any advertising campaigns, these may track whether you visited our website after seeing an ad. We will update this policy if we implement such campaigns.

 

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing ones. Note that disabling certain cookies may affect the functionality of our website.

 

Our website is hosted on Wix, which may set its own cookies as part of their platform. Please refer to Wix's privacy policy at wix.com/about/privacy for details on Wix's own data practices.

​

7. Email Communications and Your Rights
7.1 Commercial email — CAN-SPAM (United States)

In compliance with the US CAN-SPAM Act, all commercial email communications from Phoenix Information Security will:

  • Clearly identify Phoenix Information Security as the sender

  • Include a clear and honest subject line

  • Include our physical mailing address or P.O. Box

  • Include a clear and easy way to unsubscribe from future emails

  • Honor unsubscribe requests within 10 business days

 

7.2 Commercial email — CASL (Canada)

In compliance with Canada's Anti-Spam Legislation (CASL), we will only send commercial electronic messages to individuals who have provided express or implied consent. We will:

  • Clearly identify ourselves as the sender in every message

  • Include our contact information in every message

  • Include a clear unsubscribe mechanism in every commercial message

  • Honor unsubscribe requests promptly and within the timeframe required by law

 

7.3 How to unsubscribe

You can unsubscribe from our email communications at any time by:

  • Clicking the unsubscribe link at the bottom of any email we send

  • Emailing us directly at consulting@phoenixinfosec.com with the subject line "Unsubscribe"

 

Once you unsubscribe, we will remove you from our marketing list within 10 business days. Note that we may still send you transactional emails directly related to an active service engagement.

​

8. How Long We Keep Your Information

We retain personal information only for as long as necessary for the purposes described in this policy, or as required by law:

 

  • Contact and inquiry information — retained for up to 3 years from the date of last contact, or longer if a service engagement follows

  • Client engagement records — retained for a minimum of 7 years in accordance with standard business record-keeping requirements

  • Email subscriber information — retained until you unsubscribe, after which we retain only a suppression record to ensure we do not contact you again

  • Website analytics data — retained in aggregated, anonymized form. IP addresses are anonymized where possible.

  • Payment records — retained for 7 years in accordance with tax and accounting requirements

 

When information is no longer required, we delete it securely or anonymize it so it can no longer be associated with you.

​

9. How We Protect Your Information

As a cybersecurity company, we take the protection of your personal information seriously. We implement appropriate technical and organizational measures to protect your information against unauthorized access, disclosure, alteration, or destruction, including:

 

  • Encrypted email communications for sensitive information

  • Access controls limiting who within our organization can access personal information

  • Secure, reputable third-party platforms for website hosting, email, and payment processing

  • Regular review of our data handling practices

 

No method of transmission over the internet or electronic storage is completely secure. While we take all reasonable steps to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

​

10. Your Privacy Rights

Depending on where you are located, you may have the following rights regarding your personal information:

 

10.1 Rights under PIPEDA (Canada)

  • Right to access — you may request a copy of the personal information we hold about you

  • Right to correction — you may request that we correct inaccurate or incomplete information

  • Right to withdraw consent — you may withdraw consent to our use of your information at any time, subject to legal or contractual restrictions

  • Right to complain — you may lodge a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca)

 

10.2 Rights under CCPA (California residents)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act:

  • Right to know — the categories and specific pieces of personal information we have collected about you

  • Right to deletion — request that we delete your personal information, subject to certain exceptions

  • Right to opt out — we do not sell personal information, so there is nothing to opt out of

  • Right to non-discrimination — we will not discriminate against you for exercising your privacy rights

 

10.3 General rights (all users)

  • You may request access to, correction of, or deletion of your personal information at any time by contacting us at consulting@phoenixinfosec.com

  • We will respond to all verifiable requests within 30 days

  • We may need to verify your identity before processing your request

​

11. International Data Transfers

Phoenix Information Security operates in both the United States and Canada. If you are located in Canada and your information is processed or stored in the United States, it may be subject to US law, which may differ from Canadian privacy law.

 

We take steps to ensure that any transfer of personal information across borders is handled in accordance with applicable privacy laws and that your information receives an appropriate level of protection.

​

12. Children's Privacy

Our website and services are directed exclusively at businesses and professionals. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected personal information from a minor, we will delete it promptly. If you believe we have collected information from a minor, please contact us at consulting@phoenixinfosec.com.

​

13. Links to Third-Party Websites

Our website may contain links to third-party websites, including social media platforms and partner resources. This privacy policy applies only to phoenixinfosec.com. We are not responsible for the privacy practices of third-party websites and encourage you to review their privacy policies before providing any personal information.

​

14. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the "Last updated" date at the top of this policy

  • Post the revised policy on this page

  • Where required by law, notify you of material changes by email

 

We encourage you to review this policy periodically. Your continued use of our website or services after any changes constitutes your acceptance of the updated policy.

​

15. How to Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

 

Privacy Questions & Requests

Phoenix Information Security

consulting@phoenixinfosec.com

www.phoenixinfosec.com

 

We will respond to all privacy inquiries within 30 days. For formal complaints, Canadian residents may also contact the Office of the Privacy Commissioner of Canada at priv.gc.ca. US residents in California may contact the California Attorney General's office at oag.ca.gov/privacy.

 

Legal disclaimer

This privacy policy was prepared by Phoenix Information Security based on applicable US and Canadian privacy laws as of the effective date above. It is not a substitute for legal advice. Phoenix Information Security recommends consulting a qualified privacy or legal professional to ensure full compliance with all laws applicable to your jurisdiction and business circumstances.

​

​

bottom of page