Privacy
Policy.
The short version: we collect as little as possible and share nothing.
The short version
We do not track you. We do not sell your data. We do not use third-party analytics. We do not run ads. If you contact us, we use your information to respond and nothing else. That is it.
What we collect
Only what you give us directly — your name, email, and message when you use the contact or intake form. No cookies beyond what the browser requires to serve the page. No fingerprinting. No analytics scripts. No tracking pixels.
What we do with it
We use your contact information to respond to your inquiry or conduct the requested audit engagement. That is the only use. We do not cross-reference it, profile it, or pass it to anyone else.
Who we share it with
Nobody. We do not sell, rent, trade, or share your information with third parties. The only exception is if a law requires us to — and even then, we would tell you if legally permitted to do so.
Engagement confidentiality
Everything shared in the context of an audit engagement is confidential by default. Codebase, findings, client identity — none of it leaves the engagement without your explicit written consent.
How long we keep it
Contact form submissions: as long as the conversation is active, then deleted. Completed audit files: retained for 5 years for our own records, then deleted. You can ask us to delete your data at any time and we will.
Contact
Privacy questions or deletion requests — use the contact form on the home page. We respond within 48 hours.