Privacy Policy
Last Updated: March 17, 2026
1. Introduction
vCISO Pro, LLC ("Company", "we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our cybersecurity consulting services.
Our services focus on providing fractional Chief Information Security Officer (vCISO) services and cybersecurity consulting to small and medium-sized professional businesses.
If you have questions about this Privacy Policy or how your data is handled, please contact us at:
Email: info@vcisopro.com
2. Information We Collect
We may collect the following categories of personal data.
Information You Provide Directly
You may voluntarily provide information when you:
-
Submit a contact form
-
Book a consultation
-
Register for an account
-
Subscribe to a newsletter
-
Communicate with us via email
This information may include:
-
Full name
-
Email address
-
Phone number
-
Company name
-
Job title
-
Account login information
-
Any information included in messages or inquiries
Automatically Collected Information
When you visit our website, certain technical data may be collected automatically through cookies and analytics tools.
This may include:
-
IP address
-
Browser type and version
-
Device information
-
Pages visited
-
Time spent on pages
-
Referring website
-
General geographic location
3. How We Use Your Information
-
We process personal data for the following purposes:
-
Responding to inquiries submitted through contact forms
-
Scheduling and managing consultations
-
Providing cybersecurity consulting services
-
Managing user accounts
-
Sending newsletters or business updates (if you subscribe)
-
Processing invoices and billing
-
Improving website functionality and user experience
-
Monitoring website performance and analytics
-
Maintaining security and preventing fraud
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:
Consent
When you subscribe to newsletters or allow optional cookies.
Contractual Necessity
When processing is required to provide services you request, such as consultations or client engagements.
Legitimate Interests
For business operations such as improving our services, securing our systems, and responding to inquiries.
Legal Obligations
When required to comply with applicable laws or regulations.
5. Cookies and Tracking Technologies
Our website uses cookies and similar technologies for the following purposes:
-
Essential website functionality
-
Analytics and performance monitoring
-
User experience improvements
-
Remembering user preferences
Cookies may collect information such as browser type, pages visited, and session activity.
You can control cookies through your browser settings. Disabling some cookies may affect website functionality.
6. Third-Party Service Providers
We may use trusted third-party service providers to operate our business, including:
-
Analytics providers
-
Email and communication platforms
-
Booking or scheduling tools
-
Invoicing and billing platforms
-
Hosting and infrastructure providers
These providers only receive the information necessary to perform their services and are expected to maintain appropriate data protection measures.
We do not sell or rent personal data to third parties.
7. Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy.
Typical retention periods may include:
Contact form submissions: up to 24 months
Analytics data: up to 26 months
Newsletter subscription data: until you unsubscribe
Client account data: for the duration of the business relationship and as required for legal or accounting purposes
After this period, data may be deleted or anonymized.
8. Data Security
We implement reasonable administrative, technical, and organizational safeguards designed to protect personal data.
These measures may include:
-
Secure hosting environments
-
Encryption where appropriate
-
Access controls
-
Monitoring systems
-
Industry-standard cybersecurity practices
While we strive to protect personal data, no internet-based system can be guaranteed 100% secure.
9. International Data Transfers
vCISO Pro, LLC is based in the United States. If you access our website from outside the U.S., your information may be transferred to and processed in the United States.
Where required under GDPR, we implement appropriate safeguards for international transfers, such as:
-
Standard Contractual Clauses (SCCs)
-
Contractual data protection obligations with service providers
10. Your Data Protection Rights (GDPR)
If you are located in the EU or EEA, you have the following rights regarding your personal data:
Right of Access – request a copy of your personal data
Right to Rectification – request correction of inaccurate information
Right to Erasure ("Right to be Forgotten") – request deletion of your data
Right to Restrict Processing – request limits on how your data is used
Right to Data Portability – receive your data in a portable format
Right to Object – object to certain types of data processing
Right to Withdraw Consent – withdraw consent at any time
To exercise these rights, please contact us at: info@vcisppro.com
We will respond to legitimate requests in accordance with applicable data protection laws.
11. Children's Privacy
Our services are intended for **business professionals and organizations**. We do not knowingly collect personal information from individuals under the age of 18.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in:
legal requirements
technology
business practices
When updates occur, the "Last Updated" date will be revised. Continued use of our website constitutes acceptance of the updated policy.
13. Contact Information
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact:
vCISO Pro, LLC
Email: info@vcisppro.com
