Privacy Policy

Scope and Applicability

This Policy applies to personal information collected through (a) the ZeroOneSecure website and any subdomains we operate; (b) client intake forms, consultation briefs, and engagement questionnaires; (c) electronic correspondence initiated in connection with our services; and (d) any documents, briefs, recordings, or datasets shared with us during the course of a strategic engagement. This Policy does not apply to third-party websites linked from ours, nor to independent vendors retained directly by you.

By accessing our website or engaging ZeroOneSecure for services, you acknowledge that you have read, understood, and agreed to the practices described in this Policy. If you do not agree with any term contained herein, please discontinue use of the site and refrain from submitting personal information through our intake channels.

Information We Collect

The categories of information we collect vary depending on how you interact with us. We have organized them below according to source and sensitivity, and we have avoided collecting any category of information that is not reasonably related to the delivery of our professional services.

Information You Provide Directly

• Identifiers. Full name, professional title, company name, business email address, business telephone number, and mailing address, collected when you request a consultation or sign an engagement agreement.
• Engagement content. The narrative content of any brief, question, document, spreadsheet, strategic objective, or market hypothesis you voluntarily submit to us for review or analysis.
• Commercial information. Invoicing details, purchase history, engagement preferences, and contractual terms negotiated between the parties.
• Correspondence records. The content of emails, meeting notes, and recorded calls (only when you have affirmatively consented to recording in advance).

Information Collected Automatically

• Technical telemetry. Internet Protocol address, browser type and version, operating system, referring URL, session duration, and pages viewed.
• Cookies and similar technologies. Small data files stored on your device that support core website functionality, remember your preferences, and help us measure aggregate traffic patterns. You may disable non-essential cookies through your browser settings without affecting your ability to read our public content.
• Security signals. Event logs, failed authentication attempts, and anomaly markers collected for the protection of our systems and our clients' confidential material.

Information Received From Third Parties

• Professional networks. Publicly available information confirming the professional identity of a client representative, where such verification is required by our onboarding procedures.
• Analytics providers. Aggregated or de-identified data concerning website performance and visitor behavior, received through privacy-respecting analytics tooling.

We do not knowingly collect information from children under the age of sixteen. If we learn that we have inadvertently received such information, we will delete it promptly.

How We Use Your Information

Personal information is used strictly in furtherance of legitimate business purposes that a reasonable client would expect from a professional market intelligence firm. These purposes include, without limitation:

• Responding to consultation requests, preparing preliminary scoping assessments, and transmitting engagement proposals.
• Performing the analytical, advisory, and reporting work contemplated by a signed engagement agreement.
• Invoicing, collecting payment, administering refunds where applicable, and maintaining accurate financial records.
• Communicating administrative updates about our services, scheduling meetings, and confirming deliverable timelines.
• Protecting the integrity of our systems, detecting fraudulent activity, and investigating potential security incidents.
• Complying with applicable statutory, regulatory, or professional obligations, including responses to lawful government requests.
• Improving the structure, content, and usability of our website and service offerings through aggregate performance review.

We will not use your personal information for any materially different purpose without providing you notice and, where legally required, obtaining your consent.

Legal Bases for Processing

Where applicable privacy legislation requires a specific legal basis for the processing of personal information, we rely on one or more of the following: (a) the performance of a contract to which you are a party, or steps taken at your request prior to entering into such a contract; (b) compliance with a legal obligation to which we are subject; (c) our legitimate business interests in operating, securing, and improving our services, provided that such interests are not overridden by your fundamental rights; and (d) your freely given, specific, and informed consent, which you may withdraw at any time by contacting us through the channels listed at the end of this document.

Cookies and Tracking Technologies

Our website uses a minimal set of first-party cookies and similar mechanisms. We distinguish between three categories: strictly necessary cookies, which allow the site to function and cannot be disabled through our interface; functional cookies, which remember preferences such as interface language; and analytics cookies, which measure aggregate performance in a manner that does not individually identify any single visitor. We do not use advertising cookies, and we do not participate in cross-site behavioral advertising networks.

You may configure your browser to refuse some or all cookies, to alert you when a cookie is being placed, or to erase previously stored cookies. Please note that if you disable strictly necessary cookies, certain portions of our site may become inoperative, including client intake and scheduling tooling.

Disclosure of Information

We do not sell or rent personal information to third parties, and we do not share personal information for cross-contextual behavioral advertising. We may disclose personal information only in the following narrowly defined circumstances:

• Service providers. To carefully vetted vendors that perform functions on our behalf, such as cloud hosting, document storage, payment processing, and secure communications. All such vendors are bound by written agreements that prohibit the use of data for any purpose other than the provision of services to us.
• Professional advisors. To our attorneys, accountants, and auditors where such disclosure is reasonably necessary for the legitimate conduct of our business.
• Legal compliance. Where required by subpoena, court order, lawful regulatory request, or where necessary to establish, exercise, or defend legal claims.
• Corporate transactions. In connection with a prospective or consummated merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality protections and, where required by law, notification to affected individuals.
• With your consent. In any other case where you have provided explicit, informed authorization for us to do so.

Data Retention

Personal information is retained only for the period reasonably necessary to fulfill the purposes for which it was collected, including the satisfaction of legal, accounting, tax, or reporting requirements. Engagement records are typically maintained for a period of seven years following conclusion of the engagement, in order to satisfy commercial recordkeeping standards and to defend against potential claims. Routine website telemetry is retained for no longer than twenty-four months, after which it is either deleted or rendered permanently de-identified. Marketing inquiries that do not convert into an engagement are retained for no longer than eighteen months unless you request earlier deletion.

Data Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These safeguards include, without limitation: encryption of data in transit using industry-standard transport protocols; encryption of sensitive records at rest; strict access-control policies based on the principle of least privilege; ongoing personnel training on confidentiality and information security; vendor due-diligence review; and periodic internal audits of our information-handling practices.

Notwithstanding these measures, no method of electronic transmission or electronic storage is perfectly secure. We cannot guarantee the absolute security of information communicated over the internet or stored on our systems. In the event that we become aware of a confirmed security incident materially affecting your personal information, we will notify you without undue delay and in accordance with the timelines mandated by applicable law.

Your Privacy Rights

Depending on the state or country in which you reside, you may have the right to exercise one or more of the following with respect to personal information we hold about you. Where available, these rights are provided without charge and without discriminatory treatment.

• Right to know. The right to request confirmation of whether we process your personal information and to obtain a description of the categories and specific pieces of information held.
• Right to access. The right to receive a copy of the personal information we hold about you in a readily usable format.
• Right to correct. The right to request correction of inaccurate or incomplete personal information.
• Right to delete. The right to request deletion of personal information, subject to exceptions permitted by law (including retention required for compliance, defense of legal claims, or completion of an active engagement).
• Right to opt out of sale or sharing. The right to direct us not to sell or share your personal information. ZeroOneSecure does not engage in the sale or cross-contextual sharing of personal information, so this right is satisfied by default.
• Right to non-discrimination. The right not to be subjected to discriminatory treatment for the lawful exercise of any privacy right described above.
• Right to withdraw consent. Where processing is based upon consent, the right to withdraw that consent at any time without affecting the lawfulness of processing conducted prior to withdrawal.

Requests may be submitted through the contact details provided at the end of this Policy. We will verify your identity through reasonable means prior to responding, and we will acknowledge your request within the timelines required by applicable statute.

Colorado Residents

Residents of the State of Colorado are afforded specific rights under the Colorado Privacy Act, including the right to access, correct, delete, and obtain a portable copy of personal data, as well as the right to opt out of targeted advertising, the sale of personal data, and certain forms of profiling. ZeroOneSecure does not engage in targeted advertising, does not sell personal data, and does not use automated profiling to produce legal or similarly significant effects concerning consumers. To exercise any Colorado privacy right, please follow the procedures described in Section 8.

International Transfers

ZeroOneSecure is headquartered in the United States, and our primary data processing occurs within the United States. If you are accessing our services from outside the United States, please be aware that your personal information may be transferred to, stored in, and processed in a jurisdiction whose data protection laws may differ from those of your jurisdiction of residence. Where required by applicable law, we implement appropriate safeguards — such as contractual data protection commitments — for transfers of personal information across international borders.

Third-Party Links

Our website may contain links to third-party websites, resources, or services that are not owned or controlled by ZeroOneSecure. This Privacy Policy does not govern the practices of such third parties, and we disclaim responsibility for their privacy statements, terms of use, or handling of personal information. We encourage you to review the privacy disclosures of any third-party website before submitting personal information to it.

Changes to This Policy

We may revise this Privacy Policy from time to time to reflect changes in our business practices, legal obligations, or service offerings. When we do, we will update the "Last Updated" date displayed at the top of this document and, where the changes are material, we will provide a conspicuous notice on our website or through other reasonable means prior to the effective date of the updated Policy. Continued use of our services following the effective date of any revision constitutes your acceptance of the revised Policy.

Contact and Requests

If you have any questions about this Privacy Policy, wish to exercise a privacy right described herein, or would like to submit a concern regarding our information-handling practices, please contact us using the coordinates provided below. We will respond to all well-formed inquiries within the timeframes required by applicable law, and in any case without unreasonable delay.