Privacy Policy

1. Overview

Black Tower Cyber LLC (“Black Tower Cyber,” “we,” “us,” or “our”) provides cybersecurity consulting, incident response, security assessments, managed detection support, cloud security, and related services. We respect the privacy of visitors, prospective clients, and clients who interact with our website, forms, communications, and services.

This Privacy Policy is written for general transparency. It is not intended to replace a signed services agreement, statement of work, nondisclosure agreement, business associate agreement, data processing agreement, or other contract when one applies.

2. Information We May Collect

Depending on how you interact with us, we may collect the following information:

• Contact details such as name, email address, phone number, company name, and role.
• Inquiry details submitted through website forms, email, phone, calendar scheduling, or direct communications.
• Technical information reasonably necessary to provide cybersecurity services, such as domains, IP addresses, tenant names, logs, security alerts, screenshots, reports, device details, email headers, and related evidence.
• Website usage information such as browser type, approximate location, referring pages, device information, and basic analytics if analytics tools are enabled.
• Billing and administrative information necessary to manage proposals, invoices, contracts, and client communications.

3. How We Use Information

We may use information to:

• Respond to inquiries, schedule calls, and provide requested information.
• Deliver cybersecurity services, investigations, assessments, hardening projects, managed detection, and incident response support.
• Prepare reports, findings, recommendations, proposals, statements of work, and client deliverables.
• Improve our website, services, communications, and internal operations.
• Maintain records required for business, legal, security, or compliance purposes.
• Protect our systems, clients, and business from abuse, fraud, unauthorized access, and security threats.

4. Cybersecurity and Incident Data

Cybersecurity work may involve sensitive technical information. We treat incident evidence, security findings, client environments, credentials provided for authorized work, logs, configurations, screenshots, and related materials as confidential client information. Access is limited to personnel or approved partners who need the information to perform authorized work.

Clients should avoid sending passwords, secrets, private keys, recovery codes, or regulated sensitive data through unsecured channels unless a secure method has been agreed upon.

5. Sharing Information

We do not sell personal information. We may share information only when reasonably necessary, including:

• With trusted service providers that support website hosting, email, scheduling, billing, document storage, security tooling, or business operations.
• With client-approved vendors, insurers, attorneys, IT providers, law enforcement, or incident stakeholders when directed or authorized by the client.
• When required to comply with law, legal process, contractual obligations, or to protect rights, safety, security, or property.
• In connection with a business transfer, merger, restructuring, or similar event, subject to reasonable confidentiality protections.

6. Cookies and Analytics

Our website may use cookies, pixels, analytics tools, or similar technologies to understand site performance, measure traffic, improve content, and protect the website. You can control cookies through your browser settings. Disabling cookies may affect certain website functions.

7. Data Retention

We retain information only as long as reasonably necessary for the purpose it was collected, to provide services, maintain business records, support security investigations, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary depending on the type of service, client agreement, legal requirements, and operational needs.

8. Security Measures

We use reasonable administrative, technical, and organizational safeguards designed to protect information from unauthorized access, disclosure, alteration, or destruction. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your Choices

You may request that we update, correct, or delete certain personal information, subject to legal, contractual, security, and legitimate business retention requirements. You may also request to stop receiving non-essential communications from us.

10. Third-Party Links

Our website may link to third-party websites, tools, scheduling platforms, payment providers, or security resources. We are not responsible for the privacy practices, content, or security of third-party services.

11. Children’s Privacy

Our website and services are intended for businesses and adults. We do not knowingly collect personal information from children under 13.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date will reflect the most recent revision. Continued use of the website or services after changes are posted means you acknowledge the updated policy.

13. Contact

For privacy questions, contact Black Tower Cyber LLC through the contact page or by using the communication method provided in your client agreement.