Privacy Policy

Last Updated: November 25, 2025

NetRunSecurity (the "Company", "we", "us") is committed to protecting the privacy and security of the personal information we collect from our clients, prospective clients, and website visitors. As a cybersecurity consultancy based in Quebec, Canada, with a focus on offensive security, we understand the paramount importance of data confidentiality and security. This policy outlines how we handle your information in compliance with applicable Canadian and international laws.

1. Information We Collect

We collect two types of information:

Personal Information (PI)

This is information that can identify you directly and is provided knowingly:

• Contact Forms & Inquiries: Name, email address, phone number, organization name, and details about your security needs or speaking request.
• Service Engagement Requests: Billing information, contractual details, and necessary credentials/access for penetration testing scope (handled under strict NDA, see Section 3).

Technical Data & Analytics

This data is collected automatically to ensure website functionality and performance:

• Usage Data: IP address (anonymized where possible), browser type, operating system, referring pages, pages visited, and time spent on pages.
• Analytics: We use privacy-focused analytics that do not track personally identifiable information (PII) or use cross-site tracking.

2. How We Use Your Information

Your information is used strictly for legitimate business purposes necessary for providing our security services and content:

• Service Delivery: To respond to inquiries, qualify leads, generate proposals, and securely deliver penetration testing reports and audit findings.
• Business Coordination: To coordinate speaking engagements, workshops, and manage contractual obligations.
• Communication: To send service updates, security advisories, or information you have opted into (e.g., newsletters).
• Improvement: To monitor and analyze website traffic to improve functionality and user experience.

3. Data Security & Client Confidentiality (Our Commitment)

Given our expertise in offensive security, we apply high standards of security to protect your data:

4. Third-Party Services

We minimize third-party data processors but use the following essential services:

• Cloudflare Pages: Used for website hosting and content delivery.
• Cloudflare Analytics: Used for privacy-focused website analytics. Cloudflare’s model does not use cookies for tracking and does not collect or store PII.
• Communication Providers: Encrypted email services used for primary business communications.

We do not sell your personal information to any third parties.

5. Cookies & Tracking Technologies

We use minimal cookies for essential website operation and anonymous performance analysis:

• Essential Cookies: Required for basic website functionality (e.g., remembering navigation state).
• Performance/Analytics Cookies: Used for anonymous, aggregated data to measure site performance and user flows.

We do not employ third-party advertising or intrusive tracking cookies. You may control or disable cookies through your browser settings.

6. Data Retention

• Contact Inquiries: Retained for a maximum of 2 years to facilitate follow-up and relationship management, unless a longer business relationship is established.
• Client Engagement Data: Retained according to specific contractual obligations (NDA terms), typically for a fixed period after contract completion, and then securely purged/destroyed.
• Analytics Data: Aggregated and anonymized after 90 days.

7. Legal Compliance & Governing Law

NetRunSecurity is committed to high standards of privacy compliance:

• Canadian Law: We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA).
• Quebec Law: We specifically adhere to the requirements of Quebec’s Law 25 (An Act to modernize legislative provisions as regards the protection of personal information).
• GDPR Principles: For any services offered to individuals residing in the European Economic Area (EEA) or the UK, we adhere to the core principles of the General Data Protection Regulation (GDPR), including rights to access, rectification, and erasure.
• Governing Law: This policy is governed by the laws of the Province of Quebec and the federal laws of Canada applicable therein.

8. Your Rights

Depending on your location, you have rights regarding your Personal Information. Specifically, under Law 25 and GDPR, you may have the right to:

• Access: Request a copy of the PI we hold about you.
• Rectification: Request correction of inaccurate or incomplete PI.
• Deletion ('Right to be Forgotten'): Request the erasure of your PI, subject to legal retention obligations.
• Withdraw Consent: Withdraw consent for processing PI, where consent was the lawful basis.
• Data Portability: Request that your PI be transferred to another party in a structured, commonly used, and machine-readable format.

9. Contact Us (Data Protection Officer)

For any privacy-related questions, to exercise your rights, or to file a complaint, please contact our designated Privacy Officer:

Email: privacy[at]netrunsecurity[dot]com

We will respond to all legitimate requests within 30 days. We may require confirmation of your identity before processing certain requests.

10. Changes to This Policy

We may update this policy periodically to reflect changes in our practices or legal requirements. Changes will be posted on this page with an updated "Last Updated" revision date. Continued use of our services after any changes constitutes your acceptance of the updated policy.