Privacy Policy

Last updated: December 20, 2025

This Privacy Policy explains what information Bastionity collects, how we use it, and the choices you have. It applies to our website, related pages, and online services (collectively, the “Website”).

1. Introduction

Bastionity provides cybersecurity services such as penetration testing and security consulting. Protecting the privacy and confidentiality of our visitors, clients, and partners is a core principle. This Policy covers information collected through the Website and does not automatically cover data collected offline or through separate contractual engagement channels—unless stated in a written agreement.

2. Consent

By accessing or using our Website, you acknowledge that you have read this Privacy Policy and agree to it. Where required by law, we will request your explicit consent (for example, for certain cookies or marketing communications).

3. Information We Collect

We collect information in three main categories:

  • Information you provide: such as your name, email address, phone number, job title, company name, and any message content or attachments you send to us.
  • Account / business details (if applicable): if you request proposals or start a commercial relationship, we may collect billing-related identifiers, address details, and other organizational information necessary for contracting.
  • Automatically collected technical data: such as IP address, device type, browser and OS, referring pages, approximate location (derived from IP), timestamps, pages viewed, and interaction patterns.

4. How We Use Your Information

We use information to:

  • Operate, maintain, and secure the Website.
  • Respond to inquiries, requests, and support messages.
  • Provide and improve our services, content, and user experience.
  • Analyze usage to understand performance, troubleshoot issues, and prevent abuse.
  • Communicate with you about updates, security notices, or changes to policies.
  • Send marketing communications where permitted by law and based on your preferences (you can opt out anytime).

5. Cookies and Similar Technologies

We may use cookies, pixels, and similar technologies to:

  • Remember preferences and basic session settings.
  • Measure Website performance and understand user interactions (analytics).
  • Help protect the Website from spam, automated abuse, and malicious activity.

You can control cookies through your browser settings. Disabling cookies may affect certain functionality.

6. Third-Party Services & Links

Our Website may reference third-party services (e.g., analytics providers, embedded content, or external links). Those third parties may collect information according to their own policies. Bastionity does not control third-party practices and recommends reviewing their privacy notices before interacting with them.

7. Data Sharing & Disclosure

We do not sell your personal information. We may share information only in limited circumstances:

  • Service providers: vetted vendors who help us operate the Website (e.g., hosting, analytics, email delivery) under contractual confidentiality and security obligations.
  • Legal obligations: when required to comply with applicable law, court orders, or lawful requests.
  • Security & protection: to investigate or prevent fraud, abuse, or security incidents, and to protect rights and safety of Bastionity, our users, or others.
  • Business transfers: in connection with a merger, acquisition, reorganization, or asset sale, subject to appropriate safeguards.

8. CCPA Privacy Rights (California Residents)

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA), including:

  • The right to request disclosure of the categories and specific pieces of personal information collected.
  • The right to request deletion of personal information (subject to legal exceptions).
  • The right to opt out of the “sale” of personal information (note: we do not sell personal information).

To exercise these rights, contact us at privacy@bastionity.com. We will respond within the timeframe required by law (typically within one month).

9. GDPR Data Protection Rights (EEA/UK)

If the GDPR applies to you, you may have the right to:

  • Access your personal data.
  • Request correction of inaccurate or incomplete data.
  • Request deletion (erasure) in certain situations.
  • Request restriction of processing in certain situations.
  • Object to processing based on legitimate interests in certain situations.
  • Request data portability (where applicable).

To submit a request, contact privacy@bastionity.com. We will respond within the timeframe required by law (typically within one month).

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Updates will be posted on this page and are effective when published. We encourage you to review this page periodically.

11. Contact Us

For questions, concerns, or privacy requests, contact us at privacy@bastionity.com or via the contact methods listed on our Website.