Privacy Policy

FracSec ("we," "us," or "our") operates the website at fracsec.com (the "Site"). This Privacy Policy describes how we collect, use, disclose, and protect personal information you provide when you visit the Site or submit an inquiry. We are committed to handling your information with the same discretion we bring to every client engagement.

This policy is intended to comply with applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA) and its amendments under the California Privacy Rights Act (CPRA), as well as the General Data Protection Regulation (GDPR) to the extent it applies to our processing activities.

We collect information in the following ways:

Information you provide directly

When you submit the contact form on the Site, we collect your name, professional role or title, email address, and any context you choose to share about your inquiry. Submission of this form is entirely voluntary.

Information collected automatically

When you visit the Site, we may collect certain technical information automatically, including your IP address (used solely for geographic access control), browser type, operating system, referring URL, and pages visited. This information is collected through server logs and, if you consent, through analytics software.

Cookies and similar technologies

We use a limited number of cookies necessary for the Site to function. We also use analytics cookies to understand aggregate traffic patterns. Analytics cookies are only activated after you provide explicit consent through our cookie consent banner. You may withdraw consent at any time by visiting our Cookie Preferences page.

We use the information we collect for the following purposes:

• To respond to your inquiry and evaluate whether an advisory engagement may be appropriate.
• To send you a confirmation email acknowledging receipt of your inquiry.
• To maintain records of our communications for business continuity and legal compliance.
• To understand how the Site is used in aggregate, so we can improve it.
• To enforce our geographic access restrictions (United States only).

We do not use your personal information for advertising, profiling, automated decision-making, or sale to third parties. We do not build marketing lists from inquiry submissions.

For individuals in the European Economic Area (EEA), our legal bases for processing personal data are:

• Legitimate interests — responding to business inquiries you initiate and maintaining records of those communications.
• Consent — for analytics cookies, which we only activate after you provide affirmative consent.
• Legal obligation — retaining records as required by applicable law.

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

• Service providers — We use Resend (resend.com) to deliver transactional email notifications. Resend processes your email address solely to transmit the message and does not retain or use it for any other purpose.
• Legal requirements — We may disclose information if required to do so by law, court order, or in response to a valid government request.
• Business transfers — In the unlikely event of a sale or transfer of the practice, personal data may be transferred as part of that transaction, subject to equivalent privacy protections.

We retain inquiry submissions and associated contact information for up to three (3) years from the date of submission, or for the duration of any resulting advisory engagement plus one (1) year, whichever is longer. Analytics data is retained in aggregate form only and is not linked to individual identities after 90 days.

You may request deletion of your personal information at any time by contacting us at the address below. We will honor deletion requests within 30 days, subject to any legal retention obligations.

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

All users

• Access — Request a copy of the personal information we hold about you.
• Correction — Request correction of inaccurate or incomplete information.
• Deletion — Request deletion of your personal information, subject to legal retention requirements.
• Opt-out of email communications — Every email we send includes an unsubscribe link. You may also opt out by contacting us directly.

California residents (CCPA/CPRA)

California residents have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of the sale or sharing of personal information. We do not sell or share personal information as defined under the CCPA. To exercise your rights, contact us at the address below. We will not discriminate against you for exercising any of these rights.

EEA/UK residents (GDPR/UK GDPR)

In addition to the rights above, EEA and UK residents have the right to data portability, the right to restrict processing, and the right to object to processing based on legitimate interests. You also have the right to lodge a complaint with your local supervisory authority. Note that our Site is geo-restricted to United States visitors; if you are accessing the Site from outside the United States through a VPN or proxy, please be aware that our services are not directed at non-U.S. residents.

We implement industry-standard technical and organizational measures to protect your personal information, including TLS encryption for all data in transit, HTTP Strict Transport Security (HSTS), Content Security Policy headers, and access controls limiting who can view inquiry submissions. No method of transmission over the internet is completely secure; however, we take the protection of your data seriously and continuously review our security posture.

The Site is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page will reflect the most recent revision. We encourage you to review this page periodically. Continued use of the Site after any changes constitutes your acceptance of the updated policy.

To exercise your privacy rights, ask questions about this policy, or submit a data request, please contact us at: