Privacy Policy

Your privacy matters. This policy explains how SiegePal collects, uses, and protects your information.

Last Updated: April 12, 2026

1. Introduction

SiegePal LLC ("SiegePal," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website www.siegepal.com (the "Site") or engage with our cybersecurity and AI engineering services (the "Services"). By accessing or using the Site or Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the Site and Services immediately.

2. Information We Collect

Information You Provide Directly We collect information that you voluntarily provide when you: - Submit a contact form (name, email address, company name, message content, service interest) - Schedule a consultation through our Calendly integration - Subscribe to our newsletter or request resources - Engage with us via email at support@siegepal.com - Enter into a service agreement or statement of work This may include your name, email address, phone number, company name, job title, and any information you include in your communications with us. Information Collected Automatically When you visit the Site, certain information is collected automatically, including: - IP address and approximate geolocation - Browser type, version, and language preferences - Operating system and device information - Pages visited, time spent on pages, and navigation paths - Referring URL and exit pages - Date and time of access Third-Party Services Our Site integrates with third-party services that may collect information independently: - Calendly: When you schedule a meeting, Calendly collects information in accordance with their own privacy policy (https://calendly.com/privacy). - Analytics: We may use analytics tools to understand Site usage patterns.

3. How We Use Your Information

We use the information we collect for the following purposes: - Service Delivery: To respond to inquiries, schedule consultations, and deliver our cybersecurity and AI engineering services - Communication: To send you information about our services, respond to your requests, and provide customer support - Site Improvement: To analyze usage patterns and improve the functionality, content, and user experience of our Site - Security: To detect, prevent, and address technical issues, fraud, or security vulnerabilities - Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests - Business Operations: To manage our business relationship with you, including invoicing, contract management, and service delivery We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases: - Consent: Where you have given us explicit consent to process your data (e.g., submitting a contact form) - Contractual Necessity: Where processing is necessary to perform a contract with you or take pre-contractual steps at your request - Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving our services and marketing, provided these interests are not overridden by your rights - Legal Obligation: Where processing is necessary to comply with a legal obligation

5. Data Sharing and Disclosure

We may share your information in the following circumstances: - Service Providers: With trusted third-party vendors who assist in operating our Site and delivering our Services (e.g., hosting providers, email services, scheduling tools), bound by contractual obligations to protect your data - Legal Requirements: When required by law, regulation, legal process, or governmental request - Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, where your information may be transferred as a business asset - Protection of Rights: To protect and defend the rights, property, or safety of SiegePal, our clients, or the public We require all third parties to respect the security of your personal data and treat it in accordance with applicable law.

6. Data Security

As a cybersecurity company, we take the security of your data seriously. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to: - Encryption of data in transit (TLS/SSL) and at rest - Access controls and authentication mechanisms - Regular security assessments and monitoring - Employee security awareness training - Incident response procedures While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. - Contact form submissions: Retained for the duration of the business relationship plus 3 years - Consultation records: Retained in accordance with applicable professional standards and contractual obligations - Analytics data: Aggregated and anonymized data may be retained indefinitely - Marketing communications: Until you unsubscribe or request deletion When personal data is no longer required, we will securely delete or anonymize it.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information: - Access: Request a copy of the personal data we hold about you - Correction: Request correction of inaccurate or incomplete data - Deletion: Request deletion of your personal data, subject to legal retention requirements - Restriction: Request restriction of processing in certain circumstances - Portability: Request transfer of your data in a structured, machine-readable format - Objection: Object to processing based on legitimate interests or for direct marketing - Withdraw Consent: Withdraw consent at any time where processing is based on consent To exercise any of these rights, please contact us at support@siegepal.com. We will respond to your request within 30 days (or as required by applicable law).

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA): - Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected - Right to Delete: You may request deletion of your personal information - Right to Opt-Out: You have the right to opt out of the sale or sharing of your personal information. We do not sell your personal information. - Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights To submit a request, contact us at support@siegepal.com.

10. Cookies and Tracking Technologies

Our Site may use cookies and similar tracking technologies to enhance your experience. These may include: - Essential Cookies: Required for the Site to function properly (e.g., session management) - Analytics Cookies: Used to understand how visitors interact with the Site - Third-Party Cookies: Set by third-party services integrated into our Site (e.g., Calendly) You can control cookie preferences through your browser settings. Disabling certain cookies may affect Site functionality.

11. Third-Party Links

Our Site may contain links to third-party websites, including but not limited to Calendly, Upwork, and other service providers. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Children's Privacy

Our Site and Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete such information promptly.

13. International Data Transfers

SiegePal is based in San Diego, California, United States. If you access our Site or Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. Where required, we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) or other legally recognized mechanisms.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the updated policy on this page with a revised "Last Updated" date. We encourage you to review this Privacy Policy periodically. Your continued use of the Site or Services after any changes constitutes your acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: SiegePal LLC San Diego, California, United States Email: support@siegepal.com Web: www.siegepal.com