Thank you for visiting 38North’s website. This Privacy Policy explains how we collect, use, share, and protect the personal information you provide to us through our website. By using our website, you consent to the practices described in this Privacy Policy. 38North Security identifies and complies with all applicable privacy laws, regulations, and contractual requirements related to the preservation of privacy and protection of personal identifiable information (PII).

We may collect the following types of personal information when you visit or interact with our website:

1. Information You Provide: When you voluntarily submit information through our website forms or contact us, we may collect your name, email address, phone number, and any other information you provide.
2. Automatically Collected Information: We may automatically collect certain information about your visit to our website, such as your IP address, browser type, referring website, pages viewed, and the date and time of your visit. We may use cookies or similar technologies to collect this information.

We only collect the minimum PII necessary to fulfill contractual and business obligations, and such data is classified and safeguarded under our Information Security Management System (ISMS) aligned to ISO/IEC 27001:2022.

We may use the collected information for the following purposes:

1. To provide and improve our services, including responding to your inquiries and fulfilling your requests.
2. To personalize your experience on our website and to deliver relevant content and offers based on your preferences.
3. To communicate with you.

All uses of personal information are limited to the purposes for which it was collected and will comply with applicable laws and regulations, including consent or lawful basis requirements where applicable (e.g., GDPR, CCPA, HIPAA).

You may opt out of marketing communications at any time by contacting us directly.

Our website uses cookies, which are small text files stored on your device, to enhance your browsing experience and provide certain functionality. By using our website, you consent to the use of cookies as described in this Privacy Policy.

We use the following Google Analytics cookies on our website:

1. Visitor, Session, and Campaign Cookies: These cookies help us calculate visitor, session, and campaign data and track site usage. The information is stored anonymously, as the cookie assigns a randomly generated number to recognize unique visitors.
2. Anonymous Usage Cookies: These cookies store information on how visitors use the website, such as the number of visitors, their source, and the pages they visited anonymously.
3. Unique User ID Cookie: This cookie stores a unique user ID, allowing us to identify returning visitors and provide a more personalized experience.
4. Page View Cookies: These cookies store and count page views, helping us analyze website traffic and improve our services.

You can control and manage cookies through your browser settings. Please note that blocking or deleting cookies may impact certain features and functionality of our website.

Google provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout and by Google Analytics for Display Advertising or the Google Display Network at https://www.google.com/settings/ads/onweb/.

We may share your personal information with third parties in the following circumstances:

1. Legal Requirements: We may disclose your personal information if required to do so by law or if we believe that such action is necessary to comply with legal obligations or protect our rights, property, or safety.

We may also share your personal information with trusted third-party service providers when necessary to operate our business. All such providers are contractually required to protect PII in accordance with applicable laws, regulations, and equivalent security and privacy standards.

We implement a variety of physical and technical security measures to protect the confidentiality, integrity, and availability of your personal information. However, please be aware that no security measures are perfect or impenetrable, and we cannot guarantee the absolute security of your information.

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, including providing requested resources, maintaining business relationships, and complying with legal, regulatory, or contractual obligations. When personal information is no longer required and/or retention requirements expire, PII is securely deleted, anonymized, or otherwise disposed of in line with our ISMS procedures.

Depending on your jurisdiction and applicable laws (e.g., GDPR, CCPA, HIPAA, or U.S. federal contract requirements), you may have specific rights such as access, correction, deletion, or restriction of processing. These may include the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your personal information
• Object to or restrict certain processing of your information
• Opt out of receiving marketing communications from us at any time

To exercise any of these rights, please contact us at info@38northsecurity.com. 38North Security will honor these rights in accordance with applicable legal and contractual requirements.

Our website is not directed at individuals under the age of 18. We do not knowingly collect personal information from children under this age. If you believe we have collected personal information from a child, please contact us immediately, and we will take steps to remove the information from our systems.

38North Security maintains processes to identify, assess, and comply with all applicable privacy laws, regulations, and contractual requirements regarding PII. We regularly review and update our privacy and security practices to ensure alignment with evolving requirements and our ISMS. Our program is designed to comply with ISO/IEC 27001:2022 expectations for privacy risk management.

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar data protection laws, we process your personal information on one or more of the following legal bases:

• Your consent (for example, when you submit a form or opt in to communications)
• Our legitimate business interests, such as responding to inquiries, providing requested resources, and improving our services
• Compliance with legal obligations

Where processing is based on consent, you may withdraw your consent at any time.

Our website is operated in the United States. If you are accessing our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate. By using our website or submitting your information, you consent to this transfer.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated Privacy Policy on our website with a new effective date.