Privacy Policy

9 Realms Security LLC is a cybersecurity managed services provider headquartered in Tampa, Florida. We deliver managed security operations, security testing, and governance, risk, and compliance services to organizations primarily in the United States.

Data Controller contact information:

Company

9 Realms Security LLC

Address

12651 N Dale Mabry Hwy #270115, Tampa, FL 33688

Phone

(802) 533-5157

Email

info@9realmssecurity.com

Privacy Contact

chuck.flynn@9realmssecurity.com

We collect information in the following categories depending on how you interact with us:

2.1 Information You Provide Directly

• Contact form submissions: name, email address, phone number, company name, and message content
• Webinar registrations: name, email address, job title, and company name
• Portal account creation: name, email address, organization name, and password (stored as a hashed credential)
• Service inquiries and sales communications: business contact details and information you share during the sales process
• Documents and files you upload to the Portal: security reports, evidence files, assessment materials, and other content you choose to store

2.2 Information Collected Automatically

• Log data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps when you visit the Website or Portal
• Usage data: features accessed, actions taken within the Portal, and session duration
• Device information: device type and screen resolution for Portal compatibility purposes

We do not use third-party advertising trackers, behavioral analytics platforms, or cross-site tracking technologies on our Website or Portal. We do not use cookies beyond what is technically necessary for authentication and session management.

2.3 Information from Third-Party Integrations

If you connect third-party security platforms (such as Microsoft 365, SentinelOne, or Stellar Cyber) to the Portal, we receive data from those platforms as authorized by your credentials. This data is used solely to populate your security dashboards and is not shared with other clients or used for any purpose beyond delivering the Portal features you have enabled.

2.4 Client Security Data

In the course of delivering professional security services, we may process security-sensitive data including vulnerability findings, network configurations, threat intelligence, and assessment results. This data is handled under the terms of the applicable Master Services Agreement and, where required, a Business Associate Agreement or Data Processing Agreement. It is not governed by this Privacy Policy for those specific service engagements.

We use the information we collect for the following purposes:

• To provide, maintain, and improve the Website and Portal
• To create and manage your Portal account and authenticate your access
• To deliver security services you have engaged us to provide
• To respond to your inquiries, contact form submissions, and support requests
• To send transactional emails including account confirmations, password resets, and service notifications
• To send webinar confirmations, reminders, and follow-up communications for events you have registered for
• To manage our business relationship with you including billing, invoicing, and contract management
• To improve the security and functionality of our Services
• To comply with applicable legal obligations

We do not use your personal information to serve advertising. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

If you are located in the European Union or United Kingdom, we process your personal data under the following legal bases:

• Contract performance: processing necessary to deliver services you have contracted with us for, or to take steps at your request prior to entering a contract
• Legitimate interests: processing necessary for our legitimate business interests, including operating and improving our Services, fraud prevention, and responding to inquiries, where such interests are not overridden by your rights and interests
• Legal obligation: processing necessary to comply with applicable law
• Consent: where we have obtained your consent, such as for optional communications. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal

5.1 Service Providers. We share information with third-party service providers who assist in operating our Website, Portal, and business. These providers process data on our behalf and are contractually required to protect your information. Our current service providers are listed in Section 6.

5.2 Professional Services Delivery. When you engage 9 Realms for professional security services, authorized contractors and subcontractors (such as assessors and testers) may access information necessary to deliver those services. All contractors are bound by confidentiality agreements.

5.3 Legal Requirements. We may disclose your information if required by law, regulation, court order, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of 9 Realms, our clients, or the public.

5.4 Business Transfers. If 9 Realms is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Website before your information becomes subject to a different privacy policy.

5.5 With Your Consent. We may share your information for other purposes with your explicit consent.

5.6 Aggregate Data. We may share aggregated, de-identified data that cannot reasonably be used to identify you with any party for any purpose.

The following third-party service providers may process personal data on our behalf in connection with the Website and Portal. We have executed data processing agreements or rely on their published Data Processing Addenda with each provider.

This list may be updated from time to time. Material additions to sub-processors will be communicated with thirty (30) days advance notice to clients subject to a Data Processing Agreement.

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

• Portal account data: retained for the life of your account and for two (2) years following account closure, after which it is deleted or anonymized
• Contact form and inquiry data: retained for three (3) years from the date of submission
• Webinar registration data: retained for two (2) years from the event date
• Billing and financial records: retained for seven (7) years as required by applicable tax and accounting law
• Security assessment data and client deliverables: retained per the terms of the applicable MSA, typically for the engagement period plus three (3) years
• Server log data: retained for ninety (90) days for security and troubleshooting purposes

8.1 All Users

Regardless of your location, you may:

• Request access to the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your information, subject to legal retention requirements
• Opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or contacting us at info@9realmssecurity.com

8.2 European Union and United Kingdom Users (GDPR / UK GDPR)

In addition to the rights above, if you are located in the EU or UK you have the right to:

• Data portability: receive your personal data in a structured, commonly used, machine-readable format
• Restriction of processing: request that we restrict processing of your data in certain circumstances
• Object to processing: object to processing based on legitimate interests
• Withdraw consent at any time where processing is based on consent
• Lodge a complaint with your local supervisory authority (e.g., ICO in the UK, or the relevant EU DPA)

We will respond to all rights requests within thirty (30) days. We may need to verify your identity before processing a request.

8.3 California Residents (CCPA / CPRA)

California residents have the following rights under the California Consumer Privacy Act:

• Right to know: request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, purposes, and third parties with whom we have shared it
• Right to delete: request deletion of your personal information, subject to certain exceptions
• Right to correct: request correction of inaccurate personal information
• Right to opt out of sale or sharing: we do not sell or share personal information as defined under the CCPA
• Right to limit use of sensitive personal information: we do not use sensitive personal information for purposes beyond those permitted under the CCPA
• Right to non-discrimination: we will not discriminate against you for exercising your privacy rights

To submit a CCPA request, contact us at info@9realmssecurity.com or (802) 533-5157. We will verify your identity and respond within forty-five (45) days, with a possible extension of an additional forty-five (45) days when reasonably necessary.

During the preceding 12 months, 9 Realms has not sold or shared personal information, and has not disclosed personal information to third parties for cross-context behavioral advertising.

9.1 We use a limited number of cookies and similar technologies on the Website and Portal:

• Authentication cookies: strictly necessary cookies that maintain your logged-in session in the Portal. These are essential for the Portal to function and cannot be disabled.
• Security cookies: cookies used to detect and prevent security threats such as CSRF attacks. Strictly necessary.
• Preference cookies: cookies that remember your Portal preferences such as display settings. These expire at the end of your session or after 30 days.

9.2 We do not use advertising cookies, cross-site tracking pixels, or behavioral analytics cookies. We do not participate in interest-based advertising networks.

9.3 You can control cookies through your browser settings. Disabling authentication cookies will prevent you from logging into the Portal.

10.1 9 Realms is based in the United States. If you access our Services from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

10.2 For users in the European Union or United Kingdom, we rely on the following transfer mechanisms where applicable: (a) the EU-US Data Privacy Framework for transfers to US service providers certified under that framework; (b) Standard Contractual Clauses (SCCs) adopted by the European Commission; or (c) other appropriate safeguards as permitted under applicable law.

10.3 For questions about international transfers, contact us at info@9realmssecurity.com.

11.1 We implement industry-standard technical and organizational security measures to protect your personal information, including:

• Encryption in transit (TLS) for all data transmitted between your browser and our Services
• Encryption at rest for data stored in our databases and file storage
• Row-level security and access controls in the Portal restricting data access to authorized users
• Multi-factor authentication for administrative access
• Regular security reviews and quarterly access control audits

11.2 Despite these measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

Our Services are not directed to children under the age of 18 and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at info@9realmssecurity.com and we will promptly delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the effective date at the top of this policy and provide notice via email to registered Portal users or through a prominent notice on the Website. Your continued use of the Services after the effective date of any update constitutes acceptance of the revised policy.

We encourage you to review this policy periodically. Prior versions are available upon request.

For privacy questions, rights requests, or complaints, contact us at:

Privacy Contact

Chuck Flynn

Email

info@9realmssecurity.com

Phone

(802) 533-5157

Mail

9 Realms Security LLC, 12651 N Dale Mabry Hwy #270115, Tampa, FL 33688

We will respond to all privacy requests within thirty (30) days. EU/UK users who are not satisfied with our response have the right to lodge a complaint with their local supervisory authority.

Governing Law: This Privacy Policy is governed by the laws of the State of Florida. Any disputes arising under this policy that are not resolved informally shall be subject to the dispute resolution provisions in our Terms and Conditions.