Privacy Policy

SecureStepPartner LLC ("SecureStepPartner," "we," "us," or "our") operates the websites https://securestep.io and https://securesteppartner.com (collectively, the "Sites"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Sites, use our services, or interact with our digital properties.

By using our Sites, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please discontinue use of our Sites immediately.

This Privacy Policy applies to:

• All pages on securestep.io and securesteppartner.com
• Contact forms and lead capture forms
• Security assessments, questionnaires, and diagnostic tools
• File uploads (including PCAP files, screenshots, documents, and other technical artifacts)
• Meeting bookings and calendar integrations
• Email subscriptions and newsletters
• Any other data collection activities conducted through our Sites

Personal Data: Any information that identifies, relates to, describes, or is reasonably capable of being associated with an individual, including but not limited to name, email address, phone number, company name, job title, IP address, and device identifiers.

Uploaded Files: Technical files, network captures (PCAP), screenshots, documents, and other materials voluntarily submitted through our assessment tools or contact forms.

Usage Data: Information automatically collected about how you interact with our Sites, including page views, clicks, session duration, referral sources, and device/browser information.

We use the information we collect to:

• Provide, maintain, and improve our services
• Respond to your inquiries and fulfill service requests
• Conduct security assessments, threat analysis, and technical evaluations
• Send transactional emails (assessment results, meeting confirmations, service updates)
• Send marketing communications (newsletters, insights, product updates) with your explicit consent
• Analyze usage patterns to improve site performance and user experience
• Detect, prevent, and address technical issues or fraudulent activity
• Comply with legal obligations and enforce our terms of service

We do not sell your Personal Data to third parties.

We may share your information in the following circumstances:

• Service Providers: We work with trusted third-party vendors (hosting, analytics, email delivery, CRM systems) who process data on our behalf under strict confidentiality agreements.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
• Legal Compliance: We may disclose information if required by law, court order, subpoena, or to protect the rights, property, or safety of SecureStepPartner, our users, or others.
• With Your Consent: We may share information for purposes disclosed at the time of collection or with your explicit permission.

We retain your Personal Data and uploaded files for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Assessment data and uploaded files: Retained for up to 3 years or until you request deletion
• Contact form submissions: Retained until you opt out or request deletion
• Email subscribers: Retained until you unsubscribe
• Usage data: Retained for up to 24 months for analytics purposes

We implement commercially reasonable security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit (TLS/SSL) and at rest
• Access controls and role-based permissions
• Regular security audits and vulnerability assessments
• Secure storage and disposal of data

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request a copy of the Personal Data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your Personal Data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request a machine-readable copy of your data
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise these rights, please contact us at privacy@securesteppartner.com. We will respond within 30 days.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of the categories and specific pieces of Personal Data we collect
• Right to Delete: Request deletion of your Personal Data
• Right to Opt-Out: We do not sell Personal Data, so no opt-out mechanism is required
• Right to Non-Discrimination: You have the right to exercise CCPA rights without discriminatory treatment

To submit a CCPA request, please contact us at privacy@securesteppartner.com. We may require verification of your identity before processing requests.

Our Sites are not intended for individuals under the age of 18. We do not knowingly collect Personal Data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete it promptly.

Our Sites may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

Your information may be transferred to, and processed in, countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. By using our Sites, you consent to such transfers. We take steps to ensure adequate safeguards are in place, including Standard Contractual Clauses where applicable.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email or a prominent notice on our Sites. Your continued use of our Sites after changes are posted constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: