Home Privacy Policy
Legal

Privacy Policy

Effective Date: May 1, 2026  |  Last Updated: May 1, 2026  |  Version: 3.2

Summary: Protection Associates collects only the information necessary to provide our cybersecurity services and operate our website. We do not sell your personal information. We take extraordinary measures to protect the data we hold. This policy explains exactly what we collect, why, and what your rights are.

1 Who We Are

Protection Associates ("Company," "we," "us," or "our") is a cybersecurity services firm headquartered at 121 S Tejon Street, Suite 900, Colorado Springs, CO 80903. We provide managed cybersecurity, threat detection, network security, cloud security, endpoint protection, and compliance services to businesses.

This Privacy Policy applies to our website at protection-assocs.com, our client portals, and any services we provide. By using our website or engaging our services, you agree to the collection and use of information described in this policy.

2 Information We Collect

2.1 Information You Provide Directly

We collect information you provide when you:

  • Complete a contact or lead capture form (name, email, phone, company name)
  • Request a consultation, demo, or security audit
  • Apply for a position through our careers page
  • Subscribe to our newsletter or security insights
  • Engage with our live chat or email our team
  • Execute a service agreement with us as a client

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information, including:

  • Log data — IP address, browser type and version, operating system, referring URL, pages visited, time and date of visit, time spent on pages
  • Device information — device type, screen resolution, hardware model
  • Cookie data — see our Cookie Policy for full details
  • Usage analytics — click patterns, scroll depth, navigation paths (aggregated and anonymized)

2.3 Client Service Data

In providing cybersecurity services to enterprise clients, we may process security telemetry, log data, network traffic metadata, and endpoint data on their behalf. This data is processed solely as a data processor under our client's instructions and is governed by our Data Processing Agreement (DPA), not this Privacy Policy.

Data CategoryExamplesSource
Identity DataName, job title, companyDirectly from you
Contact DataEmail address, phone numberDirectly from you
Technical DataIP address, browser, device typeAutomatically collected
Usage DataPages visited, links clickedAutomatically collected
Communication DataEmails, form submissions, chat logsDirectly from you
Application DataResume, work history, referencesJob applicants only

3 How We Use Your Information

We use the information we collect for the following purposes:

  • To respond to inquiries — Contact form submissions, audit requests, and consultation bookings
  • To provide our services — Delivering managed security, compliance, and other contracted services to clients
  • To improve our website — Analyzing usage patterns to optimize performance and user experience
  • To send communications — Security insights, service updates, and marketing communications (with your consent where required)
  • To process job applications — Evaluating candidates for open positions
  • To comply with legal obligations — Responding to lawful requests from law enforcement or regulatory bodies
  • To protect our rights — Preventing fraud, abuse, and security threats to our platform

4 Legal Basis for Processing

For individuals in the European Economic Area (EEA) or United Kingdom, we process personal data under the following legal bases under GDPR:

  • Contract performance — Processing necessary to deliver services you've engaged us for
  • Legitimate interests — Improving our services, preventing fraud, and operating our business, where not overridden by your rights
  • Consent — Marketing communications and non-essential cookies, where you have provided explicit consent
  • Legal obligation — Compliance with applicable laws and regulatory requirements

5 How We Share Information

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

  • Service providers — Trusted vendors who assist in operating our website and delivering services (CRM, email platforms, analytics). All are bound by data processing agreements.
  • Professional advisors — Legal counsel, auditors, and insurers under confidentiality obligations
  • Law enforcement — When required by law, court order, or to protect rights, property, or safety
  • Business transfers — In connection with a merger, acquisition, or sale of assets, with notice to affected individuals

6 Data Retention

We retain personal data only as long as necessary for the purposes described in this policy or as required by law:

  • Contact/inquiry data — 3 years from last interaction, unless converted to a client relationship
  • Client relationship data — Duration of engagement plus 7 years for legal and compliance purposes
  • Job application data — 2 years for unsuccessful candidates; duration of employment plus applicable statutory period for hired candidates
  • Website analytics — 26 months (aggregated) / 14 months (individual-level)
  • Security and audit logs — 12 months minimum; longer if required by applicable law or active investigation

7 Security of Your Data

We are a cybersecurity company. We apply the same enterprise-grade security controls to your personal data that we deploy for our clients — including encryption at rest and in transit, access controls, privileged access management, and continuous monitoring of our systems.

Specific measures include:

  • AES-256 encryption for all stored data
  • TLS 1.3 for all data in transit
  • Role-based access controls and least-privilege principles
  • Multi-factor authentication for all internal systems
  • Regular penetration testing and vulnerability assessments
  • SOC 2 Type II certified operations
  • 24/7 security monitoring of all systems handling personal data

No method of transmission over the internet is 100% secure. While we employ industry-leading safeguards, we cannot guarantee absolute security. In the event of a data breach affecting your rights and freedoms, we will notify you and applicable regulators as required by law.

8 Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate or incomplete data
  • Deletion — Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements
  • Portability — Receive your data in a structured, machine-readable format
  • Objection — Object to processing based on legitimate interests or for direct marketing
  • Restriction — Request restriction of processing in certain circumstances
  • Withdraw consent — Withdraw previously given consent at any time without affecting prior processing

To exercise any of these rights, contact us at privacy@protection-assocs.com. We will respond within 30 days. You also have the right to lodge a complaint with your relevant data protection supervisory authority.

California Residents (CCPA/CPRA): You have additional rights including the right to know, delete, correct, and opt-out of the sale of personal information. We do not sell personal information. To submit a request, email privacy@protection-assocs.com.

9 Cookies & Tracking

We use cookies and similar tracking technologies on our website. For full details on the types of cookies we use, their purpose, and how to manage your preferences, please see our Cookie Policy.

You can control cookie preferences through your browser settings or our cookie consent manager. Disabling certain cookies may affect website functionality.

10 Third-Party Links

Our website may contain links to third-party websites, resources, and services. This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the privacy practices or content of external websites.

11 Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected data from a child, please contact us at privacy@protection-assocs.com.

12 International Data Transfers

Protection Associates is based in the United States. If you are located in the EEA, UK, or other regions with data protection laws, be aware that your information may be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction.

Where we transfer data from the EEA or UK to the United States or other third countries, we do so using appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.

13 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you via email or a prominent notice on our website. We encourage you to review this policy periodically. Continued use of our website or services after changes become effective constitutes your acceptance of the updated policy.

14 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: