Data Privacy and Security Policies

Overview

Numberline Security, LLC, provides strategic Zero Trust Security education and advisory services, helping enterprises make sense of, implement, operationalize, and obtain maximum security and business benefits from this modern approach to information security This document outlines our policies regarding data privacy, security practices, and compliance obligations.

Important Note: Numberline Security does not operate Software-as-a-Service (SaaS) applications or host client data on any application servers. Our business model focuses exclusively on cybersecurity consulting services, where client data is handled through standard business documents such as spreadsheets, presentations, and reports, and communications is via email and meetings.

Data Privacy Policy

Types of Information We Collect

Client Information:

  • Business contact information (names, titles, email addresses, phone numbers)
  • Company information (business name, address, industry sector)
  • Technical information about client systems and infrastructure (as disclosed during assessments)
  • Security assessment findings and recommendations
  • Billing and payment information

Confidential Client Data includes:

  • Network diagrams and architecture documentation
  • Security policies and procedures
  • Vulnerability assessment results
  • Incident response documentation
  • Risk assessment findings
  • Compliance audit materials

How We Use Information

Client information is used exclusively for:

  • Providing cybersecurity advisory services
  • Conducting security assessments and audits
  • Developing customized security recommendations
  • Maintaining ongoing client relationships
  • Billing and administrative purposes
  • Legal and regulatory compliance

Marketing and Promotion

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these email. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.

Information Sharing and Disclosure

Numberline Security maintains strict confidentiality and does not share client information except:

  • With explicit written client consent
  • When required by law or legal process
  • To protect our legal rights or comply with court orders
  • In case of business acquisition (with prior client notification)

Data Retention

Client data is retained according to the following schedule:

  • Active Projects: Data retained for duration of engagement plus 90 days
  • Completed Projects: Documentation retained for 7 years for legal compliance
  • Financial Records: Retained for 7 years per regulatory requirements
  • Security Assessments: Technical findings retained for 3 years

Security Policy

Information Security Framework

Numberline Security implements a best practices information security program tailored to organizations of our size and technology footprint.

Digital Security Controls

Access Controls:

  • Multi-factor authentication (MFA) for all sensitive systems
  • Role-based access controls
  • Regular access reviews and deprovisioning
  • Strong password policies

Data Protection:

  • Encryption of data at rest
  • Encryption of data in transit
  • Full disk encryption on all devices

Data Handling Procedures

Document Security

Given our consulting model, client data is primarily handled through business documents. Our document security procedures include:

Creation and Storage:

  • All client documents created on encrypted, company-managed devices
  • Storage in encrypted, access-controlled cloud repositories
  • Version control and audit trails for all documents
  • Client-specific folder structures with access restrictions

Processing and Analysis:

  • Data minimization – only necessary data collected
  • Purpose limitation – data used only for stated consulting purposes
  • Pseudonymization where possible in reports and presentations
  • Secure workstations for data analysis

Client Rights and Requests

Data Subject Rights

Clients and individuals have the following rights regarding their personal data:

  • Right to Access: Request copies of personal data we hold
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of personal data
  • Right to Restrict Processing: Limit how we use personal data
  • Right to Data Portability: Receive personal data in portable format
  • Right to Object: Object to processing of personal data

How to Exercise Rights

To exercise these rights or make requests regarding your data:

  • Submit written requests to info[at]numberlinesecurity.com
  • Include specific details about your request
  • Provide identification verification
  • Response provided within 30 days

Feedback and Questions

We welcome client feedback on our policies and procedures. Please contact our  team with any questions or concerns via email info[at]numberlinesecurity.com

Last Updated: September 10, 2025