Privacy Policy

Effective Date: April 1, 2026 · Last Updated: April 1, 2026

Laurel Shield ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website at security.laurelshield.com or engage our cybersecurity consulting services.

1. Information We Collect

Information You Provide

• Contact form submissions: name, email address, company, phone number, service interest, urgency level, and message content.
• Engagement data: information exchanged during consulting engagements, proposals, and service delivery (governed by separate service agreements).
• Communication records: emails, phone calls, and other correspondence you initiate with us.

Information Collected Automatically

• Server logs: IP address, browser type, operating system, referring URL, pages visited, and timestamps.
• Device data: screen resolution, language preference, and device type.

We do not use third-party tracking cookies or analytics services on this website. We do not serve advertisements.

2. How We Use Your Information

• To respond to your inquiries and provide requested services.
• To communicate about engagement progress, deliverables, and follow-ups.
• To improve our website functionality and user experience.
• To comply with legal obligations and enforce our terms.
• To protect against security threats and fraudulent activity.

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or other jurisdiction with similar data protection laws, we process your data under the following bases:

• Consent: when you voluntarily submit your information via our contact form.
• Legitimate interest: to operate our business, improve our services, and respond to inquiries.
• Contractual necessity: to fulfill our obligations under service agreements.
• Legal obligation: to comply with applicable laws and regulations.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information with:

• Service providers: trusted third parties who assist in operating our website and delivering services (e.g., email delivery via Resend). These providers are contractually bound to protect your data.
• Legal requirements: when required by law, court order, or governmental authority.
• Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to affected individuals.

5. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes described in this policy, or as required by law. Contact form submissions are retained for up to 24 months. Engagement records are retained as required by applicable regulations and contractual obligations.

6. Data Security

As a cybersecurity firm, we take data protection seriously. We implement industry-standard technical and organizational measures, including:

• Encryption in transit (TLS/HTTPS) and at rest.
• Access controls and principle of least privilege.
• Regular security assessments of our own infrastructure.
• Secure server configurations with security headers (CSP, HSTS, etc.).

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your personal data ("right to be forgotten").
• Restriction: request limited processing of your data.
• Portability: request your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interest.
• Withdraw consent: withdraw consent at any time where processing is consent-based.

To exercise any of these rights, contact us at privacy@laurelshield.com. We will respond within 30 days.

8. California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose.
• Request deletion of your personal information.
• Opt out of the sale or sharing of personal information (we do not sell your data).
• Non-discrimination for exercising your privacy rights.

9. International Data Transfers

We operate from Calgary, Alberta, Canada and serve clients globally. Your data may be transferred to and processed in Canada and other jurisdictions. We ensure appropriate safeguards are in place for international transfers in compliance with GDPR and PIPEDA.

10. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date. We encourage you to review this page periodically.

12. Contact Us

For privacy-related questions, requests, or complaints:

Laurel Shield
Email: privacy@laurelshield.com
General: contact@laurelshield.com
Location: Calgary, Alberta, Canada