Privacy Policy.
PraetorShield is a confidential cyber risk advisory. This policy explains, in plain language, what information we collect when you use praetorshield.com, why, and what we do (and do not do) with it. If anything below is unclear, write to privacy@praetorshield.com and we will answer in writing.
1. Who we are
PraetorShield ("we", "us") operates praetorshield.com and provides external cyber risk intelligence and authorized security assessment services. We are the controller of personal data submitted to the site for the purposes described below.
2. What we collect
Intake submissions
When you submit the contact form or the engagement authorization form we receive the information you provide — typically a work email address, organization name, domain, role, named technical owner, and any free-text context you choose to include.
Payment information
Payments are processed by Stripe. We never see or store card numbers, CVCs, or banking credentials. Stripe shares with us only the information needed to issue receipts and reconcile engagements (typically the cardholder name, billing email, and a transaction reference).
Site usage
Our hosting provider records standard request logs (IP address, user-agent, timestamp, requested URL) for security and reliability. We do not use third-party analytics, advertising trackers, or marketing cookies on praetorshield.com.
3. Why we use it
- To respond to inbound requests and prepare confidential briefings.
- To prepare counter-signed engagement letters and deliver authorized engagements.
- To process payments and issue receipts.
- To operate, secure, and improve praetorshield.com.
- To comply with legal, regulatory, or contractual obligations.
4. Who we share it with
We do not sell personal data, and we do not share engagement information for marketing. Limited disclosures occur only to:
- Stripe — for payment processing (see Stripe's own privacy notice).
- Our infrastructure providers — for hosting, email, and document storage, under standard data-protection terms.
- Authorities — only where required by valid legal process, and where lawfully permitted, we notify you first.
Engagement findings and evidence are confidential by default. We do not publish client data, comment on engagements, or use findings for marketing. Disclosure beyond the engagement file occurs only with your written direction.
5. Retention
Intake submissions are retained while an engagement is active and for a defensible period thereafter (typically the longer of the applicable statute of limitations or seven years), then deleted. Engagement files are retained per the terms of the counter-signed engagement letter. You may request earlier deletion of intake data at any time, subject to legal hold requirements.
6. Your rights
Depending on where you are based you may have rights to access, correct, delete, restrict, or port your personal data, and to object to processing. To exercise these rights, write to privacy@praetorshield.com. We will respond within a reasonable period and in any case within statutory deadlines.
7. Security
We apply appropriate technical and organizational measures to protect data we hold, including encryption in transit, access controls, document classification, and a principle of minimum collection. No system is invulnerable; if you believe you have identified a security issue on praetorshield.com, please see our Responsible Disclosure page.
8. Changes to this policy
When material changes are made, the effective date at the top of this page will be updated. The current version always governs.
9. Contact
Privacy: privacy@praetorshield.com
Security: security@praetorshield.com