Privacy Policy
Last updated: April 28, 2026
1. Data controller
The controller for personal data collected through this site is:
- SPSec LLC
- Contact email: info@spsecllc.com
- Privacy email: privacy@spsecllc.com
2. Data we collect
Through the contact form we collect the following personal data:
- Full name
- Business email
- Company and sector
- Message content
- Sender IP address (solely for abuse prevention and technical rate-limiting)
We do not collect data passively via marketing or third-party tracking cookies. The site uses only technical cookies and the Cloudflare Turnstile service for anti-bot verification, which performs no persistent fingerprinting.
3. Purpose and legal basis
Data is processed for the following purposes:
- Responding to your inquiry — legal basis: consent (GDPR art. 6.1.a) granted upon submitting the form.
- Form abuse prevention (per-IP rate-limiting, captcha validation) — legal basis: legitimate interest (GDPR art. 6.1.f) in service availability.
- Subsequent commercial communications — only if expressly requested or under an existing contractual relationship.
4. Data retention
Messages received through the form are retained for the duration of the professional relationship and, thereafter, for the period legally required to comply with accounting, tax or legal obligations (max 6 years in the EU). Technical IP records used for rate-limiting are retained for only 1 hour.
5. Recipients and transfers
Your data may be processed by the following data processors, all bound by GDPR art. 28 contracts and recognized security certifications (ISO 27001, SOC 2):
- Microsoft Corporation — Azure (hosting), Microsoft 365 (mail). Data stored in the East US region with EU Standard Contractual Clauses in place.
- Cloudflare, Inc. — Turnstile captcha verification. Cloudflare is a signatory of the EU-US Data Privacy Framework.
We do not perform additional international data transfers to countries without adequate safeguards.
6. Your rights
As a data subject, you may exercise the following rights at any time:
- Access to your personal data
- Rectification of inaccurate data
- Erasure ("right to be forgotten")
- Restriction of processing
- Objection to processing
- Data portability
- Withdrawal of consent at any time
To exercise any of these rights, write to privacy@spsecllc.com stating the right you wish to exercise and, where applicable, attaching a copy of an identity document.
If you believe processing of your data infringes the law, you have the right to lodge a complaint with the data protection authority of your country of residence (e.g., the Spanish Data Protection Agency at www.aepd.es for EU residents in Spain).
7. Security
We apply state-of-the-art technical and organizational measures: TLS encryption in transit, credential segmentation, role-based access control, audit logging, and periodic security posture reviews. As a cybersecurity firm, we hold our own infrastructure to the same standards we recommend to our clients.
8. Changes
We may update this policy to reflect legal, operational or technological changes. Any substantial change will be communicated via prominent notice on this page and, where appropriate, by email.