Privacy Policy

01Who We Are

Tower Zero Security LLC is a cybersecurity company headquartered in Connecticut, United States. We provide managed security operations, Microsoft 365 threat monitoring, identity protection, and incident response services to professional services firms and businesses across the United States.

For purposes of this Privacy Policy, Tower Zero Security LLC is the "data controller" — meaning we determine how and why personal information is processed.

02Information We Collect

Information You Provide Directly

We collect information you voluntarily provide when you contact us, submit a form on our website, or engage our services. This includes:

• Name, email address, phone number, and company name submitted through contact forms or assessment requests
• Information you include in messages, inquiries, or communications sent to us
• Business information provided during onboarding and service delivery, including company size, technical environment details, and security posture information
• Payment and billing information processed through our payment providers (we do not store full payment card numbers)

Information Collected Automatically

When you visit our website, we automatically collect certain technical information, including:

• IP address, browser type, operating system, and device information
• Pages visited, time spent on pages, referring URLs, and navigation patterns
• Cookies and similar tracking technologies (see Section 8)

Information from Third Parties

We may receive information about you from third parties such as advertising platforms, analytics providers, or business partners. We use this information consistent with the purposes described in this policy.

03How We Use Your Information

We use the information we collect to:

• Respond to your inquiries, contact form submissions, and assessment requests
• Provide, operate, and improve our cybersecurity services
• Onboard new clients and configure monitoring and protection services
• Communicate with you about your account, services, incidents, and security matters
• Send service updates, security advisories, and relevant industry information (you may opt out at any time)
• Process payments and manage billing
• Comply with applicable legal obligations, including breach notification requirements
• Protect the security and integrity of our services and systems
• Analyze and improve our website and marketing efforts
• Defend against legal claims or enforce our agreements

We do not sell your personal information to third parties. We do not use your personal information for automated decision-making that produces legal or similarly significant effects without human involvement.

04How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

• Service Providers: We share information with trusted third-party vendors who help us operate our business — including hosting providers, payment processors, email delivery services, CRM platforms, and analytics tools. These vendors are contractually required to protect your information and use it only for the purposes we specify.
• Security Tools and Partners: In delivering our services, we use security platforms including Huntress and Microsoft tools that may process technical data about your environment. This data is used solely for security operations purposes.
• Legal Requirements: We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: If Tower Zero Security LLC is acquired, merged, or undergoes a change of ownership, your information may be transferred as part of that transaction. We will notify you via email or prominent website notice before your information is transferred and becomes subject to a different privacy policy.
• With Your Consent: We may share your information for any other purpose with your explicit consent.

05Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy, maintain our business relationship with you, comply with legal obligations, resolve disputes, and enforce our agreements.

For active clients, we retain service-related data for the duration of the engagement and for a period of at least three (3) years following termination, consistent with cybersecurity incident documentation best practices and potential legal or insurance requirements.

For website visitors and prospective clients who do not become customers, we retain contact form submissions and inquiry data for up to two (2) years.

When we no longer need your information, we delete or anonymize it securely. You may request earlier deletion as described in Section 7.

06Security

We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures include encryption in transit and at rest, access controls, and regular security assessments.

As a cybersecurity company, security is not just a compliance obligation for us — it is our core business. We apply the same rigor to protecting your information that we apply to protecting our clients' environments.

No method of transmission over the internet or method of electronic storage is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at support@towerzerosecurity.com.

07Your Rights & Choices

Depending on your state of residence, you may have the following rights with respect to your personal information:

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request that we correct inaccurate or incomplete personal information.
• Deletion: You may request that we delete your personal information, subject to certain exceptions (such as our legal obligation to retain certain records).
• Opt-Out of Marketing: You may opt out of receiving marketing communications from us at any time by clicking the unsubscribe link in any email or by contacting us directly.
• Data Portability: Where technically feasible, you may request a copy of your personal information in a structured, machine-readable format.
• Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, please contact us at support@towerzerosecurity.com. We will respond to verified requests within 45 days. We may need to verify your identity before processing your request.

08Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyze website traffic, and support our marketing efforts. The types of cookies we use include:

• Essential Cookies: Required for the website to function properly. These cannot be disabled.
• Analytics Cookies: We use Google Analytics to understand how visitors interact with our website. This data is aggregated and anonymized where possible.
• Marketing Cookies: We use Meta Pixel and Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. These cookies may track your activity across websites.

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our website. You may also opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

09Third-Party Links

Our website may contain links to third-party websites, including our technology partners such as Huntress and Microsoft. These websites have their own privacy policies, and we are not responsible for their content or practices. We encourage you to review the privacy policies of any third-party websites you visit.

10Children's Privacy

Our website and services are intended for business professionals and are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will delete that information promptly. If you believe we may have collected information from a child under 13, please contact us at support@towerzerosecurity.com.

11State-Specific Privacy Rights

California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete personal information, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising these rights. We do not sell or share personal information as defined under California law. To exercise your California privacy rights, contact us at support@towerzerosecurity.com.

Virginia, Colorado, Connecticut, Texas, and Other State Residents

Residents of states with comprehensive privacy laws — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and others — have similar rights to access, correct, delete, and port their personal data, and to opt out of targeted advertising and profiling. To submit a privacy request, contact us at support@towerzerosecurity.com. We will respond within the timeframe required by your state's applicable law.

12Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this policy and, where appropriate, notify you by email or through a notice on our website.

Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

13Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: