Keeping Your Data Secure is Our Priority

Effective Date: November 2025
Last Updated: November 2025

Septimus Cyber Solutions LLC (“Septimus Cyber,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal information in accordance with applicable data protection laws and cybersecurity standards. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website or engage with our professional cybersecurity, advisory, and compliance services.
 

Our data protection program aligns with industry frameworks, including:
• NIST Cybersecurity Framework (CSF)
• NIST Risk Management Framework (RMF)
• ISO/IEC 27001
• SOC 2 Type II
• GLBA, CCPA/CPRA, GDPR, HIPAA, and COPPA

 

This policy applies to all websites, client portals, and digital services provided by Septimus Cyber Solutions LLC, headquartered at:
7014 Smith Corners Boulevard, Charlotte, NC 28269, USA.

 

We may collect the following categories of personal information:
A. Personal Identifiers: Name, email address, phone number, physical address, and other contact details.
B. Technical & Usage Data: Device identifiers, IP address, browser type, session logs, referring URLs, and diagnostic data collected through cookies or analytics tools.
C. Professional or Client Information: Employment details, role, or business affiliation related to our services.
D. Sensitive or Regulated Data: Financial or security-sensitive information under GLBA, HIPAA, or FERPA/COPPA (for K-12 clients) in compliance with U.S. federal and state laws.

 

We process personal data for the following lawful purposes:
• To deliver, maintain, and improve our cybersecurity and advisory services.
• To administer client accounts, manage access, and perform contractual obligations.
• To comply with regulatory frameworks such as NIST RMF, SOC 2, GLBA, and GDPR.
• To provide threat intelligence updates, training resources, and client support.
• To detect, prevent, and respond to security incidents or potential fraud.
• To send service communications, technical notices, and compliance updates.
• To fulfill legal, regulatory, and audit requirements.

 

If you are located in the European Economic Area (EEA) or United Kingdom, we rely on one or more of the following legal bases:
• Consent (Article 6(1)(a))
• Contractual necessity (Article 6(1)(b))
• Legal obligation (Article 6(1)(c))
• Legitimate interests (Article 6(1)(f)) in securing our systems and preventing misuse.

 

Depending on your jurisdiction, you have the right to:
• Access your personal data
• Request correction or deletion (“Right to be Forgotten”)
• Restrict or object to processing
• Request data portability
• Withdraw consent at any time
• File a complaint with your local supervisory authority
 

To exercise these rights, contact privacy@septimuscyber.com.

 

We retain data only as long as necessary for the purposes outlined in this Policy, to comply with legal obligations, resolve disputes, and maintain audit records. Retention periods are determined by regulatory and contractual obligations, including GLBA (financial data) and SOC 2 audit standards.

 

If data is transferred outside your jurisdiction, Septimus Cyber ensures safeguards via:
• Standard Contractual Clauses (SCCs)
• U.S.–EU Data Privacy Framework participation
• Encryption and strict access control

 

We apply technical and organizational measures aligned with NIST CSF, SOC 2, and ISO 27001 standards, including:
• Network segmentation and encryption in transit and at rest
• Multi-factor authentication
• Continuous vulnerability and penetration testing
• Employee cybersecurity training
• Third-party risk assessments and vendor due diligence

 

In the event of a data breach, Septimus Cyber will:
• Investigate promptly and contain the incident
• Notify affected individuals and authorities within 72 hours when legally required
• Cooperate fully with regulators under GDPR, CCPA, and U.S. state breach laws

 

We do not knowingly collect data from children under 13. For educational cybersecurity services (e.g., K-12 clients), data is processed only under school or parental consent in compliance with COPPA and FERPA. Parents may review, request deletion, or withdraw consent at any time.

 

Our website uses cookies and analytics to improve performance. You may manage cookie preferences through your browser or opt-out banner. For details, see our Cookie Policy at https://www.septimuscyber.com/cookie-policy

 

Our website may include links to external or partner sites (e.g., client portals, SOC 2 vendors, training platforms). Septimus Cyber is not responsible for third-party privacy practices. We encourage you to review their privacy notices before providing personal data.

 

We may update this Privacy Policy periodically to reflect technological, regulatory, or operational changes. The latest version will always be posted on our website with a revised “Last Updated” date.

 

If you have questions, complaints, or data rights requests, please contact:
Privacy Office – Septimus Cyber Solutions LLC
Email: privacy@septimuscyber.com
Address: 7014 Smith Corners Blvd, Charlotte, NC 28269, USA