Legal

Privacy Policy

Last updated: January 1, 2025 · Applies to security.spsnet.com and all SPS Security services

Contents

1. Who We Are 2. Information We Collect 3. How We Use Your Information 4. Information Sharing 5. Data Security 6. Data Retention 7. Your Rights 8. Cookies and Tracking 9. Contact Us

1. Who We Are

SPS Inc. ("SPS", "we", "us", "our") operates the security services website at security.spsnet.com and delivers managed cybersecurity services including SOC as a Service, Vulnerability Assessment and Penetration Testing (VAPT), and Cyber Range training programs. Our corporate website is www.spsnet.com.

MYID Self Verify, accessible at www.myidselfverify.com, is a related product developed by SPS Inc. on IBM Security Verify. MYID Self Verify maintains its own privacy policy.

For all privacy inquiries, contact us at: security@spsnet.com

2. Information We Collect

Information You Provide

  • Contact information submitted through forms: name, work email, phone number, organization name, and job title
  • Messages and descriptions of your security requirements
  • Newsletter subscription email addresses
  • Resource download requests

Information Collected Automatically

  • IP address and approximate geographic location
  • Browser type and version
  • Pages visited and time spent on each page
  • Referring URL and search terms
  • Device type and operating system

Information from Service Engagements

During delivery of security services (SOC monitoring, VAPT, Cyber Range), we may process data from your organization's systems as necessary to deliver the contracted service. This processing is governed by your service agreement and data processing addendum, not this policy.

3. How We Use Your Information

We use the information collected to:

  • Respond to inquiries and provide requested information about our services
  • Prepare and deliver service proposals and quotations
  • Deliver contracted security services
  • Send newsletters and security intelligence content (with your consent)
  • Improve our website and service offerings
  • Comply with legal obligations
  • Prevent fraud and maintain security of our own systems

We do not use your information for automated decision-making or profiling for marketing purposes. We do not sell your personal data to any third party.

4. Information Sharing

SPS does not sell, rent, or trade personal data. We may share information with:

  • Service delivery partners: Trusted subprocessors who assist in delivering our services, under contractual data protection obligations
  • Professional advisors: Legal, accounting, or audit firms, under confidentiality obligations
  • Law enforcement: Where required by applicable law, regulation, or legal process
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to affected individuals

All client engagement information is handled under mutual NDA. We will not disclose any information provided by prospective or current clients to any third party without explicit written consent.

5. Data Security

SPS implements appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. As a cybersecurity company, we apply rigorous security controls including:

  • Encrypted data transmission (TLS 1.3 minimum) for all website communications
  • Encrypted storage for all contact form submissions and client data
  • Access controls limiting data access to authorized personnel on a need-to-know basis
  • Regular security assessments of our own systems
  • Employee security awareness training and background checks

In the event of a data breach affecting your personal information, we will notify you as required by applicable law, and no later than 72 hours after becoming aware of the breach.

6. Data Retention

We retain personal data only for as long as necessary for the purpose it was collected:

  • Contact form submissions: 24 months from last contact, or for the duration of any resulting engagement
  • Newsletter subscriptions: Until you unsubscribe
  • Service engagement data: As specified in your service agreement, typically 7 years for compliance purposes
  • Website analytics data: 26 months

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your personal data ("right to be forgotten")
  • Object to or restrict our processing of your data
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, email security@spsnet.com with "Privacy Request" in the subject line. We will respond within 30 days.

8. Cookies and Tracking

This website uses minimal cookies necessary for operation. We do not use advertising cookies or third-party tracking pixels. Essential cookies used include:

  • Session cookies: Temporary cookies enabling basic website functionality, deleted when you close your browser
  • Analytics cookies: Anonymous usage statistics to improve the website. IP addresses are anonymized.

You may disable cookies in your browser settings. This will not materially affect your ability to use this website.

9. Contact Us

For all privacy-related inquiries, data subject requests, or to report a privacy concern:

Email: security@spsnet.com

Subject line: Privacy Request

Website: www.spsnet.com

We take privacy seriously. As a security company, handling information with care is fundamental to our business and our values.