Privacy Policy

This Privacy Policy describes how NAXOS CONSULTANTS LLC ("NAXOS," "we," "us," or "our") collects, uses, discloses, and protects information about individuals who visit our website at naxos.help ("Site") or engage our professional services ("Services"). This Policy applies to business contacts, prospective clients, and current clients.

NAXOS is committed to protecting your privacy and handling your personal information in compliance with applicable laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the General Data Protection Regulation (GDPR) where applicable.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide when you:

• Complete our contact or inquiry forms (name, company, email, phone, message);
• Request a proposal or service quotation;
• Execute a Statement of Work or service agreement;
• Communicate with us via email, phone, or other channels;
• Make a payment for our Services.

This information may include: full name, job title, company name, business email address, business phone number, billing address, and payment information (processed by Stripe — we do not store raw card data).

1.2 Information Collected Automatically

When you visit our Site, we may automatically collect:

• IP address and approximate geographic location;
• Browser type and version;
• Operating system;
• Pages visited and time spent on each page;
• Referring URL;
• Date and time of visit.

This information is collected via server logs and analytics tools for the purpose of improving our Site and understanding visitor behavior.

1.3 Information from Third Parties

We may receive information about you from third-party sources such as business directories, LinkedIn, or referrals from existing clients, solely for the purpose of business development and service delivery.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To perform the consulting services you have engaged, including conducting security assessments, preparing reports, and communicating findings;
• Contract Administration: To manage our business relationship, including invoicing, payment processing, and contract management;
• Communication: To respond to your inquiries, provide updates on ongoing engagements, and send service-related notifications;
• Business Development: To send information about our services, case studies, and industry insights (with your consent where required by law);
• Legal Compliance: To comply with applicable laws, regulations, and legal processes;
• Site Improvement: To analyze Site usage and improve our online presence;
• Security: To protect the integrity of our systems and prevent fraud.

3. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA) or United Kingdom, we process personal data on the following legal bases:

• Contract Performance: Processing necessary to perform a contract with you or to take steps at your request before entering into a contract;
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services and conducting business development, where these interests are not overridden by your rights;
• Legal Obligation: Processing necessary to comply with applicable laws;
• Consent: Where we have obtained your consent for specific processing activities, such as marketing communications.

4. How We Share Your Information

NAXOS does not sell your personal information. We may share your information in the following limited circumstances:

• Service Providers: We engage trusted third-party service providers to assist in delivering our services, including payment processing (Stripe), email communications, and cloud storage. These providers are contractually bound to use your information only as directed by NAXOS and in accordance with applicable privacy laws;
• Legal Requirements: We may disclose your information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of NAXOS, our clients, or the public;
• Business Transfers: In the event of a merger, acquisition, or sale of substantially all of our assets, your information may be transferred to the successor entity, subject to the same privacy protections;
• With Your Consent: We may share your information for other purposes with your explicit consent.

We do not share client security findings, vulnerability reports, or system information with any third party without your prior written consent.

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required by law. Specifically:

• Client engagement records (contracts, reports, correspondence): Retained for seven (7) years following the end of the engagement, consistent with Florida business record requirements;
• Payment records: Retained for seven (7) years for tax and accounting purposes;
• Inquiry and contact form submissions: Retained for two (2) years if no engagement results;
• Site analytics data: Retained for up to twenty-four (24) months in aggregated form.

Upon expiration of the applicable retention period, we securely delete or anonymize personal information.

6. Data Security

NAXOS implements administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include encryption of data in transit (TLS 1.2+), access controls, and regular security reviews of our own systems.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify affected individuals and applicable authorities as required by law.

7. Your Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the CCPA and CPRA:

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, and how we use and share it;
• Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions;
• Right to Correct: You may request correction of inaccurate personal information;
• Right to Opt-Out of Sale/Sharing: NAXOS does not sell or share personal information for cross-context behavioral advertising;
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those permitted by the CPRA;
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at [email protected]. We will respond within forty-five (45) days, with a possible extension of an additional forty-five (45) days where reasonably necessary.

8. Your Rights Under GDPR (EEA/UK Residents)

If you are located in the European Economic Area or United Kingdom, you have the following rights:

• Right of Access: To obtain a copy of your personal data;
• Right to Rectification: To correct inaccurate or incomplete data;
• Right to Erasure: To request deletion of your data under certain circumstances;
• Right to Restriction of Processing: To restrict how we use your data in certain circumstances;
• Right to Data Portability: To receive your data in a structured, machine-readable format;
• Right to Object: To object to processing based on legitimate interests or for direct marketing;
• Right to Withdraw Consent: Where processing is based on consent, to withdraw that consent at any time.

To exercise these rights, contact us at [email protected]. You also have the right to lodge a complaint with your local supervisory authority.

9. International Data Transfers

NAXOS is based in the United States. If you are located outside the United States, your information may be transferred to and processed in the United States, where privacy laws may differ from those in your jurisdiction. For transfers from the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

10. Cookies and Tracking Technologies

Our Site may use cookies and similar tracking technologies to improve functionality and analyze usage. We use only essential and analytics cookies. We do not use advertising or cross-site tracking cookies. You may configure your browser to refuse cookies, though this may affect certain Site functionality.

11. Children's Privacy

Our Services are directed exclusively to business clients. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected such information, we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the revised Policy on our Site with an updated "Last Updated" date. For material changes, we will provide additional notice via email to clients with active engagements.

13. Contact Us

For privacy-related inquiries, requests to exercise your rights, or questions about this Policy, please contact our Privacy Officer:

NAXOS CONSULTANTS LLC
Attn: Privacy Officer
5370 Las Verdes Circle, Apt 314
Delray Beach, FL 33484
Email: [email protected]
Phone: +1 (561) 668-1470