Skip to main content

LufSec

  • All Products
  • Blog
  • About
  • Contact Us
  • Sign In

Privacy Policy

Effective Date: April 22, 2026 Last Updated: April 22, 2026 LufSec LLC ("LufSec," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit lufsec.com, blog.lufsec.com, or any related subdomains (collectively, the "Site"), enroll in our online courses, or use our cybersecurity consulting, training, and advisory services (collectively, the "Services"). By using the Site or Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Site or Services. 1. Who We Are LufSec LLC is a cybersecurity training and consulting company headquartered in Chandler, Arizona, USA. We provide online courses, security awareness training, penetration testing, risk management, vulnerability management, PCI compliance, data recovery, and related information security services. Contact: LufSec LLC 2177 S McQueen Rd Chandler, Arizona 85286 United States Email: [email protected] Phone: (920) 215-1677 2. Information We Collect We collect information in three ways: information you provide directly, information collected automatically, and information from third parties. 2.1 Information You Provide Account information: name, email address, username, password (hashed), profile photo, country, and time zone when you register for a LufSec account. Course and certification data: courses you enroll in, progress, quiz/lab submissions, completion status, and certificates earned. Payment information: billing name, billing address, and the last four digits of your payment card. Full payment card numbers are collected and processed directly by our PCI-compliant payment processors (e.g., Stripe, PayPal). We do not store full card numbers on our servers. Communications: messages you send us through contact forms, support requests, email, phone, newsletter signups, comments on blog posts, and reviews or testimonials. Consulting engagement data: business contact details, project scope information, and any information you share during a consulting or assessment engagement (handled under a separate engagement agreement or NDA where applicable). Marketing preferences: email subscription status and topic preferences. 2.2 Information Collected Automatically When you use the Site, we and our service providers automatically collect: Device and browser data: IP address, device type, operating system, browser type and version, language, and screen resolution. Usage data: pages viewed, links clicked, referring URL, time spent on pages, search queries within the Site, and course interaction events. Cookies and similar technologies: session cookies, persistent cookies, local storage, and web beacons. See Section 8 for details. Log data: server logs including request timestamps, HTTP status codes, and error information. 2.3 Information from Third Parties Single sign-on providers (e.g., Google, LinkedIn) if you choose to register or log in using them. We receive the fields you authorize, typically name, email address, and profile image. Payment processors: transaction confirmation, fraud risk scores, and partial card data. Analytics and advertising partners: aggregated or pseudonymous audience data. Publicly available sources: e.g., your LinkedIn profile when you reach out through a corporate inquiry. 3. How We Use Your Information We use the information we collect to: Create and manage your account and authenticate you. Deliver courses, labs, certificates, and other Services you purchase or request. Process payments, issue invoices, and prevent fraudulent transactions. Communicate with you about your account, purchases, support requests, and material changes to the Services. Send you newsletters, cybersecurity alerts, course updates, and marketing communications where permitted by law (you can opt out at any time). Personalize your learning experience and recommend relevant courses or content. Operate, maintain, secure, and improve the Site and Services, including debugging, analytics, and capacity planning. Detect, investigate, and prevent security incidents, abuse, fraud, and violations of our Terms of Service. Comply with legal obligations, enforce our agreements, and protect our rights and the rights of others. Conduct consulting engagements under the terms of our engagement letters and applicable NDAs. 4. Legal Bases for Processing (EEA, UK, and Similar Jurisdictions) If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar requirements, we process your personal data on the following legal bases: Performance of a contract — to provide the Services you have purchased or requested. Legitimate interests — to operate, secure, and improve our Site and Services; to communicate with customers; and to prevent fraud and abuse, provided these interests are not overridden by your rights. Consent — for marketing emails where required, for non-essential cookies, and for processing of any sensitive data you voluntarily share. Legal obligation — to comply with tax, accounting, and other regulatory requirements. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. 5. How We Share Your Information We do not sell your personal information. We share it only in the following circumstances: Service providers: hosting, email delivery, payment processing, customer support, analytics, video/content delivery, learning management, anti-fraud, and communications providers who process data on our behalf under written contracts. Instructors and teaching assistants: course-specific information (such as name, progress, and submissions) necessary to grade work and issue certificates. Consulting clients and their authorized personnel: only with respect to personnel who are party to the engagement. Legal and safety disclosures: to comply with a subpoena, court order, or other legal process; to enforce our agreements; or to protect the rights, property, or safety of LufSec, our users, or others. Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections. With your consent: for any other purpose disclosed to you at the time of collection. We require our service providers to maintain appropriate security and confidentiality protections and to use your information only to provide the contracted services. 6. International Data Transfers LufSec is based in the United States and our servers and service providers are located in the United States and other jurisdictions. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States, which may have data protection laws that differ from your jurisdiction. Where required, we rely on recognized transfer mechanisms such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum. 7. Data Retention We retain personal information only as long as necessary for the purposes set out in this Policy, including: Account and course records: for the life of your account and for a reasonable period after closure, so we can reissue certificates and comply with tax/record-keeping obligations (typically up to 7 years). Payment records: for the period required by tax and accounting laws. Support communications: typically for 3 years after the communication. Marketing data: until you unsubscribe or object, plus a short suppression period to honor your opt-out. Server and security logs: typically 90 days to 12 months, longer when investigating an incident. When we no longer need your information, we delete it or anonymize it so it can no longer be associated with you. 8. Cookies and Tracking Technologies We use cookies and similar technologies to: Keep you logged in and remember your preferences (strictly necessary). Measure Site performance and understand how visitors use the Site (analytics). Deliver and measure marketing (advertising, where applicable). You can control cookies through your browser settings and, where we provide one, through our cookie banner. Disabling strictly necessary cookies may prevent parts of the Site from functioning correctly. We honor Global Privacy Control (GPC) signals where required by applicable law. 9. Your Privacy Rights Depending on where you live, you may have the following rights regarding your personal information: Access — request a copy of the personal data we hold about you. Correction — ask us to correct inaccurate or incomplete data. Deletion — ask us to delete your personal data, subject to certain legal exceptions. Portability — receive your data in a portable, machine-readable format. Objection / Restriction — object to or restrict certain processing activities. Withdraw consent — where processing is based on consent. Opt out of marketing — unsubscribe at any time using the link in our emails or by contacting us. Opt out of "sale" or "sharing" / targeted advertising — where applicable under California, Colorado, Virginia, Connecticut, Utah, or similar state laws. LufSec does not sell personal information in the traditional sense, but you can opt out of any cross-context behavioral advertising. Non-discrimination — we will not discriminate against you for exercising your rights. To exercise any of these rights, email [email protected] with the subject line "Privacy Request." We will verify your identity before fulfilling the request and respond within the timeframes required by applicable law. If you are an EEA, UK, or Swiss resident and believe we have not addressed your concern, you have the right to lodge a complaint with your local data protection authority. 10. Security We implement administrative, technical, and physical safeguards designed to protect your personal information, including encryption in transit (TLS), encrypted storage for sensitive fields, access controls and least-privilege principles, MFA for administrative access, logging and monitoring, regular patching, and periodic security assessments. However, no system is 100% secure. If you believe your account has been compromised or you have discovered a vulnerability in our Site, please contact us immediately at [email protected]. We welcome responsible disclosure. 11. Children's Privacy The Site and Services are intended for users aged 16 and older, and our courses are designed for professional audiences. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK). If you believe a child has provided us with personal information, please contact us and we will delete the information. 12. Third-Party Links and Services The Site and blog may contain links to third-party websites, tools, or platforms (for example, Hack The Box, YouTube, Instagram, Facebook, LinkedIn, or research references). This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit. 13. Do Not Track Some browsers offer a "Do Not Track" (DNT) signal. Because no common industry standard for DNT has been adopted, our Site does not currently respond to DNT signals. We do honor Global Privacy Control signals where required. 14. California Residents — Additional Disclosures (CCPA/CPRA) In the past 12 months, we have collected the categories of personal information described in Section 2, including identifiers, commercial information, internet/network activity, geolocation (approximate, from IP), professional information, and inferences drawn from the above. We use and disclose this information for the business purposes described in Section 3 and share it with the categories of recipients described in Section 5. We do not sell personal information for monetary consideration. If we share personal information for cross-context behavioral advertising, you may opt out as described in Section 9. We do not knowingly sell or share the personal information of minors under 16. You may also designate an authorized agent to make a request on your behalf, subject to verification. 15. Changes to This Privacy Policy We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. If changes are material, we will notify you by email or through a prominent notice on the Site before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy. 16. Contact Us If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: LufSec, Florida, United States Email: [email protected] Website: https://lufsec.com

  • Home
  • All Products
  • Privacy Policy
© Copyright LufSec 2025