Effective Date: January 1, 2026 · Last Updated: March 2026
As a cybersecurity advisory firm, responsible data handling is not merely a compliance obligation — it is a core operational standard. This document describes in precise terms how data submitted to The Emporium Agency LLC is collected, stored, processed, protected, and disposed of.
| Data Type | Source | Purpose | Retention |
|---|---|---|---|
| Name, email, organization | Contact form | Inquiry response and engagement facilitation | 24 months or until engagement ends |
| Message content | Contact form, email | Understanding inquiry context | 24 months or until engagement ends |
| IP address | Web server logs | Security and abuse prevention | 90 days (rolling) |
| Browser and device type | Analytics | Site performance optimization | Aggregated, no individual retention |
| Page views and referrers | Analytics | Site improvement (anonymized) | 13 months (aggregated) |
Our web infrastructure is hosted on Cloudflare Pages with enterprise-grade security controls applied at the network edge. Cloudflare acts as our CDN, WAF, and DDoS mitigation layer. Form submission data is transmitted exclusively over HTTPS (TLS 1.2+).
We do not sell or share personal data with third parties for any commercial purpose. Limited data sharing may occur only in the following circumstances:
For active advisory clients, data handling terms are defined in the executed Advisory Agreement or Statement of Work. Client-provided information, findings from assessments, and deliverables are handled under strict confidentiality obligations as specified therein.
You may request deletion of any personal data we hold about you at any time. Submit requests to contact@theemporiumagency.com with the subject line "Data Deletion Request." We will confirm receipt within 5 business days and complete deletion within 30 days, unless retention is required by law.
In the unlikely event of a data security incident affecting personal information we hold, we will notify affected individuals within 72 hours of confirmed breach identification, consistent with applicable notification requirements.