BlueStone Cyber logo

BLUESTONE CYBER

Privacy Policy

Last Updated: October 2025

1. Introduction

BlueStone Cyber ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website bluestonecyber.com and when you use our cybersecurity consulting and vCISO services.

Please read this policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

2. Data We Collect

We may collect information about you in a variety of ways. Information we may collect includes:

  • Personal Data: Personally identifiable information, such as your name, work email address, phone number, and company name, that you voluntarily give to us when you request consultation, register for a webinar, or contact us.
  • Derivative Data: Information our servers automatically collect when you access the site, such as your IP address, browser type, operating system, access times, and the pages you have viewed directly before and after accessing the site.
  • Service Data: During the course of delivering our cybersecurity services, we may be granted access to your systems, network infrastructure details, and vulnerability reports. This data is handled under strict Non-Disclosure Agreements (NDAs) and Data Processing Agreements (DPAs).

3. How We Use Your Information

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the site or our services to:

  • Create and manage your account and consulting engagement.
  • Deliver the cybersecurity services you request (e.g., executing assessments, creating remediation plans).
  • Email you regarding your account, our services, or critical vulnerability alerts.
  • Compile anonymous analytical data internally to improve the website.
  • Respond to product and customer service requests.

4. Disclosure of Your Information

We will not share your personal information with third parties for marketing purposes. We may share information we have collected about you in certain situations:

  • By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others.
  • Third-Party Service Providers: We may share your information with third parties that perform services for us or on our behalf, including data hosting (e.g., AWS, Azure) and customer service (e.g., Salesforce, Zendesk). These parties are bound by strict confidentiality obligations.

5. GDPR and Your Rights

If you are a resident of the European Economic Area (EEA) or the United Kingdom, you have certain data protection rights under the General Data Protection Regulation (GDPR) and UK GDPR, including:

  • The right to access, update, or delete the information we have on you.
  • The right of rectification.
  • The right to object to processing.
  • The right of restriction.
  • The right to data portability.

To exercise any of these rights, please contact us at privacy@bluestonecyber.com.

6. Contact Us

If you have questions or comments about this Privacy Policy, please contact us at:

BlueStone Cyber Data Protection Officer