1. Who we are
This Privacy Policy describes how Narvex ("Narvex," "we," "us," or "our") collects, uses, and protects information in connection with our website (getnarvex.com) and the cybersecurity, infrastructure, compliance, and AI services we provide to clients.
Narvex is headquartered in the United States and serves clients globally, including across North America, Europe, Africa, and Latin America. For privacy inquiries, contact info@getnarvex.com.
2. Information we collect
Information you provide
- Contact information when you email us, schedule a briefing, or submit a form, including your name, work email, company, role, and any context you share about your security environment.
- Engagement information during active client work, including information you share under NDA, BAA, or other contractual arrangements.
- Correspondence you send us, including replies, attachments, and support requests.
Information collected automatically
- Log data such as IP address, browser type, operating system, referring URLs, pages viewed, and timestamps.
- Device and network information such as device identifiers, approximate geolocation derived from IP address, and network carrier.
- Analytics about how you interact with our website, collected through privacy-respecting analytics tools.
Information from third parties
We may receive information from scheduling providers (for example, a booking calendar), email and productivity providers, and publicly available sources used for legitimate business outreach.
3. How we use information
We use the information we collect to:
- Respond to inquiries and schedule or deliver client engagements.
- Operate, secure, and improve our website and services.
- Communicate updates, proposals, and operational messages related to a current or prospective engagement.
- Comply with legal, regulatory, tax, and contractual obligations.
- Detect, prevent, and investigate fraud, abuse, or security incidents.
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.
4. Legal basis for processing (EEA / UK / LATAM residents)
Where applicable law requires a legal basis, we rely on:
- Contract, to perform a contract with you or take steps prior to entering a contract.
- Legitimate interests, to operate, secure, and grow our business, balanced against your rights.
- Consent, where you have given it (for example, to receive marketing communications).
- Legal obligation, where processing is required by law.
5. How we share information
We share information only as described below:
- Service providers that help us operate our business (for example, email, scheduling, analytics, hosting, and storage providers). These providers are bound by contractual confidentiality and security obligations.
- Professional advisors such as lawyers, accountants, and insurers under duties of confidentiality.
- Legal and regulatory disclosures when required by law, subpoena, or to protect rights, safety, or property.
- Business transfers in connection with a merger, acquisition, financing, or sale of assets, subject to commercially reasonable protections.
We do not sell personal information.
6. Data retention
We retain personal information only as long as needed for the purposes described in this policy, to satisfy legal, regulatory, tax, accounting, or reporting obligations, and to resolve disputes. Engagement records are retained according to client contract terms and applicable professional standards. When information is no longer needed, we delete, anonymize, or securely archive it.
7. Security
Narvex applies security controls appropriate to a firm that advises on security for a living, including encryption in transit, access controls based on least privilege, endpoint protection, logging, and periodic review of our own security posture. No system is perfectly secure, and we cannot guarantee that unauthorized access will never occur. If you believe your interaction with Narvex has been compromised, contact us immediately at info@getnarvex.com.
8. Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate or incomplete information.
- Request deletion of your personal information, subject to applicable exceptions.
- Object to or restrict certain processing.
- Request portability of personal information you provided.
- Withdraw consent where we rely on consent.
- Lodge a complaint with a data protection authority in your jurisdiction.
To exercise any of these rights, contact info@getnarvex.com. We may need to verify your identity before acting on your request.
9. Cookies and tracking
Our website uses a limited set of cookies and similar technologies to operate essential features and to understand aggregate usage. You can control cookies through your browser settings. Blocking cookies may affect certain features.
10. International transfers
Narvex operates internationally. When we transfer personal information across borders, we rely on mechanisms recognized by applicable law, including standard contractual clauses or equivalent safeguards, and we apply appropriate technical and organizational measures.
11. Children's privacy
Our services are directed to businesses and professionals. We do not knowingly collect personal information from children under 13 (or the equivalent minimum age in your jurisdiction). If you believe a child has provided us with personal information, contact us and we will take appropriate action.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. For material changes, we will provide additional notice through our website or by other reasonable means.
13. Contact us
Questions, requests, or concerns about this policy or our handling of personal information:
Email: info@getnarvex.com