PRIVACY POLICY

Red Rabbit Security, LLC ("Red Rabbit Security," "we," "us," or "our") operates the website redrabbitsec.com (the "Website") and any related products and services (collectively, the "Services"). We are committed to protecting your privacy and comply with applicable data protection laws, including but not limited to the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), and similar comprehensive state privacy laws.

This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information when you visit the Website, interact with our Services, or contact us. It also describes your privacy rights and how to exercise them.

By accessing or using the Website or Services, you agree to this Policy. If you do not agree, please do not use the Website or Services.

This Policy does not apply to practices of third parties we do not control or to data processed on your behalf under a separate agreement (where you may act as data controller).

1. Information We Collect

Personal Information

(information that identifies, relates to, describes, or is reasonably capable of being associated with you): We collect personal information only when you voluntarily provide it, such as through contact forms, inquiries, or purchases. Categories may include:

• Identifiers (e.g., name, email address, phone number).
• Commercial information (e.g., payment details if applicable, processed by third-party processors).
• Internet or network activity (limited, e.g., if submitted).

Automatically Collected Information

(non-personal or device data): When you visit the Website, we and our service providers automatically collect:

• IP address, browser type/version, operating system, device information.
• Pages visited, time spent, referring URLs, access times/dates, and usage statistics.

This data helps identify potential abuse, generate aggregate statistics on usage/traffic, and improve the Services. It is not used to identify individual users except in abuse cases.

We do not knowingly collect sensitive personal information (e.g., precise geolocation, health data) unless explicitly provided and necessary.

2. How We Collect Information

• Directly from you (e.g., forms, communications).
• Automatically via cookies, logs, and similar technologies (see Section 9).
• From third parties (e.g., analytics providers).

3. How We Use Your Information

We use information to:

• Provide, maintain, and improve the Website/Services.
• Process inquiries, support requests, or transactions.
• Send updates, respond to feedback, or offer support.
• Detect/prevent fraud, abuse, or security issues.
• Comply with legal obligations or protect rights/safety.
• Aggregate anonymized data for analytics (non-identifiable).

We act as a data controller for information we collect directly for our purposes. If you submit information on behalf of others, we may act as a processor per your instructions.

4. Sharing and Disclosure of Information

We do not sell personal information (as defined under CCPA/CPRA or similar laws). We may disclose or share information:

• With service providers (e.g., hosting, analytics, payment processors) who are contractually bound to use it only for our purposes and maintain confidentiality.
• In business transfers (e.g., mergers).
• To comply with law, subpoenas, or protect rights/safety.
• With affiliates or contractors under similar protections.

If we ever engage in targeted advertising or sharing for cross-context behavioral purposes, we will disclose it clearly and provide opt-out options.

Service providers receive only necessary information and cannot use it for their own marketing.

5. Your Privacy Rights

Depending on your location (e.g., California under CCPA/CPRA, Virginia under VCDPA, or other states), you may have rights to:

• Know/access categories and specific pieces of personal information collected/used/disclosed.
• Delete personal information.
• Correct inaccuracies.
• Opt out of sale/sharing of personal information (including via Global Privacy Control signals).
• Limit use/disclosure of sensitive personal information (if collected).
• Opt out of targeted advertising/profiling (if applicable).
• Non-discrimination for exercising rights.

To exercise rights, email us at info@redrabbitsec.com or use our data subject request form. We may verify your identity (e.g., matching provided details). Authorized agents may submit requests with proof of authority.

We respond within statutory timelines (e.g., 45 days under CCPA, extendable). You can appeal denials—we will provide appeal instructions.

We honor Global Privacy Control (GPC) signals as a valid opt-out for sale/sharing/targeted advertising where required (e.g., CCPA, VCDPA). If you submit an opt-out via GPC, we will confirm processing upon request.

6. Children's Privacy

The Website/Services are not directed to children under 13 (or 16 under some state laws). We do not knowingly collect personal information from children. If we learn of such collection, we will delete it promptly.

Parents/guardians: Contact us if concerned. We comply with COPPA and relevant state requirements for minors' data.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for functionality, analytics, and security. These may include necessary cookies (essential for site operation) and analytics cookies (e.g., via third-party tools).

You can manage preferences via browser settings or our cookie banner (if implemented). We honor GPC for applicable opt-outs.

For details, see our Cookie Policy (if separate) or contact us.

8. Data Analytics

We may use third-party analytics (e.g., to track aggregate usage). These tools collect non-personal data and do not link to identifiable individuals.

9. Payment Processing

If payments apply, we use PCI-compliant third-party processors. We share only necessary data for processing/refunds. Their privacy policies govern their practices—review them.

10. Data Retention and Security

We retain personal information as needed for purposes, legal obligations, or disputes. After expiration, we delete or anonymize it.

We use reasonable administrative, technical, and physical safeguards. No system is fully secure—transmission risks exist.

In a breach, we will notify affected individuals if required by law or if harm is reasonably likely.

11. International Transfers

Data may be processed in the U.S. or other countries with different protections.

12. Changes to This Policy

We may update this Policy. Changes post here with a new effective date. Continued use after changes constitutes acceptance. Material changes to use won't occur without notice/consent where required.

13. Contact Us

This Policy was last updated on February 15, 2026
(superseding June 15, 2023 version)