Privacy Policy

A Legal Disclaimer

The explanations and information provided on this page are only general and high-level explanations and information on how to write your own document of a Privacy Policy. You should not rely on this article as legal advice or as recommendations regarding what you should actually do, because we cannot know in advance what are the specific privacy policies you wish to establish between your business and your customers and visitors. We recommend that you seek legal advice to help you understand and to assist you in the creation of your own Privacy Policy.

Privacy Policy for Abraxas Cyber Solutions

Abraxas Cyber Solutions (“Abraxas,” “we,” “our,” or “us”) is committed to protecting the privacy, security, and integrity of the information entrusted to us. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in connection with our CyberSecurity Services, managed security operations, and all related platforms, tools, and technologies (including services delivered in partnership with Guardz and other third-party providers).

By accessing our website, engaging our services, or interacting with our cybersecurity platform, you agree to the terms of this Privacy Policy.

1. Scope of This Privacy Policy

This Privacy Policy applies to:

Our website and web applications
Managed CyberSecurity Services
Security monitoring, threat detection, and remediation services
MSP-delivered cybersecurity tools (including Guardz-powered services)
Customer portals, reports, and dashboards
Communication and support channels
Data obtained during security assessments, audits, and investigations

It does not apply to third-party websites or services that you access through our platform, except where specifically stated.

2. Information We Collect

We collect information to deliver CyberSecurity Services effectively, enhance threat visibility, and maintain security compliance.

2.1 Information You Provide to Us

Business contact information: Name, email, phone number, job title
Account credentials: Usernames, passwords, multi-factor authentication data
Billing information: Company billing contacts, invoices, payment info
Support interactions: Chat transcripts, emails, phone call summaries
Security assessment data: Information shared for risk assessments, audits, or onboarding
Uploaded documents or evidence provided as part of investigations or incident reports

2.2 Information We Collect Automatically

Collected through our security tools, sensors, and monitoring services:

Device and endpoint identifiers
IP addresses and geolocation approximations
System logs, authentication logs, and activity logs
Network traffic metadata (not content)
Browser and device type, OS version
User behavior analytics (UBA)
Email metadata for phishing and email-security scans

This data is used strictly to provide CyberSecurity Services, detect threats, and ensure system integrity.

2.3 Information Collected Through Third-Party Integrations

To deliver MSP-based CyberSecurity Services (including Guardz), we may collect:

Email provider metadata (Office 365, Google Workspace, etc.)
Cloud application posture data (Azure AD, Google Workspace, AWS, etc.)
Endpoint security telemetry (SentinelOne or similar tools)
Dark web exposure data
Vulnerability and threat intelligence feeds

All integrations follow the security and privacy requirements of the respective providers.

3. How We Use Your Information

We use collected information to:

Deliver, maintain, and improve our CyberSecurity Services
Detect, investigate, and prevent cybersecurity threats
Conduct vulnerability assessments and penetration testing
Monitor digital assets, networks, cloud systems, and endpoints
Provide SOC operations, alerts, and threat notifications
Generate dashboards, reports, and real-time analytics
Support secure communication and account management
Comply with legal, contractual, and regulatory obligations

We never sell personal or customer data.

4. Legal Bases for Processing (GDPR-Compliant)

For international clients, our legal bases may include:

Contractual necessity (performing CyberSecurity Services)
Legitimate interest (security monitoring, fraud prevention)
Legal obligation (incident reporting, compliance audits)
Consent, where required (e.g., certain tracking technologies)

5. How We Share Information

We may share information under the following circumstances:

5.1 Authorized Service Providers

This includes cybersecurity partners such as Guardz and endpoint protection vendors for:

Email and phishing protection
Endpoint security
Threat intelligence feeds
Cloud security posture management
SOC monitoring and alerting

All vendors are required to follow strict confidentiality, data protection, and security standards.

5.2 Corporate Clients and Administrators

For MSP relationships, company-authorized administrators may access:

Security alerts
Employee risk scores
Device status and posture
Compliance and reporting dashboards

5.3 Legal and Compliance

We may disclose information if required to:

Comply with a subpoena, legal obligation, or government request
Protect the rights, safety, or security of our company or clients
Support investigations into cyber incidents or fraud

5.4 Business Transfers

If Abraxas Cyber Solutions undergoes a merger, acquisition, or restructuring, data may be transferred consistent with this Privacy Policy.

6. Data Retention

We retain information only as long as necessary for:

Providing CyberSecurity Services
Meeting legal and contractual obligations
Maintaining logs for incident response
Supporting audits or regulatory requirements

Retention timelines vary by service type (e.g., SIEM logs, endpoint logs, firewall logs). You may request specific retention details at any time.

7. Data Security Measures

We implement enterprise-grade security controls, including:

Encryption in transit (TLS 1.2+) and at rest
Zero-trust access controls
Multi-factor authentication
Threat detection and incident response
Network segmentation
Regular security audits and penetration testing
Continuous monitoring and vulnerability scanning
Role-based access controls (RBAC)
Secure software development lifecycle (SDLC) practices

Security is our core business, and safeguarding client data is our top priority.

8. Your Privacy Rights

Depending on your location, you may have rights including:

Access to personal data we hold about you
Correction of inaccurate information
Deletion of your personal data
Objection or restriction of certain processing activities
Data portability
Opt-out of certain communications
Rights under CCPA, GDPR, or other applicable laws

Requests can be submitted using the contact information below.

9. Cookies and Tracking Technologies

Our website may use:

Essential cookies (site functionality)
Analytics cookies (traffic patterns, usage insights)
Security cookies (bot detection, fraud prevention)

We do not use cookies for advertising or data resale.

Users may manage cookie preferences through browser settings.

10. International Data Transfers

If data is transferred outside your country, we ensure appropriate safeguards such as:

Standard Contractual Clauses (SCCs)
SOC 2, ISO 27001, or equivalent vendor certifications
Data Processing Agreements (DPAs)

We only partner with providers that meet strict international security standards.

11. Children’s Privacy

Our services are not intended for individuals under the age of 16.
We do not knowingly collect children’s data.

12. Changes to this Privacy Policy

We may update this Privacy Policy periodically to reflect:

Changes in legal requirements
Enhancements to our CyberSecurity Services
New technologies or integrations

All updates will be posted on this page with a revised “Last Updated” date.

13. Contact Us

If you have any questions, requests, or concerns regarding this Privacy Policy or our data practices, contact us at:

Abraxas Cyber Solutions
Email: cyoulton@AbraxasCyberSolutions.com
Phone: 801-874-2262
Address: 2527 W. 11115 S. South Jordan, Ut 84095
Website: www.AbraxasCyberSolutions.com