Privacy & Confidentiality Agreement

1. Scope and Parties

This Privacy & Confidentiality Agreement ("Agreement") is entered into between ACCI Security Group ("Company," "we," "us," or "our"), a cybersecurity services provider based in Miami, Florida, and the individual or entity ("Client," "you," or "your") who purchases services from us.

By completing our Service Intake Form or purchasing any service, you acknowledge that you have read, understood, and agree to this Agreement.

2. What Information We Collect

Depending on the service purchased, we may collect the following categories of information:

• Contact information: Name, email address, phone number, business name
• Domain information: Domain names, subdomains, DNS records
• DNS credentials: Login credentials for DNS management portals (GoDaddy, Cloudflare, etc.) — collected only for services where DNS changes are required and only when voluntarily provided
• Email provider details: Email platform (Microsoft 365, Google Workspace, etc.)
• Cloud access credentials: AWS keys or similar — only when voluntarily provided for cloud audits
• OSINT research targets: Company names, domains, or individual names for due diligence reports
• Communication records: Emails exchanged in relation to your service

We never ask for, collect, or store banking information, credit card details, or Social Security Numbers. All payments are processed securely through Stripe or PayPal.

3. How We Use Your Information

We use the information you provide exclusively to:

• Perform the specific security service you purchased
• Deliver your completed report or fix confirmation
• Communicate with you about your project
• Provide follow-up support related to the service

We do not use your information to:

• Market to you without explicit consent
• Perform any work outside the agreed scope
• Access systems, files, or data beyond what is strictly necessary
• Build profiles, resell data, or create derivative intelligence products

4. How We Protect Your Data

We take the security of your information seriously and implement the following protections:

• Encryption in transit: All data submitted through our website is encrypted via HTTPS/TLS 1.2+
• Access control: Only the team member assigned to your project has access to your credentials
• No cloud storage of credentials: Login credentials are not stored in any cloud database or third-party service
• Immediate deletion post-project: Credentials are deleted as soon as the work is complete
• Internal security audits: Our own systems are audited weekly for credential exposure and unauthorized access

5. Data Retention & Deletion

We retain your information for the minimum time necessary:

• Login credentials: Deleted immediately upon project completion, maximum 7 days from receipt
• Contact information: Retained for up to 12 months for support purposes, then deleted
• Project reports: Retained for 30 days in case you need a re-delivery, then deleted
• Payment records: Retained for 3 years as required by law (processed by Stripe/PayPal, not stored by us)

6. No Third-Party Sharing

We do not sell, rent, trade, or share your personal information or credentials with any third party, including:

• Marketing companies or data brokers
• Other security firms or contractors
• Government entities (except as required by law with prior notice to you when legally permissible)
• Affiliated companies or business partners

The only exception is when using the tools required to perform your service (e.g., DNS lookup tools, certificate databases) — these tools receive only the domain name, never your credentials.

7. Credential Handling Protocol

If you choose to share login credentials with us, we follow this strict protocol:

1. Receipt: Credentials are received via our encrypted intake form
2. Use: Used only to log in and make the specific DNS/configuration changes you requested
3. No saving: Credentials are not saved in password managers, browsers, or any cloud service
4. No re-use: We never use your credentials for any purpose other than the agreed work
5. Deletion: Credentials are permanently deleted immediately after the work is confirmed complete
6. Recommendation: We recommend you change your password after our work is complete as a best practice

8. Scope of Authorized Work

By completing the intake form, you authorize ACCI Security Group to perform only the specific service(s) you purchased. Our work is limited to:

• Reading and modifying only the DNS records necessary for your service
• Accessing only the systems explicitly listed in your intake form
• Performing only passive reconnaissance on domains you own or have authority over
• Delivering findings and fixes to the email address you provide

We will not access, modify, or retrieve any data, files, or systems beyond what is strictly required to complete your service.

9. Limitation of Liability

ACCI Security Group's services are delivered to the best of our professional ability using industry-standard tools and methodologies. However:

• We cannot guarantee that our audits will identify 100% of all security vulnerabilities
• We are not liable for security incidents that occur prior to or after our engagement
• Our liability is limited to the amount you paid for the specific service in question
• OSINT research reflects publicly available information only and does not constitute legal advice

10. Contact & Concerns

For any questions, concerns, or requests related to this Agreement or your data:

• Email: david.collins@accisecuritygroup.com
• Subject line: "Privacy Concern" or "Data Request"
• Response time: Within 24–48 hours

We take privacy concerns seriously and will respond promptly and transparently.