Skip to content
Veteran-Owned. Built by engineers who've actually done the work.
Draft — pending attorney review. Effective date and mailing address still to be set on publication day.
§ Legal · Privacy

Privacy Policy

Effective Date: [EFFECTIVE_DATE] Last Updated: [LAST_UPDATED_DATE]

1. Introduction

This Privacy Policy explains how Carbynix LLC ("Carbynix," "we," "us," or "our"), a Virginia limited liability company, collects, uses, and protects information when you visit carbynix.com (the "Site").

This Policy covers the public marketing website only. Information processed under a signed Master Services Agreement, Data Processing Addendum, Business Associate Agreement, or other engagement contract is governed by those agreements, not by this Policy.

By using the Site you agree to the terms of this Policy. If you do not agree, please do not use the Site.

2. Who We Are

Carbynix is a Service-Disabled Veteran-Owned Small Business (SDVOSB) providing Managed Detection and Response services to regulated small and mid-sized businesses across the United States. Our primary contact details are listed in Section 18.

3. Information We Collect

We collect three categories of information through the Site.

3.1 Information You Provide

When you submit our contact form, we collect:

  • Your name
  • Your work email address
  • Your company name
  • Your phone number
  • The free-text content of your inquiry

We use this information solely to respond to your inquiry, route it internally, and (where appropriate) follow up about Carbynix services. We do not sell this information.

3.2 Information Collected Automatically

When you visit the Site, our hosting provider and analytics tools may automatically collect technical information, including:

  • Internet Protocol (IP) address (truncated or anonymized where supported by the analytics tool)
  • Browser type and version
  • Operating system
  • Device type
  • Pages visited and referring URLs
  • Date and time of access
  • Approximate geographic location derived from IP address

3.3 Information We Do Not Collect

The Site has no user accounts, no login functionality, no payment processing, and no e-commerce features. The cost-of-breach calculator runs entirely in your browser; the values you enter are not transmitted to Carbynix or to any third party.

4. How We Use Information

We use the information described above to:

  • Respond to inquiries and requests for information
  • Operate, maintain, and improve the Site
  • Analyze Site traffic patterns and performance
  • Detect, prevent, and address technical issues, abuse, or security incidents
  • Comply with legal obligations
  • Send follow-up communications about Carbynix services to people who have contacted us (you may opt out at any time, see Section 10)

We do not use Site visitor data to train artificial-intelligence models, and we do not sell or rent personal information.

5. Legal Bases (GDPR and UK GDPR)

For visitors located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases:

  • Consent for optional analytics cookies, where required
  • Legitimate interests for operating the Site, securing our infrastructure, and following up on contact-form inquiries that you initiated
  • Compliance with legal obligations where applicable

You may withdraw consent at any time without affecting the lawfulness of prior processing.

6. Sub-Processors and Third Parties

We rely on the following third parties to operate the Site. Each is bound by its own privacy policy and, where applicable, a data processing agreement with Carbynix.

ProviderPurposePrivacy Policy
Vercel, Inc.Hosting and content deliveryvercel.com/legal/privacy-policy
Formspree, Inc.Contact-form processingformspree.io/legal/privacy-policy
Google LLC (Workspace)Business email and document hostingpolicies.google.com/privacy
Plausible Insights, OÜPrivacy-respecting, cookieless site analytics (aggregated only; no individual visitor profiles)plausible.io/data-policy
Anthropic, PBCAI processing for Threat Brief content drafting (no visitor data sent; only public threat-intelligence sources)anthropic.com/legal/privacy

We may also incorporate the CISA Known Exploited Vulnerabilities (KEV) public feed at build time. That feed contains no personal information.

7. Cookies and Similar Technologies

Carbynix does not set tracking cookies. Our analytics provider, Plausible, is cookieless by design and does not collect or store information on your device, so there is nothing to opt out of with respect to analytics.

The Site may use a small number of strictly-necessary first-party cookies for security and session integrity (for example, to mitigate cross-site request forgery on the contact form). These are not used for tracking and cannot be disabled while still using the Site as intended.

8. Data Retention

We retain data only as long as needed for the purposes described in this Policy.

Data TypeRetention
Contact-form submissionsUp to 24 months after the last interaction, then deleted or anonymized
Server logs (Vercel)Per Vercel's retention policy (typically rolling 30 to 90 days)
Analytics dataPlausible aggregated metrics only; no individual visitor profiles or per-visitor history retained
Email correspondenceUp to 7 years for business-record purposes

We may retain information longer where required by law, to resolve disputes, or to enforce our agreements.

9. Your Privacy Rights

Depending on where you live, you may have rights with respect to your personal information.

9.1 California Residents (CCPA and CPRA)

You have the right to:

  • Know what personal information we collect, use, and disclose
  • Access the specific pieces of personal information we hold about you
  • Delete personal information, subject to legal exceptions
  • Correct inaccurate personal information
  • Opt out of sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising)
  • Limit use of sensitive personal information (we do not collect sensitive personal information through the Site)
  • Non-discrimination for exercising your rights

In the 12 months preceding this Policy's effective date, we collected the following categories of personal information through the Site: identifiers (name, email, phone), commercial information (company name), and internet or other electronic network activity (IP address, server logs, analytics). We disclosed these categories only to the sub-processors listed in Section 6 for operational purposes.

9.2 Virginia Residents (VCDPA)

You have the right to confirm whether we process your personal data, access it, correct it, delete it, obtain a portable copy, and opt out of targeted advertising, sale, or certain profiling. We do not engage in targeted advertising, sale of personal data, or profiling that produces legal effects.

9.3 Colorado Residents (CPA)

You have rights similar to those under the VCDPA, plus the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. We do not engage in such profiling.

9.4 EU, UK, and Swiss Residents (GDPR and UK GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase data (the "right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with your local supervisory authority

9.5 Other US States

Residents of states with comprehensive privacy laws (currently including Connecticut, Utah, Texas, Oregon, Montana, and others as enacted) may have rights similar to those above. We honor those rights consistent with applicable law.

10. How to Exercise Your Rights

To submit a request, contact us at contact@carbynix.com with:

  • Your full name
  • The state or country in which you reside
  • The specific right you are exercising
  • Sufficient information for us to verify your identity

We will respond within the timelines required by applicable law (generally 45 days under US state laws, with possible extensions; 30 days under GDPR).

You may designate an authorized agent to submit a request on your behalf. We will require written authorization and may require direct verification with you.

We will not discriminate against you for exercising any of these rights.

11. Children's Privacy

The Site is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us at contact@carbynix.com and we will delete it.

12. Security

We protect information through reasonable administrative, technical, and physical safeguards, including:

  • Transport Layer Security (TLS) encryption for data in transit
  • Access controls limiting who at Carbynix can view contact-form submissions
  • Vendor due diligence on sub-processors before engagement
  • Periodic review of access privileges

No system is perfectly secure. We cannot guarantee that information will not be accessed, disclosed, altered, or destroyed by breach of any of our safeguards.

13. Data Breach Notification

If we become aware of a data breach affecting personal information collected through the Site, we will notify affected individuals and applicable regulators in the manner and within the timeframe required by law.

14. International Data Transfers

Carbynix is based in the United States. Vercel, Anthropic, and our other sub-processors may operate global infrastructure. By using the Site, you understand that your information may be processed in the United States or other jurisdictions whose data-protection laws may differ from those in your country.

For transfers from the EU, UK, or Switzerland to the United States, we rely on Standard Contractual Clauses or other lawful transfer mechanisms with our sub-processors.

15. Do Not Track and Opt-Out Preference Signals

Some browsers send a "Do Not Track" (DNT) signal. There is no industry consensus on how to interpret DNT signals, and the Site does not currently respond to them. We do, however, honor opt-out preference signals such as Global Privacy Control (GPC) where required by applicable law.

16. Third-Party Links

The Site may link to third-party websites, including the privacy policies of our sub-processors. We are not responsible for the privacy practices of third-party sites. Review those sites' policies before providing any information.

17. Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the "Last Updated" date at the top of the Policy. Material changes will be communicated by posting a prominent notice on the Site for at least 30 days, or by direct notice to people who have provided contact information.

18. Contact Us

For privacy questions, requests, or complaints:

Carbynix LLC
Privacy inquiries: contact@carbynix.com
Phone: (570) 392-9557
Mailing address: [MAILING_ADDRESS]