Dark Rock Cybersecurity

Privacy Policy

Effective Date: January 1, 2025 — Last Updated: March 2025

1. Information We Collect

We collect information you provide directly and information collected automatically when you use our site.

Information You Provide

  • Contact form submissions (name, email address, company, message)
  • Booking requests and meeting scheduling data
  • Email communications you initiate with us
  • Content downloads (gated reports, whitepapers - name and email)

Information Collected Automatically

  • Pages visited, time on page, navigation paths
  • Device type, browser, and operating system
  • IP address (used to derive approximate geographic region - not stored at individual precision)
  • Referring URL and search terms that led you to our site
  • Session recordings and heatmap interactions (see Analytics Disclosure below)

2. How We Use Information

  • Respond to contact form submissions and service inquiries
  • Schedule and conduct meetings or consultations you request
  • Deliver requested content (reports, whitepapers, guides)
  • Improve site usability based on behavioral analytics
  • Understand which content and pages generate engagement
  • Comply with legal obligations

We do not sell your personal information. We do not share your personal information with third parties for their marketing purposes.

3. Analytics Disclosure

This site uses two analytics services. We are disclosing both explicitly because we believe you should know exactly what is running on pages you visit.

Microsoft Clarity

We use Microsoft Clarity for session recordings and heatmaps. Clarity records anonymized replays of user sessions - mouse movements, clicks, and scroll behavior - to help us understand where users encounter friction or confusion. Clarity automatically masks form fields and sensitive input elements. No passwords, payment information, or form field content is captured.

Microsoft's privacy policy governs how Clarity data is stored and processed: privacy.microsoft.com

Google Analytics 4

We use Google Analytics 4 for pageview and event tracking. GA4 collects aggregate data about which pages are visited, how long visitors stay, and which actions they take (e.g., clicking a CTA, downloading a resource). IP addresses are anonymized before storage.

Google's privacy policy governs GA4 data: policies.google.com/privacy

4. Cookies

We use two categories of cookies:

Essential Cookies

These are necessary for basic site functionality (e.g., remembering your cookie consent preference). You cannot opt out of essential cookies without disabling the site.

Analytics Cookies

These are set by Microsoft Clarity and Google Analytics 4 and require your consent. You can accept or reject analytics cookies using the cookie consent banner when you first visit the site. You can change your preference at any time by clearing your browser cookies and revisiting.

See our cookie consent mechanism for granular control over analytics loading.

5. Your Rights

California Residents (CCPA)

Under the California Consumer Privacy Act (CCPA), California residents have the right to:

  • Know what personal information we collect and how we use it
  • Request deletion of your personal information
  • Opt out of the sale of your personal information (we do not sell personal information)
  • Non-discrimination for exercising these rights

EU/EEA Residents (GDPR)

Under the General Data Protection Regulation (GDPR), EU/EEA residents have the right to:

  • Access your personal data we hold
  • Correct inaccurate personal data
  • Request erasure of your personal data (“right to be forgotten”)
  • Object to processing based on legitimate interests
  • Data portability (receive your data in a machine-readable format)
  • Withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact us at privacy@darkrocksecurity.com. We will respond within 30 days.

6. Data Retention

  • Contact form data: retained for 2 years from date of submission, or as long as the business relationship is active
  • Analytics data: governed by Microsoft Clarity (13-month default retention) and Google Analytics 4 (14-month default retention)
  • Email correspondence: retained for 3 years for business records
  • Cookie consent records: retained for 1 year

7. Third Parties

We use the following third-party services. Each service's privacy policy governs how that service processes data:

  • Microsoft Clarity - session recording and heatmaps
  • Google Analytics 4 - pageview and event analytics
  • Vercel - site hosting and CDN
  • Scheduling platform (Cal.com or Calendly - pending selection) - meeting bookings

We do not integrate with advertising networks or data brokers.

8. Contact Information

For privacy inquiries, requests to exercise your rights, or questions about this policy:

Dark Rock Cybersecurity
Attn: Privacy Officer
privacy@darkrocksecurity.com

9. Changes to This Policy

We may update this policy as our services change or as legal requirements evolve. Material changes will be reflected in the “Last Updated” date at the top of this page. Continued use of the site after a policy update constitutes acceptance of the revised terms. For significant changes, we will post a notice on the site.