Privacy Policy | Grey Cybersecurity Solutions

Grey Cybersecurity Solutions is committed to protecting the privacy of our clients, website visitors, and anyone whose personal information we handle in the course of our business. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to it. By using our website or engaging our services, you consent to the practices described in this policy.

1. Who We Are

Grey Cybersecurity Solutions is a cybersecurity consultancy based in Calgary, Alberta, Canada. We provide managed security services including network security, data encryption, identity and access management, security monitoring, backup and recovery, and security configuration to businesses across Canada.

For any privacy-related inquiries, please contact us at the details provided at the end of this policy.

2. Information We Collect

We may collect the following categories of personal and business information:

Contact Information: Name, email address, phone number, job title, and company name provided through inquiry forms, contracts, or direct communication.
Account & Billing Information: Payment details, invoicing information, and records of services purchased.
Technical Information: IP addresses, browser type, device identifiers, and usage data collected automatically when you visit our website.
Service Data: System information, network data, log files, and security event data accessed or processed as part of delivering our managed security services.
Communications: Records of emails, support requests, and other correspondence with our team.

3. How We Collect Information

We collect personal information through the following means:

Directly from you when you fill out a contact form, request a quote, or sign a service agreement.
Automatically through cookies and tracking technologies when you visit our website.
Through the delivery of managed security services, where access to Client systems and data is required.
From third-party sources such as business directories or referrals, where applicable.

4. How We Use Your Information

We use the information we collect for the following purposes:

To deliver, manage, and improve the cybersecurity services outlined in your service agreement.
To respond to inquiries, provide quotes, and communicate with prospective and existing clients.
To process payments and manage billing and invoicing.
To send service updates, security advisories, and relevant communications related to your engagement.
To comply with legal obligations and respond to lawful requests from regulatory authorities.
To analyze website usage and improve the functionality and content of our website.
To detect, investigate, and prevent fraudulent or unauthorized activity.

We will not use your personal information for purposes beyond those listed above without your prior consent.

5. Legal Basis for Processing

We process personal information on the following legal grounds:

Contractual necessity: Processing required to fulfill our service obligations to you.
Legitimate interests: Processing that supports the operation and security of our business, provided it does not override your privacy rights.
Legal obligation: Processing required to comply with applicable laws and regulations.
Consent: Where you have provided explicit consent, such as for marketing communications.

6. Sharing of Information

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

Service Providers: Trusted third-party vendors who assist in delivering our services, such as cloud infrastructure providers, payment processors, and communication platforms. These parties are bound by confidentiality obligations and may only use your data as directed by us.
Legal Requirements: Where disclosure is required by law, court order, or a lawful request from a government or regulatory authority.
Business Transfers: In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. Affected parties will be notified in advance.
With Your Consent: In any other circumstances where you have provided explicit written consent.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Specifically:

Client records and service data are retained for a minimum of seven (7) years following the end of an engagement, in accordance with applicable business and tax regulations.
Website analytics data is retained for up to twenty-four (24) months.
Marketing and communication preferences are retained until you withdraw consent or request removal.

When data is no longer required, it is securely deleted or anonymized in accordance with our internal data disposal procedures.

8. Data Security

As a cybersecurity company, we hold ourselves to a high standard when it comes to protecting the data entrusted to us. We implement appropriate technical and organizational measures including encryption, access controls, multi-factor authentication, and regular security assessments to safeguard personal information against unauthorized access, disclosure, alteration, or destruction.

While we take every reasonable precaution, no method of transmission or storage is completely secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant authorities as required by law.

9. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyze site traffic. The types of cookies we use include:

Essential Cookies: Required for the website to function correctly. These cannot be disabled.
Analytics Cookies: Used to understand how visitors interact with our website, helping us improve content and performance.
Preference Cookies: Used to remember your settings and preferences across visits.

You can control or disable non-essential cookies through your browser settings. Note that disabling cookies may affect the functionality of certain parts of the website.

10. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Right of Access: Request a copy of the personal information we hold about you.
Right to Correction: Request that inaccurate or incomplete information be corrected.
Right to Deletion: Request that your personal information be deleted, subject to legal retention obligations.
Right to Withdraw Consent: Withdraw consent for processing activities based on consent at any time.
Right to Object: Object to processing based on legitimate interests where your rights override those interests.
Right to Data Portability: Request that your data be provided in a structured, machine-readable format where applicable.

To exercise any of these rights, please contact us using the details below. We will respond to all requests within thirty (30) days.

11. Third-Party Links

Our website may contain links to third-party websites or resources. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Children's Privacy

Our services are intended for business clients and are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

13. Cross-Border Data Transfers

Your information may be processed or stored on servers located outside of Canada, including in the United States, by third-party service providers we engage. Where this occurs, we ensure that appropriate safeguards are in place to protect your information in accordance with applicable Canadian privacy law.

14. Applicable Law

This Privacy Policy is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Alberta Personal Information Protection Act (PIPA), along with any other applicable provincial or federal privacy legislation. We are committed to handling personal information in full compliance with these frameworks.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. When we make material changes, we will update the date at the bottom of this page and, where appropriate, notify affected individuals directly. We encourage you to review this policy periodically.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us:

Company: Grey Cybersecurity Solutions
Location: Calgary, Alberta, Canada
Email: privacy@greycybersecurity.com

Last updated: March 1, 2026