At Redstone Security, we conduct penetration testing as a vital component of our cybersecurity services. Penetration testing involves simulated cyber-attacks to identify vulnerabilities in your systems, helping to protect your business from real threats. We recognize the importance of privacy and take rigorous steps to ensure that our activities do not compromise your data's confidentiality, integrity, or availability.

Purpose
This Privacy Policy outlines how Redstone Security handles data during penetration testing engagements. It details our commitment to protecting your information and respecting your privacy throughout the process. Our policy is designed to comply with relevant laws and regulations, ensuring that our activities are both effective and legally sound.

Scope
This policy applies to all data and systems that are within the scope of a penetration testing engagement performed by Redstone Security. It covers any information that may be accessed, collected, or stored during the testing process. Our approach ensures that only necessary data is accessed and that all activities are conducted within legal boundaries.

Data Collection and Use

• Data Access: During penetration testing, we may access various types of data, including personal data, system logs, and configuration files. Access is strictly limited to what is necessary for testing purposes.
• Data Storage: Any data collected during the engagement is securely stored and protected using industry-standard encryption methods.
• Data Retention: Collected data is retained only for the duration of the engagement unless otherwise required by law or specific agreements. After the testing concludes, all data is securely deleted.

Confidentiality and Security

• Non-Disclosure: All information accessed or collected during the testing process is treated as confidential. Redstone Security will not disclose any information to unauthorized third parties without explicit consent from the client.
• Security Measures: We implement robust security measures to protect your data during and after the testing process. This includes using secure communication channels, encryption, and access controls.

Compliance with Laws and Regulations
Redstone Security adheres to all applicable laws and regulations governing data protection and privacy. This includes compliance with GDPR, CCPA, and other relevant frameworks, ensuring that your data is handled in accordance with the highest standards.

Client Responsibilities
To facilitate effective penetration testing, clients are responsible for providing accurate information and necessary access to systems. Clients must ensure that any data provided is lawfully obtained and that they have the authority to permit Redstone Security to conduct the testing.

Incident Response
In the event of any data breach or security incident during testing, Redstone Security will promptly notify the client and take immediate steps to mitigate any potential damage. A detailed report will be provided, outlining the nature of the incident and the measures taken.

Policy Updates
Redstone Security may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Clients will be notified of any significant changes, and the updated policy will be made available on our website.

Contact Information
For any questions or concerns regarding this Privacy Policy or our penetration testing services, please contact us

Last updated August 27th, 2024