Privacy Policy
Last Updated: April 14, 2026
At Illumen ("we," "us," or "our"), we are committed to protecting your privacy and handling your personal information with care and transparency. As a cybersecurity and compliance consulting firm, we understand the critical importance of data protection and privacy.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website illumen.io and use our services.
1. Information We Collect
1.1 Information You Provide Directly
When you contact us or request our services, we collect:
- Contact Information: First name, last name, email address, phone number
- Company Information: Company size, country/location
- Service Inquiries: Service interests, specific compliance frameworks, project details, and messages you send us
- URL Parameters: Service selections, plan preferences, billing preferences, and framework interests passed via URL parameters
1.2 Information Collected Automatically
When you visit our website, we automatically collect certain information through cookies and similar technologies:
- Analytics Data: Page views, pages visited, time spent on pages, referral sources, and general usage patterns
- Scroll Tracking: Scroll depth on certain pages (25%, 50%, 75%, 100%) to understand content engagement
- Marketing Attribution: UTM parameters from marketing campaigns to understand which channels bring visitors to our site
- Technical Information: Browser type, device type, IP address (anonymized), and general location (country/region level)
- Bot Protection Data: Cloudflare Turnstile verification tokens to prevent spam and abuse
- B2B Visitor Identification: IP address and page visit data used to identify the company or organization associated with your visit (not individual identity). This helps us understand which businesses are interested in our services
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To respond to your inquiries, provide consultations, and deliver cybersecurity and compliance services
- Communication: To contact you about your requests, provide updates, and respond to your questions
- Website Improvement: To understand how visitors use our website and improve user experience
- Marketing Analysis: To measure the effectiveness of our marketing efforts and understand which channels bring potential clients
- Security: To protect our website from spam, abuse, and malicious activity
- Legal Compliance: To comply with applicable laws, regulations, and legal processes
3. Cookies and Tracking Technologies
3.1 Analytics Cookies
We use DataFast, a privacy-focused, GDPR-compliant analytics platform, to understand website usage and improve our services. DataFast collects:
- Page views and navigation patterns
- Scroll depth and content engagement
- Traffic sources and UTM campaign parameters
- Anonymized IP addresses
- Browser and device information
DataFast does not use third-party cookies, does not sell your data, and is designed to be privacy-friendly while providing essential business analytics.
3.2 Marketing and B2B Identification Cookies
We use ZoomInfo, a B2B data platform, to identify the companies and organizations visiting our website. ZoomInfo uses IP-to-company matching and cookies to determine which businesses are browsing our site, helping us understand demand and tailor our outreach. ZoomInfo collects:
- IP address (matched to company records, not individuals)
- Pages visited and browsing behavior
- Company-level firmographic data (company name, industry, size)
ZoomInfo does not identify you personally as an individual visitor. This tool requires your consent before loading and is categorized as a marketing cookie. You can opt out at any time through the consent management interface.
3.3 Consent Management
We use Cloudflare Zaraz to manage third-party scripts and handle consent in compliance with GDPR and other privacy regulations. When you first visit our site, you can choose to accept or decline analytics cookies. Your choice is respected and stored for future visits.
Essential cookies required for website functionality (such as bot protection) do not require consent under GDPR.
3.4 Managing Cookie Preferences
You can change your cookie preferences at any time through your browser settings or by using the consent management interface when you visit our site. You can also opt out of analytics and marketing tracking by using browser extensions or privacy-focused browsers.
4. Third-Party Services We Use
We use the following trusted third-party services to operate our website and deliver our services:
- DataFast (Analytics): GDPR-compliant web analytics platform that helps us understand website usage.DataFast Privacy Policy
- ZoomInfo (B2B Visitor Identification): Identifies companies visiting our website using IP-to-company matching to help us understand business interest in our services.ZoomInfo Privacy Policy
- Cloudflare (Infrastructure & Security): Provides website hosting, DDoS protection, consent management (Zaraz), and bot protection (Turnstile).Cloudflare Privacy Policy
- Amazon Web Services (AWS): Provides email delivery (SES) and secure configuration storage (Secrets Manager).AWS Privacy Notice
These service providers are contractually obligated to protect your data and use it only for the purposes we specify. We carefully select partners who maintain high standards of data protection and privacy.
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:
- Service Providers: With trusted third-party service providers who assist in operating our website and delivering services (as described above)
- Legal Obligations: When required by law, court order, or governmental authority
- Business Transfers: In connection with a merger, acquisition, or sale of assets (your data would be transferred with appropriate protections)
- Protection of Rights: To protect the rights, property, or safety of Illumen, our clients, or others
- With Your Consent: When you explicitly authorize us to share your information
6. Data Retention
We retain your personal information only as long as necessary for the purposes outlined in this Privacy Policy:
- Contact Form Submissions: Retained for 3 years or until you request deletion
- Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely for business intelligence purposes
- Email Communications: Retained as needed for business purposes and legal compliance
- Client Project Data: Retained according to our service agreements and professional obligations
After the retention period, we securely delete or anonymize your personal information.
7. Data Security
As a cybersecurity consulting firm, we take data security seriously. We implement industry-standard security measures to protect your personal information:
- Encryption: All data transmission is encrypted using TLS/SSL protocols
- Secure Storage: Personal data is stored in secure, encrypted cloud infrastructure
- Access Controls: Limited access to personal data on a need-to-know basis
- Bot Protection: Cloudflare Turnstile protects forms from automated abuse
- Input Validation: All form inputs are validated and sanitized to prevent injection attacks
- Regular Security Reviews: We regularly review and update our security practices
While we strive to protect your personal information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but maintain vigilance to protect your data.
8. Your Privacy Rights
8.1 GDPR Rights (European Economic Area)
If you are located in the EEA, you have the following rights:
- Right to Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restriction: Request limitation of how we process your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for analytics cookies at any time
8.2 CCPA Rights (California Residents)
If you are a California resident, you have the following rights under CCPA:
- Right to Know: Request disclosure of personal information we collect, use, and share
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information. We use ZoomInfo for B2B visitor identification, which may constitute "sharing" under CCPA. You can opt out via our consent management interface
- Right to Non-Discrimination: Exercise your privacy rights without discrimination
8.3 Exercising Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.
9. International Data Transfers
Our website is hosted and operated in the United States. If you are located outside the United States, please be aware that information we collect will be transferred to, processed, and stored in the United States.
The United States may not have the same data protection laws as your jurisdiction. However, we take appropriate safeguards to ensure your personal information remains protected in accordance with this Privacy Policy and applicable data protection laws.
10. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected], and we will promptly delete such information.
11. Do Not Track Signals
Some browsers include a "Do Not Track" (DNT) feature. Our website does not currently respond to DNT signals. However, you can control cookie preferences through our consent management system and your browser settings.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:
- Updating the "Last Updated" date at the top of this policy
- Posting a notice on our website homepage
- Sending an email notification to active clients (for significant changes)
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We are committed to resolving privacy concerns and will respond to your inquiry within a reasonable timeframe.
14. Legal Basis for Processing (GDPR)
For users in the European Economic Area, we process your personal data based on the following legal grounds:
- Consent: For analytics cookies and marketing communications (you can withdraw consent at any time)
- Contract Performance: To provide services you request and respond to inquiries
- Legitimate Interests: To improve our website, prevent fraud, and ensure security (balanced against your privacy rights)
- Legal Obligations: To comply with applicable laws and regulations
Have questions about our privacy practices?
Contact Us