top of page

Privacy Policy

XeniumCyber LLC ("XeniumCyber," "we," "us," or "our"), a veteran-owned cybersecurity firm based in Decatur, Georgia, respects your privacy and is committed to protecting the Personal Data and Customer Data that you share with us.

This Privacy Policy ("Policy") describes how we collect, use, share, and protect information when you visit our website, utilize our branded cybersecurity services (the "Xenium Suite"), or interact with us professionally. It also applies to information processed under our Master Service Agreement (MSA) with our clients.

By accessing our website, subscribing to our services, or engaging with our content, you consent to the data practices described in this Policy. For detailed information on specific service terms, liabilities, and client responsibilities, please also refer to our Master Service Agreement (MSA) and relevant Service Level & Scope Policies.

 

1. INFORMATION WE COLLECT

We collect information directly from you, automatically through your website interaction, and from essential service providers supporting our operations.

1.1 Personal Data

"Personal Data" is any information relating to an identified or identifiable natural person. We collect this data when you interact with our website, request information, or subscribe to services. Examples include:

  • Contact Information: Names, business email addresses, phone numbers (including your WhatsApp Business number if provided), and job titles.

  • Company Details: Company names, primary business addresses, and industry.

  • Wix Form Submissions: Information entered into our contact forms, service inquiry forms, or lead capture forms (e.g., for the "Cyber Health Check" utilizing Xenium Recon™).

  • Communication Content: Messages sent via email (integrated with our Google Workspace) or WhatsApp Business, and records of technical support requests.

1.2 Automatically Collected Data

When you visit our website, we automatically collect certain technical data from your device, primarily using cookies and similar tracking technologies via our website host, Wix. This includes:

  • Log Data: Internet Protocol (IP) address, browser type and version, time zone setting, operating system, and platform.

  • Usage Data: Information about how you use our website, including pages viewed, links clicked, and the duration of your visit. This data helps us analyze website traffic and improve user experience.

1.3 Customer Data

As defined in our MSA, "Customer Data" means all data, information, or material provided, uploaded, or submitted by our clients to utilize the Services within the Xenium Suite. For example, utilizing Xenium Recon™ (our continuous external vulnerability intelligence and reconnaissance service) requires target IP addresses and fully qualified domain names (FQDNs), and results in detailed "Recon Reports" and "Security Grades." Data processing for other services in the Xenium Suite (Xenium Sentry™, Xenium Command™, Xenium Perimeter™, Xenium Compliance™) varies by service type.

We process Customer Data only in accordance with the Client's instructions as detailed in the MSA, and for no other purposes unless legally required.

 

2. HOW WE USE YOUR INFORMATION

XeniumCyber uses collected information based on legitimate business purposes, contract fulfillment, or your consent:

  • Service Delivery: To provide, operate, maintain, and support the requested services within the Xenium Suite.

  • Communication: To send technical alerts, support messages, service updates, and invoices (via email or WhatsApp Business, referencing our GTM strategy).

  • Improvement: To analyze website usage, understand user needs, and enhance our service offerings and customer experience.

  • Marketing (with Consent): To send newsletters, educational cybersecurity content (including "The SSG’s Take" referencing our GTM), or promotional offers if you have opted-in. You may opt-out at any time.

  • Lead Generation (e.g., Cyber Health Check): To provide trial assessments (like the Roboshadow-backed "Xenium Recon" scan) and communicate the findings, strictly adhering to "click-to-accept" enforcement at checkout (referencing Step 3 of MSA instructions).

  • Compliance & Legal: To comply with applicable laws, respond to legal requests, and enforce our MSA or this Policy.

  • Data Aggregation: We may anonymize and aggregate collected data to generate general industry insights or improve our detection algorithms, ensuring no Personal Data is identifiable in the output.

 

3. SHARING OF INFORMATION

We do not sell your Personal Data. We share information only with trustworthy third parties essential to delivering the Services within the Xenium Suite, or as legally required:

3.1 Internal Sharing & Service Providers

To operate with military-grade efficiency, XeniumCyber shares data internally with essential personnel and subcontractors bound by confidentiality and security standards. Crucially, your information may be processed by our underlying technical partners who support the distinct services in the Xenium Suite:

  • Managed Detection & Response Partner (supporting Xenium Sentry™): Process endpoint data to perform 24/7 managed threat hunting (Huntress backend).

  • Vulnerability Intelligence Partner (supporting Xenium Recon™): Process network data for automated vulnerability scanning and risk scoring (Roboshadow backend).

  • Operations & Remote Monitoring Partner (supporting Xenium Command™): Utilize agent data for automated patch management and remote support (NinjaOne backend).

  • Governance, Risk, & Compliance Partner (supporting Xenium Compliance™): Manage data related to compliance assessments and policy development (Blacksmith Infosec backend).

  • Website Host & Email Provider: We utilize Wix for website hosting and Google Workspace for email and productivity tools. Information collected via Wix forms and standard email communication is processed by these partners.

  • Communication Platform: We use WhatsApp Business for encrypted and professional client communication, including critical alerts (referencing GTM strategy).

These partners access only the minimal data necessary to support XeniumCyber's operations and must maintain strict data security and confidentiality protocols. XeniumCyber remains responsible for ensuring the compliant processing of your data by these partners.

3.2 Legal, Corporate, & Safety Disclosure

We may share your information if we believe it is reasonably necessary:

  • Legal Process: To comply with a subpoena, court order, law enforcement request, or other governmental process.

  • Corporate Transaction: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business (subject to MSA assignment clauses).

  • Safety & Rights: To protect the safety, rights, or property of XeniumCyber, our employees, clients, or the public.

 

4. COOKIES AND TRACKING TECHNOLOGIES

We utilize Wix as our website platform. Wix uses cookies and similar technologies (like pixels and web beacons) for essential website functionality, performance measurement, user preference remembrance, and potentially marketing (if consented to via Wix’s built-in banner capability).

You can manage your cookie preferences through your browser settings. Be aware that disabling certain cookies may affect website functionality (referencing Step 1 of MSA instructions). For detailed information, please see Wix’s own Cookie Policy on their website.

 

5. DATA SECURITY

XeniumCyber applies military-grade discipline to the protection of collected data. We and our service partners implement comprehensive physical, technical, and administrative security measures, including:

  • Encryption: Data is encrypted in transit (using protocols like HTTPS and TLS) and at rest, where appropriate. WhatsApp Business utilizes end-to-end encryption for message content (referencing GTM).

  • Access Controls: Restricted access based on the "principle of least privilege" for employees and partners.

  • Monitoring: Continuous monitoring and regular security assessments of our infrastructure and partners’ systems.

Shared Responsibility: Customer acknowledges that cybersecurity is a shared responsibility. Clients are responsible for maintaining proper Multi-Factor Authentication (MFA) across their systems (e.g., Google Workspace) and acting on remediation advice provided by XeniumCyber, as detailed in the MSA.

 

6. DATA RETENTION

We retain information only as long as necessary to provide the Services, fulfill the purposes outlined in this Policy, comply with legal obligations (e.g., tax, audit, statutory retention periods), and resolve disputes.

Regarding Customer Data processed under the MSA, upon termination of the agreement, XeniumCyber will follow the data return and destruction protocols specified in the MSA termination clause.

 

7. INTERNATIONAL DATA TRANSFERS

XeniumCyber and its service providers (like Wix, Google Workspace, Huntress, Roboshadow, NinjaOne, WhatsApp) may store and process data in locations globally, including the United States. If you are located outside the US, your Personal Data may be transferred to and processed in the US.

XeniumCyber ensures any such transfers are conducted securely and in compliance with applicable laws. Our service partners generally utilize standard contractual clauses or similar approved mechanisms to govern international data transfers.

 

8. CHILDREN’S PRIVACY

Our website and services are intended for professional use by businesses. We do not knowingly collect Personal Data from children under the age of 16 (or higher age required by local law). If we learn that we have inadvertently collected data from a child, we will take steps to delete it promptly.

 

9. YOUR RIGHTS

Subject to applicable data protection laws, you may have the following rights regarding your Personal Data:

  • Access: The right to request a copy of the Personal Data we hold about you.

  • Correction: The right to request correction of inaccurate Personal Data.

  • Deletion: The right to request erasure of your Personal Data, subject to certain exceptions.

  • Restriction: The right to request restricted processing of your Personal Data.

  • Portability: The right to request a copy of your Personal Data in a machine-readable format.

  • Object: The right to object to processing based on legitimate interests or for direct marketing.

  • Withdraw Consent: Where processing is based on consent, the right to withdraw that consent at any time.

To exercise these rights, or to submit questions or complaints regarding our data practices, please contact our Data Protection Officer at DPO@xeniumcyber.com. We will process your request in accordance with applicable laws. You also have the right to lodge a complaint with your local data protection authority.

 

10. POLICY UPDATES

XeniumCyber reserves the right to update this Privacy Policy at any time. Changes will be posted on this dedicated page on our website (referencing the "Legal Hub" from MSA instructions) with an updated "Last Updated" date. Your continued interaction with XeniumCyber after any modifications constitute your acknowledgement of the updated Policy.

 

11. CONTACT INFORMATION

For any questions about this Privacy Policy or XeniumCyber's privacy practices, please contact us:

XeniumCyber LLC

Attention: Data Protection Officer (Michael W. Salazar, Founder/CEO)

Email: msalazar@xeniumcyber.com

bottom of page