Legal

Privacy Policy

Effective February 21, 2026

1. Data Controller

SecurityInstitute.com ("Site", "we", "us", "our") is operated by Bill Alderson / Security Institute, located at Cedar Park (Austin), TX 78717, United States. We are the data controller responsible for your personal data collected through this Site.

For privacy inquiries, contact our designated privacy representative:
Bill Alderson
Email: [email protected]
Phone: 512-201-1977

2. Information We Collect

We collect the following categories of personal data:

2.1 Information You Provide Directly

  • Contact form submissions: Name, email address, phone number, and message content
  • Members account registration: Name, email address, and password (hashed and salted)
  • Email correspondence: Any information you include when contacting us directly
  • Community feed: Posts, comments, and links you share within the Members area

2.2 Information Collected via Third-Party Sign-In (LinkedIn)

If you choose to sign in using LinkedIn, we use LinkedIn's OpenID Connect authentication to receive the following data from your LinkedIn profile:

  • Your name (first and last)
  • Your email address
  • Your LinkedIn profile identifier

We do not access your LinkedIn connections, posts, messages, or any other LinkedIn profile data beyond what is listed above. We do not post to LinkedIn on your behalf or access your LinkedIn account after authentication. LinkedIn sign-in data is used solely for account creation and authentication on this Site.

2.3 Automatically Collected Information

  • IP address, browser type and version, operating system
  • Pages visited, referring URLs, timestamps, and session duration
  • Device type and screen resolution

This data is collected by Cloudflare (our CDN and security provider) and through standard server logs.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under one or more of the following legal bases:

  • Consent: When you voluntarily submit a contact form, create a Members account, or sign in via LinkedIn, you consent to our collection and use of the data you provide. You may withdraw consent at any time.
  • Contractual necessity: Processing required to provide the Members services you have registered for (account management, access control, community features).
  • Legitimate interest: Site security, fraud prevention, analytics in aggregate, and improving our services — balanced against your rights and freedoms.
  • Legal obligation: Where we are required by law to retain or disclose data.

4. How We Use Your Information

We use collected information for the following purposes:

  • Respond to inquiries and provide requested services
  • Create, authenticate, and manage Members accounts
  • Provide access to Members-only content and community features
  • Operate, maintain, and improve the Site
  • Publish and distribute content, including automated posting to social media platforms
  • Analyze site traffic and usage patterns in aggregate
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Cookies and Tracking Technologies

5.1 Cookies We Use

  • Session/authentication cookie (si_token): An HTTP-only cookie used to authenticate Members after login. Expires after 7 days. This is a strictly necessary cookie required for the Members area to function.
  • Cloudflare cookies: Cloudflare may set cookies for security purposes (e.g., bot detection and DDoS protection). These are strictly necessary.

5.2 Managing Cookies

You can control and delete cookies through your browser settings. Disabling strictly necessary cookies may prevent you from logging into the Members area. We do not use advertising or third-party tracking cookies.

6. Third-Party Services and Data Processors

We use the following third-party services that may process personal data on our behalf:

Each third-party service operates under its own privacy policy. We have selected processors that provide appropriate data protection safeguards.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties.

We may disclose personal data only in the following circumstances:

  • Service providers: With the third-party processors listed in Section 6, solely for the purposes described in this policy
  • Legal requirements: When required by law, subpoena, court order, or governmental regulation
  • Protection of rights: To protect the safety, rights, or property of Security Institute, our users, or the public
  • Business transfer: In connection with a merger, acquisition, or sale of assets (you would be notified of any such change)

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Members accounts: Data is retained for the lifetime of the account. Upon account deletion, personal data is removed within 30 days.
  • Contact form submissions: Retained for up to 24 months, then deleted.
  • Server logs: Retained for up to 90 days for security and operational purposes.
  • Community posts and comments: Retained for the lifetime of the account unless individually deleted by the user or a moderator.

Where legal obligations require longer retention (e.g., tax or compliance records), we will retain only the minimum data necessary for that purpose.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • HTTPS/TLS encryption for all data in transit
  • Cloudflare DDoS protection and web application firewall
  • Passwords stored using bcrypt hashing (never in plaintext)
  • HTTP-only, secure cookies for authentication tokens
  • Rate limiting on authentication and form submission endpoints
  • Regular security reviews and access controls

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

10.1 Rights Under GDPR (EEA/UK/Switzerland)

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: Request that we limit how we use your data
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format (JSON or CSV)
  • Right to object: Object to processing based on legitimate interest
  • Right to withdraw consent: Withdraw previously given consent at any time

You also have the right to lodge a complaint with your local data protection supervisory authority.

10.2 Rights Under CCPA/CPRA (California Residents)

  • Right to know: Request what personal information we collect, use, and disclose
  • Right to delete: Request deletion of your personal information
  • Right to correct: Request correction of inaccurate personal information
  • Right to opt out: We do not sell or share personal information for cross-context behavioral advertising
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

In the preceding 12 months, we have not sold personal information, and we do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA/CPRA.

10.3 Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 30 days (or 45 days for complex requests, with notice). We may need to verify your identity before fulfilling your request.

11. International Data Transfers

Our servers are located in the United States. If you access this Site from outside the United States, your data may be transferred to and processed in the United States.

For users in the EEA, UK, or Switzerland, we rely on the following safeguards for international transfers:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
  • Data processing agreements with third-party providers that include appropriate safeguards
  • The EU-U.S. Data Privacy Framework, where our processors are certified participants

12. Children's Privacy

This Site is not directed to children under the age of 16 (or 13 in jurisdictions where COPPA applies). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at [email protected] and we will promptly delete the data.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where required by GDPR)
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
  • Document the breach, its effects, and remedial actions taken

14. Do Not Track

We do not currently respond to "Do Not Track" (DNT) browser signals because there is no consistent industry standard for compliance. We do not engage in cross-site tracking or targeted advertising.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective" date at the top of this page. For significant changes that affect how we process your data, we will provide prominent notice on the Site or notify Members by email. Your continued use of the Site after changes are posted constitutes acceptance of the updated policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us:

Security Institute
Attn: Privacy
Bill Alderson
Cedar Park (Austin), TX 78717
Email: [email protected]
Phone: 512-201-1977