TPO Group Privacy Policy

Last Updated: 25 September 2025

​

1. Introduction

Welcome to TPO Group, LLC ("we," "our," or "us"). We are a cybersecurity consultancy specializing in incident response and cyber risk assessment. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website tpo.group, engage with our consulting services, or interact with us at conferences and industry events.

 

By using our services or providing us with your information, you consent to the data practices described in this Privacy Policy.

​

2. Information We Collect

​

2.1 Personal Information

We may collect personal information that you voluntarily provide to us, including:

 

• Name and contact information (email address, phone number, business address)

• Professional information (job title, company, industry)

• Information submitted through our website contact forms

• Business cards and contact details collected at conferences and industry events

• Communications and correspondence with us regarding cybersecurity consulting services

 

2.2 Website Information

​

When you visit our website, we may automatically collect:

 

• Device information (IP address, browser type, operating system)

• Usage data (pages visited, time spent on site, referring websites)

• General geographic location information

• Analytics data through Wix platform tools

 

2.3 Client Engagement Information

During our cybersecurity consulting engagements, we may collect:

 

• Information about your organization's cybersecurity posture and incidents

• Technical data related to cyber risk assessments

• Communications regarding incident response activities

• Business information necessary to provide our consulting services

 

Note: While we may encounter sensitive client data during incident response engagements, we handle such information strictly according to our client agreements and do not use it for marketing or general business purposes beyond the specific engagement.

​

3. How We Use Your Information

​

We use your personal information for the following purposes:

3.1 Service Provision

• Providing cybersecurity consulting and incident response services

• Conducting cyber risk assessments and security evaluations

• Responding to inquiries about our services

• Managing client relationships and project communications

3.2 Business Operations

• Improving our cybersecurity service offerings

• Maintaining professional relationships within the cybersecurity industry

• Following up on conference connections and business development

• Analyzing website usage to improve user experience

3.3 Professional Communications

• Sending relevant cybersecurity industry updates and insights

• Providing information about our services and capabilities

• Maintaining professional networks and relationships

• Responding to requests for information about cybersecurity matters

3.4 Legal and Compliance

• Complying with legal obligations

• Protecting our rights and interests

• Enforcing our service agreements

• Fulfilling professional and ethical obligations

 

4. Information Sharing and Disclosure

​

We may share your personal information in the following circumstances:

​

4.1 Service Providers

We may share limited information with trusted third-party service providers who assist us in:

 

• Website hosting and analytics (Wix platform)

• Professional communications and email services

• Business development and marketing activities

• Administrative and operational support

 

4.2 Professional Networks

We may share basic contact information within professional cybersecurity networks for:

 

• Industry collaboration and knowledge sharing

• Referrals to other cybersecurity professionals when appropriate

• Participation in industry associations and working groups

 

4.3 Legal Requirements

We may disclose your information when required by law, court order, or government regulation, or to:

 

• Protect our legal rights and interests

• Investigate potential violations of our agreements

• Comply with cybersecurity incident reporting requirements

• Ensure public safety and security

 

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity with appropriate confidentiality protections.

 

5. Data Security

 

As a cybersecurity consultancy, we implement robust security measures to protect your personal information, including:

 

• Encryption of sensitive data in transit and at rest

• Secure, encrypted communication channels for client interactions

• Multi-factor authentication and access controls

• Regular security assessments and monitoring

• Employee training on data protection and cybersecurity best practices

• Incident response procedures for any potential data breaches

 

We maintain cybersecurity standards consistent with industry best practices and our professional obligations to clients.

 

6. Data Retention

We retain your personal information for as long as necessary to:

 

• Provide our cybersecurity consulting services

• Maintain professional relationships and business records

• Comply with legal and professional obligations

• Fulfill legitimate business purposes

 

For client engagement data, retention periods are governed by our client agreements and applicable professional standards. General contact and business development information is retained as long as it remains relevant for professional relationship management.

 

7. Your Privacy Rights

​

You have the following rights regarding your personal information:

 

7.1 Access and Correction

• Request access to your personal information in our possession

• Correct inaccurate or incomplete information

• Request information about how we use your data

 

7.2 Deletion and Restriction

• Request deletion of your personal information (subject to legal and professional obligations)

• Restrict certain uses of your information

• Object to specific processing activities

 

7.3 Communication Preferences

• Opt out of non-essential communications

• Update your communication preferences

• Request removal from marketing communications

 

To exercise these rights, please contact us at privacy@tpo.group.

 

8. Website Analytics and Tracking

​

Our website may use analytics tools provided by the Wix platform to help us understand how visitors use our site. These tools may collect:

 

• Pages visited and time spent on our website

• General geographic location information

• Device and browser information

• Traffic sources and user pathways

 

You can manage your cookie preferences through your browser settings.

 

9. Third-Party Links

​

Our website may contain links to third-party websites or resources related to cybersecurity topics. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

​

10. Professional Conference and Event Data

​

When we collect business cards or contact information at cybersecurity conferences and industry events, we use this information to:

 

• Follow up on professional conversations and connections

• Share relevant cybersecurity insights and industry information

• Maintain professional relationships within the cybersecurity community

• Provide information about our services when relevant to your interests

 

11. Client Data Confidentiality

​

For information collected during cybersecurity consulting engagements, we maintain strict confidentiality in accordance with:

 

• Individual client agreements and statements of work

• Professional cybersecurity industry standards

• Legal and ethical obligations to clients

• Incident response confidentiality requirements

 

Client engagement data is handled separately from general business and marketing data, with enhanced security and confidentiality protections.

 

12. Data Transfers

​

As we primarily serve US-based clients, your information is generally processed within the United States. In the event we work with international clients or service providers, we implement appropriate safeguards to protect your information.

 

13. Changes to This Privacy Policy

​

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by:

 

• Posting the updated policy on our website at tpo.group

• Sending email notification to our professional contacts when appropriate

• Including notice of changes in our regular business communications

 

The "Last Updated" date at the top of this policy indicates when it was last revised.

 

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

 

TPO Group, LLC

 

• Email: privacy@tpo.group

• Address: 255 S King St Ste 800, Seattle, WA 98104

• Website: tpo.group

 

For general inquiries about our cybersecurity services, you may also use our website contact form.
 

15. Governing Law

​

This Privacy Policy is governed by the laws of the State of Delaware and applicable federal laws, without regard to conflict of law principles.

 

This privacy policy reflects our commitment to protecting your privacy while providing professional cybersecurity consulting services. We maintain the highest standards of data protection consistent with our role as cybersecurity professionals.