Privacy Policy

1. Who We Are

Asterisk Defense LLC ("Asterisk Defense," "we," "us," or "our") is a governance, risk, and compliance (GRC) intelligence firm headquartered in Dallas, Texas. We operate the website asteriskdefense.com and related subdomains, including portal.asteriskdefense.com.

Data Controller Contact: Devon J. Euring  ·  devoneuring@asteriskdefense.com  ·  +1 (904) 962-8248

2. Information We Collect

2.1 Information You Provide Directly

• Contact form submissions: Name, email address, company name, and message content when you submit an inquiry.
• Newsletter subscriptions: Name and email address when you subscribe to our intelligence newsletter.
• Assessment completions: Name, email address, organization name, and assessment responses when you complete the Risk Rebel Self-Assessment™.
• Platform access requests: Name, email, organization, and any information shared in access requests for the GRC portal or protected tools.

2.2 Information Collected Automatically

• Usage data: Pages visited, time spent, browser type, device type, and referring URLs.
• IP address: Collected for security monitoring and analytics purposes.
• Cookies and session storage: We use session storage (not persistent cookies) for authentication state on protected pages. We do not use third-party tracking cookies.

2.3 Information from Tool Usage

When you use our AI-powered tools (Assumption Audit™, Governance Gap Diagnostic™, VUCA World Navigator™), the content you enter is processed by our AI system (AURA™) to generate your analysis. This content is not stored permanently in our systems and is not used to train AI models.

3. How We Use Your Information

• To respond to your inquiries and provide requested services
• To send our weekly intelligence newsletter (only with your consent)
• To notify you of your assessment results and relevant service recommendations
• To provide access to protected platform features
• To improve our website, tools, and services
• To comply with applicable legal obligations
• To protect the security and integrity of our platform

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

• Consent: Newsletter subscriptions and assessment completions
• Legitimate interests: Security monitoring, fraud prevention, service improvement
• Contract performance: Providing services you have requested
• Legal obligation: Compliance with applicable laws

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information with:

• Service providers: SendGrid (email delivery), DigitalOcean (hosting), Anthropic (AI processing for tool outputs). All providers are contractually bound to protect your data.
• Legal requirements: When required by law, court order, or governmental authority.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.

6. Data Retention

• Contact inquiries: Retained for 3 years or until you request deletion
• Newsletter subscribers: Retained until you unsubscribe or request deletion
• Assessment results: Email and name retained for 2 years; assessment scores retained in aggregate anonymized form indefinitely
• Tool inputs: Not retained after your session ends
• Authentication tokens: Session-based, expire after 8 hours

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of personal data we hold about you
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdrawal of consent: Withdraw consent at any time for consent-based processing
• Opt-out of newsletter: Reply "unsubscribe" to any newsletter email or contact us directly

To exercise any right, contact: devoneuring@asteriskdefense.com. We will respond within 30 days.

8. Security

We implement industry-standard security measures including HTTPS/TLS encryption, JWT-based authentication with expiring tokens, server-side API key storage (never exposed to browsers), and regular security monitoring. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

9. International Data Transfers

Our servers are located in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States. By using our services, you consent to this transfer. We ensure appropriate safeguards are in place for international transfers.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected information from a minor, we will delete it promptly.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on this page with a new effective date. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions, requests, or concerns: