Legal

Privacy Policy

Last updated: June 20, 2026

Who we are

Kaldor.io is a penetration testing and managed security firm based in Utah. We operate this website to provide information about our services and to collect scoping inquiries from prospective clients. Our contact address is hello@kaldor.io.

What we collect

When you submit a scoping inquiry through our contact or pricing form, we collect:

  • Full name and work email address
  • Company name
  • Compliance driver (SOC 2, HIPAA, PCI-DSS, cyber-insurance, etc.)
  • Approximate timeline and company size

We do not collect payment information through this website. We do not collect sensitive personal information beyond what is listed above. If you call us directly, we may take notes from that conversation to scope your engagement.

How we use it

We use your information solely to:

  • Respond to your inquiry and schedule a scoping call
  • Send you a fixed written quote for your engagement
  • Follow up on open proposals

We do not send marketing emails, newsletters, or promotional communications without your explicit consent. We do not sell, rent, or share your information with third parties for their marketing purposes.

Third-party services

This website is hosted on Vercel and uses the following third-party services:

  • Supabase — form submissions are stored in a private database. Supabase is SOC 2 Type II certified.
  • Google Analytics 4 — anonymous usage analytics (pages visited, session duration). No personally identifiable data is sent to GA4.

Each of these providers has its own privacy policy. We do not control their data practices beyond what our agreements with them require.

Cookies

This website uses minimal cookies. Google Analytics 4 sets anonymous session cookies to count visits. We do not use advertising cookies or cross-site tracking. You can disable cookies in your browser settings at any time without losing access to this site.

Data retention

We retain inquiry data for as long as the business relationship is active or for up to two years from the date of last contact, whichever is longer. If you ask us to delete your information, we will do so within 30 days unless we are required by law to retain it.

Your rights

You have the right to:

  • Request a copy of the information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information
  • Withdraw consent for any processing based on consent

To exercise any of these rights, email us at hello@kaldor.io with your name and the request. We will respond within 30 days.

Security

We apply appropriate technical controls to protect information submitted through this site. Form data is transmitted over TLS and stored in an access-controlled database. We do not store payment card data on our systems.

Governing law

This policy is governed by the laws of the State of Utah, United States. If you are located in the European Economic Area, you may also have rights under GDPR. Contact us to discuss.

Changes to this policy

We may update this policy as our services or legal requirements change. The "last updated" date at the top of this page reflects when the policy was last revised. Continued use of the site after an update constitutes acceptance of the revised policy.

Questions? Email hello@kaldor.io or call (385) 515-4860.