Privacy Policy

Overview

MNDefense ("we," "us," or "our") is committed to protecting the privacy of our website visitors and clients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit mn-defense.com or engage our services.

Information We Collect

Information You Provide Directly

• Name, email address, phone number, and company name submitted via contact or assessment forms
• Details about your practice, number of providers, and stated security needs
• Communications you send to us by email or through our website
• Payment and billing information when you engage our paid services

Information Collected Automatically

• IP address, browser type, operating system, and device identifiers
• Pages visited, time on site, and referring URLs via standard server logs
• HubSpot analytics cookies to understand form interactions and page engagement

Information From Third Parties

We may receive information about you from our CRM provider (HubSpot) when you interact with our marketing communications, including email open and click data.

How We Use Your Information

We use collected information to:

• Respond to inquiries and deliver the services you request
• Generate and deliver your HIPAA Risk Assessment report
• Send service updates, security alerts, and compliance communications
• Improve our website, tools, and service offerings
• Comply with applicable laws, regulations, and legal obligations
• Detect, investigate, and prevent fraudulent or unauthorized activity

We do not use your information for automated decision-making or profiling in a manner that produces legal effects.

Cookies and Tracking

We use cookies and similar technologies to enhance your experience. These include:

• Essential Cookies: Required for the website to function correctly
• Analytics Cookies: Help us understand how visitors interact with our site (HubSpot)
• Preference Cookies: Remember settings you have chosen

You may disable cookies in your browser settings. Note that disabling certain cookies may affect website functionality.

Data Sharing and Disclosure

We share your information only in the following circumstances:

• Service Providers: HubSpot (CRM), email delivery providers, and hosting infrastructure providers who are bound by confidentiality agreements
• Legal Requirements: When required by law, subpoena, court order, or to protect rights, property, or safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with advance notice to you
• Consent: With your explicit permission for any other purpose

We never sell your personal data to data brokers, advertisers, or other third parties.

Data Security

As a healthcare cybersecurity firm, we apply rigorous security measures to protect your data, including:

• TLS encryption for all data transmitted to and from our website
• Access controls limiting data access to authorized personnel only
• Regular security assessments of our own systems and vendor relationships
• Incident response procedures in the event of a data breach

No method of transmission over the internet is 100% secure. We strive to use commercially acceptable means to protect your data but cannot guarantee absolute security.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, provide services to you, and comply with legal obligations. Contact and assessment data submitted through our website is generally retained for up to 3 years unless you request earlier deletion.

Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your personal data
• Opt out of marketing communications at any time
• Lodge a complaint with a supervisory authority (EU/UK residents)

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by updating the effective date at the top of this page. Continued use of our website after changes are posted constitutes acceptance of the revised policy.

Contact Us

For privacy-related questions or to exercise your rights, please contact: