This policy describes what personal data Assay Cyber handles, how we use it, and what rights you have over it. We try to be direct rather than comprehensive — if a question isn't answered here, write to us at the address below and we will answer it.
Who we are
Assay Cyber is the operating brand of Vanguard Cyber Solutions LLC, a Virginia limited liability company. We are an independent cybersecurity and AI governance advisory practice. The principal and sole data controller is John Porter.
What we collect on this site
The assaycyber.com website is a static marketing presence. It does not use cookies, set local storage, run analytics, or collect any data directly from visitors. There is no signup form, no comment section, no tracking pixel.
Our hosting provider, Cloudflare, automatically logs technical data about every request to the site — including the requesting IP address, the URL requested, the referring page, the browser user-agent, and the timestamp. This data is retained by Cloudflare under their own privacy terms and is used by us for security monitoring and to diagnose issues. We do not export, analyze, or correlate this log data ourselves.
The site loads typography from Google Fonts. Google receives the requesting IP address as part of that font request. If you object to this, blocking third-party requests from your browser will prevent the data from being shared, though the site will fall back to system fonts.
What we collect when you contact us
If you email any address at assaycyber.com (including hello, security, or john), we receive your email address, your message contents, and any metadata your mail client includes. We use this only to respond to you and to maintain a record of the correspondence.
Email is delivered through Google Workspace, which retains messages on Google's infrastructure under Google's data processing terms. We do not forward your messages to third parties or use them for any purpose other than the conversation you initiated.
What we collect during client engagements
In the course of an engagement, we may receive personal data about your employees, customers, or contractors as part of the work — for example, names of personnel responsible for security controls, evidence collected during audits, or records reviewed during gap assessments. This data is handled under the terms of our Master Services Agreement and any data processing addendum, and is restricted to the engagement personnel on both sides.
We do not retain client personal data beyond the engagement closeout period specified in the engagement agreement. Engagement-specific working files are stored in access-controlled environments and are deleted or returned to the client at engagement close.
What we do not do
- We do not sell, rent, or share personal data with third parties for their own purposes
- We do not use personal data for advertising or marketing personalization
- We do not perform automated decision-making or profiling on personal data
- We do not transfer personal data outside the United States except as required by the integrated services described above (Cloudflare, Google) under their respective frameworks
Your rights
Depending on your location, you may have rights under laws such as the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), or the Virginia Consumer Data Protection Act (VCDPA). These typically include the right to access, correct, delete, or restrict use of personal data we hold about you, and the right to receive a copy in a portable format.
To exercise any of these rights, write to us at the address below. We will respond within thirty days. If your request requires verification of your identity, we will ask for what we need to confirm before acting.
Contact
If we have not addressed your concern adequately, you have the right to lodge a complaint with your local data protection authority. EU residents may contact their national supervisory authority; California residents may contact the California Privacy Protection Agency; Virginia residents may contact the Office of the Virginia Attorney General.
This policy is reviewed annually and updated as our infrastructure or services change. Material updates will be reflected in the effective date at the top of this page and noted in the document history below.
Document history
2026-04-19 · Initial publication.