Privacy Policy

Last updated: June 28, 2026

Overview

Secunit Mercantile LLC ("Secunit," "we," "us," or "our") operates secunit.io. We take privacy seriously. This policy explains what information we collect, how we use it, and your rights regarding that information. We process contact form data on the basis of your request to receive our services and our legitimate interest in security monitoring and abuse prevention.

Information We Collect

We collect only information you voluntarily provide through our contact form: your name, email address, company name, phone number, and message content. We also automatically receive standard server-side metadata with each request—IP address, browser user-agent, referring URL, and request timestamp—solely for security monitoring and abuse prevention.

We do not purchase, license, or receive personal data from data brokers or third-party marketing sources.

How We Use Your Information

We use the information we collect exclusively to:

We do not sell, rent, license, or share your personal information with third parties for marketing or advertising purposes.

Data Processors and Sub-processors

To operate this website we rely on the following third-party providers:

No other third parties receive your personal data through normal operation of this website.

Cookies and Local Storage

This website sets no tracking cookies and deploys no third-party analytics scripts. The only client-side storage we use is a single localStorage key that saves your light/dark-mode preference. That value never leaves your browser.

Data Retention

Contact-form submissions are retained in our Cloudflare D1 database for up to 24 months for business continuity and follow-up purposes, after which they are deleted. Transactional email logs held by Resend are subject to Resend's own retention schedule. Server request metadata is retained for up to 30 days for security monitoring, then purged.

Security Measures

All data in transit is protected by TLS 1.2 or higher. Data at rest in our Cloudflare D1 database is encrypted by Cloudflare's platform-level encryption. Contact form submissions pass through honeypot validation and server-side rate limiting before storage.

For sensitive communications we offer GPG-encrypted email. Our public keys are available at /security/ecc.txt (ECC) and /security/rsa.txt (RSA).

Your Rights

Regardless of your jurisdiction, you may exercise the following rights at any time by contacting us at security@secunit.io:

We will respond to verifiable requests within 30 days. We may need to verify your identity before fulfilling a request.

Children's Privacy

This website is not directed at children under 13 years of age, and we do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently collected such information, please contact us immediately so we can delete it.

International Data Transfers

Our infrastructure is operated primarily in the United States. If you are located outside the United States, please be aware that your information will be transferred to and processed in the U.S., where data-protection laws may differ from those in your country.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be noted prominently. Your continued use of the website after any change constitutes acceptance of the updated policy.

Contact Us

Questions about this Privacy Policy or requests to exercise your rights: security@secunit.io.