Privacy Policy
How we collect, use, and protect your personal information.
Last updated: June 2026
On this page
Fortiori LLC ("Fortiori," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at fortiori.io (the "Site") or contact us about our consulting services.
In short: we collect the details you choose to send us through our contact and newsletter forms, plus a small amount of privacy-respecting, consent-gated analytics. Analytics stays off until you opt in, we honor Global Privacy Control signals, and we do not sell or rent your personal information.
Who We Are
Fortiori LLC operates this marketing Site and provides offensive-security consulting services. For privacy questions, or to exercise any of the rights described below, contact us at privacy@fortiori.io. Personal data handled inside the Fortiori Institute learning platform is governed by the privacy notice published on that service.
Information We Collect
Information you provide to us.
- Contact form — your name, email address, an optional company or organization, an optional area of interest, and the contents of your message.
- Newsletter signup — your email address, used only to send the updates you subscribe to. Subscriptions use double opt-in (you confirm by email before we send anything).
Information we collect automatically.
- Consent-gated usage analytics— if, and only if, you opt in to analytics, we record limited, aggregated usage data: the pages you view, a coarse page type, the originating website (the referrer reduced to its origin — we strip the path and query string), and Core Web Vitals performance measurements. This data is tied to a random session identifier held in your browser's session storage, not to your name or email.
- Security and abuse-prevention data — we process your IP address transiently to rate-limit requests and block abuse. We do not store your raw IP address as profile data; we retain only a salted, irreversible hash of it. Our hosting and analytics providers may process your IP address transiently to deliver the service (for example, routing, abuse protection, and event ingestion).
- Error diagnostics — if something on the Site fails, our error-monitoring provider records technical diagnostics to help us fix it, with personal-data collection disabled and no session replay.
How We Use Your Information
We use the information we collect to:
- Respond to your inquiries and scope potential consulting engagements;
- Send the newsletter or updates you have opted in to receive;
- Measure and improve Site performance and content (consent-gated analytics only);
- Keep the Site secure, prevent abuse, and diagnose errors;
- Comply with our legal obligations and enforce our terms.
Legal Bases for Processing
For visitors in the United States, we process personal information as permitted by applicable state and federal law. For visitors in the European Economic Area or the United Kingdom, where the GDPR or UK GDPR applies, we rely on the following legal bases:
- Your consent — for analytics and for sending you marketing emails. You may withdraw consent at any time.
- Our legitimate interests — to respond to inquiries you send us, and to keep the Site secure and functioning, balanced against your rights.
- Legal obligation — where we must process data to comply with the law.
Cookies and Analytics
By default this Site sets a single first-party cookie that records your cookie-consent choice. Optional analytics cookies are used only after you opt in. We honor Global Privacy Control (GPC) browser signals, and we do not use advertising or cross-site tracking cookies. For full detail, see our Cookie Policy.
You can review or change your choice at any time here: .
How We Share Information
We do not sell, rent, or trade your personal information. We share data only with service providers that process it on our behalf to operate the Site, under contracts that limit their use of the data:
- a hosting, content-delivery, and bot-protection provider;
- an email-delivery provider;
- a consent-gated usage-analytics provider (United States);
- an error-monitoring provider, configured with personal-data collection disabled (United States).
The specific providers we currently use are listed on our Third-Party Service Providers page. We may also disclose information if required by law, to protect our rights, or in connection with a corporate transaction.
Your Privacy Choices
- Analytics — off until you opt in; change your choice through the cookie preferences control at any time.
- Global Privacy Control — if your browser sends a GPC signal, we keep analytics off automatically.
- Newsletter — every email includes a one-click unsubscribe link, and you can unsubscribe at any time.
- Do Not Sell or Share — we do not sell or share your personal information for cross-context behavioral advertising, so there is nothing to opt out of; we honor GPC regardless.
Your Privacy Rights
Depending on where you live, you may have the right to access, correct, delete, or obtain a copy of your personal information, and to opt out of its sale or sharing (which we do not do). Residents of California and other U.S. states with comprehensive privacy laws have these rights and the right not to be discriminated against for exercising them.
If you are in the European Economic Area or the United Kingdom, you also have the rights to restrict or object to processing, to data portability, to withdraw consent, and to lodge a complaint with your local supervisory authority.
To exercise any of these rights, email privacy@fortiori.io. We may need to verify your identity, and we will respond within the timeframe required by applicable law.
Data Retention
We keep personal information only as long as we need it for the purposes described in this policy, then delete or anonymize it. Specifically:
- Contact submissions — retained for as long as needed to respond to you and to maintain reasonable business records, after which they are deleted or anonymized.
- Newsletter records — retained until you unsubscribe (we then suppress your address to honor your choice).
- Consent-gated analytics events— events stored on our own systems are automatically deleted after 180 days. Measurements sent to our analytics provider (PostHog, Inc., United States) are retained under that provider's data-retention practices and are tied to a random identifier, not your name or email.
- Security and rate-limiting data — short-lived and pruned on a rolling basis.
Data Security
As a cybersecurity firm, we hold ourselves to a high standard for data protection. We apply technical and organizational measures including encryption in transit and at rest, least-privilege access controls, and audit logging. More detail on our security posture and how to report a vulnerability is on our Security page. No method of transmission or storage is perfectly secure, but we work to protect your information appropriately to its sensitivity.
International Data Transfers
Fortiori is based in the United States, and we process the information collected through this Site in the United States. If you access the Site from outside the United States, you understand that your information will be processed here. Where we begin offering services to customers in the European Economic Area or the United Kingdom, we will put in place appropriate transfer safeguards (such as Standard Contractual Clauses) as required by applicable law.
Children's Privacy
The Site and our services are intended for businesses and professionals and are not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, contact privacy@fortiori.io and we will delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "last updated" date, and where appropriate we will notify newsletter subscribers by email. Your continued use of the Site after an update takes effect constitutes acceptance of the revised policy.
Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
- Fortiori LLC — privacy@fortiori.io
- General inquiries: fortiori.io/contact