Privacy Policy

Last updated: January 2026 · This document is a template and should be reviewed by qualified legal counsel before publication.

This Privacy Policy explains how BIDODI Inc. (“BIDODI,” “we,” “us,” or “our”) handles information in connection with our website, our communications, and the professional cybersecurity, compliance, and assurance services we provide to our clients. We are a security services firm, and the trust our clients place in us is the foundation of our business. We have written this policy to be clear about what we collect, why we collect it, how we protect it, and the choices available to you. By using our website or engaging our services, you agree to the practices described here.

01Scope of this policy

This policy applies to information we process through our public website, our sales and marketing activities, our support and administrative functions, and the delivery of paid engagements. It covers visitors to our site, prospective clients who contact us, and the authorized representatives of organizations that retain us. Where we act as a service provider or processor on behalf of a client — for example, when conducting a penetration test, risk assessment, or audit — the client’s own agreement and instructions govern how engagement data is handled, and the relevant terms are set out in the applicable statement of work or master services agreement. In those cases this policy is supplemental and the contract controls in the event of any conflict.

02Information we collect

We aim to collect only what we need. Depending on how you interact with us, we may collect the following categories of information:

• Contact and identity information you provide directly, such as your name, business email address, organization, role, and the contents of messages you send us.
• Engagement information exchanged during a paid project, which may include scoping details, system descriptions, configuration data, logs, and findings. This information is frequently sensitive and is handled under heightened safeguards described below.
• Usage and device information collected automatically when you visit our website, such as IP address, browser type, pages viewed, referring pages, and approximate location derived from your IP address.
• Communications metadata related to emails, calls, and meetings necessary to manage our relationship with you.

We do not seek to collect special categories of personal data through our website, and we ask that you not submit sensitive personal information through general contact channels.

03How we collect information

We collect information in three principal ways: directly from you when you contact us, request a consultation, or enter into an engagement; automatically through standard web technologies such as server logs and cookies when you browse our site; and from our clients when they provide materials necessary for us to perform contracted work. We may also receive limited business contact information from reputable third-party sources, such as professional networks, where permitted by law.

04How we use information

We use the information we collect to respond to inquiries and provide requested information; to scope, deliver, and support our security and compliance services; to manage contracts, invoicing, and our business relationship; to operate, secure, and improve our website; to send relevant service communications and, where permitted, occasional updates about our offerings; and to comply with legal, regulatory, and contractual obligations. We do not sell personal information, and we do not use client engagement data for advertising.

05Legal bases for processing

Where applicable law requires a legal basis for processing, we rely on one or more of the following: the performance of a contract with you or your organization; our legitimate interests in operating and growing a professional services business in a manner that does not override your rights; your consent, where we ask for it; and compliance with our legal obligations. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

06Confidentiality of client and engagement data

Because our work routinely involves access to clients’ systems, vulnerabilities, and sensitive records, we treat engagement data with particular care. Access is restricted to personnel with a need to know for the specific project. We bind our team and any approved subcontractors to confidentiality obligations, apply the principle of least privilege, and isolate client data by engagement. Testing artifacts, findings, and reports are handled according to the agreed scope and are not disclosed to third parties except as authorized by the client or required by law. Upon completion of an engagement, we retain or securely dispose of engagement materials in accordance with the governing agreement.

07Cookies and analytics

Our website uses a small number of cookies and similar technologies to enable core functionality, remember preferences, and understand how the site is used so we can improve it. You can control cookies through your browser settings, including blocking or deleting them, though some features of the site may not function as intended if you do. Where required, we present a cookie notice and obtain consent for non-essential cookies. Any analytics we use are configured to limit the collection of personal information to what is reasonably necessary.

08How we share information

We share information only as needed and never sell it. We may disclose information to trusted service providers who support our operations — such as hosting, communications, and professional advisors — under contracts that require them to protect the information and use it only for the services they provide to us. We may share information to comply with applicable law, regulation, legal process, or enforceable governmental request; to enforce our agreements; or to protect the rights, property, and safety of BIDODI, our clients, or others. In the event of a merger, acquisition, or sale of assets, information may be transferred subject to this policy and applicable law.

09Data retention

We keep personal information only for as long as necessary to fulfill the purposes described in this policy, including to provide our services, maintain business records, resolve disputes, and meet legal, accounting, or reporting requirements. Retention periods vary by the type of information and the context in which it was collected. Engagement data is retained or destroyed according to the relevant contract. When information is no longer needed, we take reasonable steps to delete or anonymize it.

10How we protect information

As a security firm, we hold ourselves to a high standard. We apply administrative, technical, and physical safeguards designed to protect information against unauthorized access, use, alteration, and destruction. These measures include access controls, encryption in transit and, where appropriate, at rest, network and endpoint protections, logging and monitoring, secure development practices, and regular review of our controls against recognized frameworks. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. If we become aware of a security incident affecting personal information, we will respond in accordance with applicable law and our contractual commitments.

11International data transfers

We are based in the United States, and information we process may be stored and handled in the United States or other countries where we or our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. Where we transfer personal information across borders, we take steps to ensure an appropriate level of protection consistent with applicable law, including the use of recognized transfer mechanisms where required.

12Your privacy rights

Depending on where you live, you may have rights regarding your personal information, such as the right to access, correct, delete, or obtain a copy of it; to object to or restrict certain processing; and to withdraw consent. To exercise any of these rights, please contact us using the details below. We will respond within the timeframes required by applicable law and may need to verify your identity before acting on a request.

California residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. These include the right to know what personal information we collect and how we use and disclose it; the right to request deletion or correction of your personal information; and the right not to be discriminated against for exercising your rights. BIDODI does not sell or share personal information as those terms are defined under California law. You may submit a verifiable request using the contact details below, and you may use an authorized agent to act on your behalf where permitted.

13Children’s privacy

Our website and services are intended for businesses and professionals and are not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.

14Third-party links and services

Our website may contain links to third-party sites and resources that we do not control, such as professional associations or framework publishers. We are not responsible for the privacy practices of those third parties, and we encourage you to review their policies. The inclusion of a link does not imply endorsement.

15Changes to this policy

We may update this policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will revise the “Last updated” date above and, where appropriate, provide additional notice. We encourage you to review this policy periodically.

16Contact us

If you have questions about this policy or wish to exercise your privacy rights, please contact us at contact@Bidodi.com, connect with us on LinkedIn, or write to BIDODI Inc., California, USA. We will be glad to help.