Last updated: March 2026
CLS Security Labs LLC (“CLS Labs,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website clsecuritylabs.com (the “Site”) or engage our professional services.
When you contact us through our website, request a consultation, or engage our services, we may collect: your name, email address, phone number, company name, job title, and any information you include in your inquiry or communications with us.
When you visit the Site, we may automatically collect: IP address, browser type and version, operating system, referring URL, pages visited, time and date of visit, and general geographic location derived from IP address. We use this information for analytics and to improve the Site experience.
During professional service engagements, we may access and process information related to client AI systems, including model configurations, API endpoints, system prompts, model responses, and vulnerability findings. The collection, use, and handling of this data is governed by the applicable Data Handling Agreement, Master Services Agreement, and/or Statement of Work executed with the client. This Privacy Policy does not supersede those agreements.
The Site may use cookies and similar tracking technologies for analytics, session management, and improving user experience. You can control cookie settings through your browser preferences. We do not use tracking technologies for advertising purposes.
We use the information we collect to: respond to your inquiries and provide customer support; deliver, manage, and improve our professional services; send you relevant communications about our services (you may opt out at any time); analyze Site usage to improve our content and user experience; comply with legal obligations; and protect our rights and the security of our systems.
We do not sell, rent, or trade your personal information to third parties.
We may share your information only in the following circumstances:
Service Providers: We may share information with trusted third-party service providers who assist us in operating the Site, conducting our business, or serving you (e.g., cloud infrastructure providers, analytics services), subject to confidentiality obligations.
Legal Requirements: We may disclose information if required to do so by law, regulation, legal process, or governmental request.
Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
With Your Consent: We may share your information with your explicit consent.
We implement industry-standard security measures to protect your information, including: encryption in transit (TLS/HTTPS) for all data transmitted through the Site; secure storage of any personal data with access controls; secure handling of client credentials during engagements (dedicated keys, immediate deletion post-engagement); and regular review of our security practices.
While we strive to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods for client engagement data are defined in the applicable Data Handling Agreement and generally follow this schedule:
API keys and client credentials: Deleted immediately upon engagement completion.
Raw assessment results: Deleted or anonymized within 30 days of report delivery.
Client reports: Retained for up to 1 year in encrypted storage.
Anonymized training data: Retained indefinitely (contains no client-identifiable information).
Business records: Retained for up to 7 years per legal and tax requirements.
Depending on your jurisdiction, you may have the following rights regarding your personal information:
Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Deletion: Request deletion of your personal information, subject to legal retention requirements.
Opt-Out: Unsubscribe from marketing communications at any time by following the unsubscribe link in our emails or contacting us directly.
Data Portability: Request your personal information in a structured, commonly used, machine-readable format.
To exercise any of these rights, contact us at privacy@clsecuritylabs.com. We will respond within 30 days.
As a Colorado company, we comply with the Colorado Privacy Act (CPA) where applicable. Colorado residents have the right to: access, correct, delete, and obtain a portable copy of their personal data; and opt out of the processing of personal data for targeted advertising, sale, or profiling. CLS Labs does not sell personal data or use personal data for targeted advertising or profiling.
The Site and our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.
The Site may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.
If you access the Site from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using the Site, you consent to the transfer of your information to the United States, which may have different data protection laws than your jurisdiction.
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. We encourage you to review this Privacy Policy periodically. Material changes will be communicated through the Site or via email to active clients.
If you have questions or concerns about this Privacy Policy or our data practices, please contact:
CLS Security Labs LLC
Email: privacy@clsecuritylabs.com
Website: clsecuritylabs.com