Privacy Policy

Overview

GiaMetrics® ("GiaMetrics," "we," "our," or "us") is committed to protecting the privacy and confidentiality of information provided by visitors to our website at giametrics.com (the "Site"). This Privacy Policy describes how we collect, use, and safeguard information when you visit our Site or contact us through our web forms.

As a Governance, Risk, and Compliance (GRC) consulting firm and Service-Disabled Veteran-Owned Small Business (SDVOSB), we hold ourselves to the highest standards of information stewardship — including our own data practices.

Information We Collect

We collect information in two ways:

Information You Provide Directly: When you submit our contact form, you may provide your name, business email address, phone number, organization name, and a description of your inquiry. This information is submitted through Formspree (formspree.io) and delivered to our team at services@giametrics.com.

Information Collected Automatically: Like most websites, our Site may collect certain technical information automatically when you visit, including your IP address, browser type, operating system, referring URLs, and pages visited. This information is used to maintain and improve the Site and does not identify you personally.

How We Use Your Information

We use information collected through our Site solely for the following purposes:

• To respond to your inquiry or request for information about our services
• To communicate with you about GRC, CMMC, or other cybersecurity services relevant to your needs
• To improve the functionality and content of our Site
• To comply with applicable laws and regulations

We do not sell, rent, or share your personal information with third parties for marketing purposes.

Contact Form & Third-Party Services

Our contact forms are processed through Formspree (formspree.io), a third-party form processing service. When you submit a contact form, your data is transmitted to Formspree's servers and then forwarded to our team. Formspree's privacy practices are governed by their own Privacy Policy, available at formspree.io/legal/privacy-policy.

Our Site also loads fonts from Google Fonts and displays live cybersecurity data from NIST's National Vulnerability Database (NVD) and CISA's public advisory feeds. These are public government data sources and do not collect personal information from our Site visitors.

Live Data Feeds

This Site displays real-time cybersecurity data from the following government sources:

• NIST National Vulnerability Database (NVD) — services.nvd.nist.gov — public API, no personal data collected
• CISA Cybersecurity Advisories — cisa.gov — public RSS feed, no personal data collected
• US-CERT Alerts — us-cert.cisa.gov — public RSS feed, no personal data collected

Data Retention

Contact form submissions are retained in our email system for as long as necessary to respond to your inquiry and maintain business records. We do not maintain a separate database of website visitor contact information beyond what is received through our email system.

Security

We implement appropriate technical and organizational measures to protect the information you provide through our Site. Our Site uses HTTPS/TLS encryption for all data in transit. As a GRC firm, information security is central to everything we do.

Your Rights

Depending on your location, you may have certain rights regarding your personal information, including the right to access, correct, or request deletion of information we hold about you. To exercise these rights, please contact us at the information below.

DoD & Federal Contractor Notice

GiaMetrics® does not collect, process, or store Controlled Unclassified Information (CUI), Federal Contract Information (FCI), or any classified information through this public website. This Site is a public-facing marketing presence only. All client work and sensitive information exchanges occur through secure, appropriate channels separate from this Site.

Children's Privacy

This Site is intended for business and professional use. We do not knowingly collect personal information from individuals under the age of 18. If you believe a minor has submitted information through our Site, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this Policy periodically.

Governing Law

This Privacy Policy is governed by the laws of the Commonwealth of Virginia and applicable federal law, without regard to conflict of law principles.