Privacy Policy

Introduction

Petronella Technology Group, Inc. (“Petronella,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or use our services. It is designed to comply with the latest U.S. legal requirements (including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable state laws) and international requirements such as the EU/UK General Data Protection Regulation (GDPR) and the ePrivacy Directive. We have written this policy in clear, plain language so you can understand our practices and your rights. Please read it carefully. By using our website or services, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our site.

Information We Collect

Personal Information You Provide: We collect personal information that you voluntarily provide to us when interacting with our site or services. This includes information you submit through: contact or consultation request forms, newsletter sign-up forms, e-commerce checkout or payment forms, event/webinar registrations, support tickets or live chat, and SMS/text message opt-in forms. The types of data we collect may include:

  • Contact Information: Name, email address, phone number (including mobile number for SMS opt-in), postal or billing address, company/organization name, and job title or role if you provide it.
  • Account and Transaction Information: If you create an account or place an order (for example, purchasing our services or products), we may collect login credentials (like username), and details of your transactions such as products/services purchased, date and amount of purchase. Payment card information (credit/debit card number, expiration, etc.) is not stored on our servers – payments are processed securely by a third-party payment processor, and we only receive confirmation of payment[1][2].
  • Communications: The content of any messages or inquiries you send us (via web forms, email, chat, or phone), and any preferences you express (such as your interest areas or desired contact frequency).
  • Survey or Feedback Information: If you respond to our surveys, provide testimonials, or review our services, we collect the information you provide for those purposes.

Information We Collect Automatically: When you visit our website or interact with our emails, we automatically collect certain technical information about your device and usage of our site through cookies and similar tracking technologies. This includes:

  • Device and Browser Data: IP address, device identifiers, browser type, operating system, and settings.
  • Usage Data: Dates and times of access, pages viewed, links clicked, referring/exit pages, and other actions you take on our site. For example, we may log that you visited our “Services” page or clicked a certain button.
  • Cookie and Tracking Data: We and our third-party analytics and advertising partners use cookies, pixel tags, and similar technologies to collect information about your interactions. This may include your cookie identifiers, browsing activities on our site, and preferences. (See Cookies and Tracking Technologies below for more details.)

Information from Third Parties: We may receive personal information from third parties in certain cases, such as:

  • Service Providers: If you interact with our social media pages or advertising, we might obtain your social media handle or profile information from those platforms according to their privacy policies. We may also receive updated address or contact information from delivery services or others to keep our records current.
  • Referral Partners or Events: If you were referred to us by a partner or register for a Petronella event through a partner platform, that third party might send us your contact details and registration information.
  • Public Sources: We may also collect information from publicly available sources for business contact details or marketing lead generation (for example, if your business contact information is published online). We will only do so where it is lawful (e.g. for business-to-business communications or where you have made the information public).

We do not knowingly collect sensitive personal information (such as social security numbers, driver’s license numbers, precise geolocation, biometric data, or health information) from website visitors or marketing contacts, and we do not intentionally collect any personal information from children under 13 (see Children’s Privacy below).

How We Use Your Information

We use personal information for the following purposes, and we ensure that we have a valid legal basis for each use (under GDPR, this will be your consent, performance of a contract, our legitimate interests, or compliance with a legal obligation, as explained below):

  • Providing and Improving Our Services: We process your information to fulfill our contracts with you and provide the services or products you request. For example, we use your information to schedule and conduct consultations, process orders and payments, deliver services, and provide customer support. We also use data to improve our website and services – for instance, analyzing usage patterns to enhance user experience or cybersecurity features (our legitimate interest)[3][4].
  • Communication and Responding to Inquiries: We use contact information (email, phone) to respond to your requests, questions, and feedback. This includes corresponding with you regarding support tickets, inquiries about our services, or follow-ups after you contact our team[5]. If you fill out a “Contact Us” form or request a consultation, we will use your information to reach out and provide the requested information or schedule an appointment (legal basis: your consent when submitting the form, or our legitimate interest in responding to potential client inquiries).
  • Marketing and Newsletters (with Consent): With your clear, affirmative consent, we will use your email address to send newsletters, industry updates, or promotions about our services. For example, if you subscribe to our email newsletter, we will send you periodic updates which you can unsubscribe from at any time. We ensure that any marketing email we send complies with the CAN-SPAM Act requirements (e.g., no false headers or deceptive subject lines, identification as an advertisement, inclusion of our physical address, and a clear unsubscribe mechanism)[6][7]. Similarly, if you opt-in to SMS marketing, we will use your phone number to send you text messages about our products or services. We will only send promotional text messages with your prior express consent, as required by the Telephone Consumer Protection Act (TCPA)[8]. (For instance, by providing your mobile number and affirmatively agreeing to receive texts, or by texting a designated keyword to opt in.) You are not required to consent to marketing communications to use our services, and you can opt out at any time (see Your Choices below).
  • Service Announcements and Transactional Messages: We may send you transactional or relationship communications when necessary, such as payment receipts, account confirmations, service updates, or security alerts. These are not promotional, but rather part of our contract or legal obligations to you (for example, emailing you a receipt or notifying you of important changes to a service you use). Such emails may be sent even if you have unsubscribed from marketing, as they are necessary for providing services.
  • Personalization and Profile Development: We may analyze your interactions with our site and services to understand your interests and tailor the content we show you. For example, we might use your browsing behavior to recommend blog articles or services you might find relevant. In doing so, we might create a basic profile of your preferences (e.g. interested in “cybersecurity compliance” services based on pages visited). Any such profiling is for improving your experience and our marketing effectiveness, and is done under our legitimate interest. Where required by law, we will obtain your consent for the cookies or tracking tools that enable this profiling (see Cookies section). You have the right to object to profiling for marketing at any time (see Your Rights below).
  • Automated Decision-Making and AI: Petronella may use advanced, AI-driven solutions as part of our services (for example, AI tools that help detect cybersecurity threats or automate aspects of compliance tasks). We may also use automation to analyze data (including personal data) for personalization, risk assessment, or efficiency. However, we do not make any decisions about you that have legal or similarly significant effects solely based on automated processing without human review[9]. In other words, any important decision involving your personal information will include human oversight and intervention, in compliance with GDPR Article 22. If we ever use AI or automated systems to make determinations about individuals (for example, an automated security risk score) that could significantly affect you, we will ensure appropriate safeguards are in place, including the right to obtain human intervention, to express your viewpoint, and to contest the decision[10]. We will also obtain your consent where required by law. (Note: Under certain U.S. state laws, such as in Virginia or Colorado, you have the right to opt out of certain types of profiling or automated processing used for decisions that produce significant effects – see Your Privacy Rights below. We honor those rights.) We are transparent about our use of AI and will update this policy if our practices change.

Use of AI Voice Agents and Automated Communications: We may use conversational AI systems and voice-enabled virtual agents (also known as “voice bots” or “AI agents”) to assist with outbound and inbound communications, including:

  • Following up on inquiries submitted to our website
  • Providing reminders for scheduled consultations or services
  • Offering relevant information about our services or promotions
  • Qualifying leads or gathering basic information before routing to a human representative

These systems may use automated voice technology, such as synthetic speech, to simulate a human-like conversation. When you receive a call from one of our AI assistants, we will ensure that the assistant:

  • Clearly discloses that it is an AI system
  • Provides an option to speak with a human or request a callback from a live agent
  • Only contacts you if you have an existing relationship with us or if you have given us consent (e.g., by submitting your contact information through our website or requesting a follow-up)

We do not use AI voice systems to make high-risk decisions without human oversight. These agents are designed to streamline communications, not to replace human judgment in sensitive matters.

You can request that we do not contact you via AI agents by emailing us at help@petronellacomputer.com or replying to any message with “HUMAN” or “STOP.”

We comply with applicable federal and state laws related to automated calling and transparency, including the TCPA and California’s Bot Disclosure Law.

  • Analytics and Service Improvement: We use data (mostly aggregated or pseudonymized) to understand how users engage with our website and marketing campaigns. For example, we utilize Google Analytics to measure traffic and usage trends, and tools like Meta Pixel (Facebook Pixel) or email marketing analytics (e.g. via Klaviyo or similar platforms) to gauge the effectiveness of our advertisements or newsletters. These analytics help us improve site content, user interface, and our outreach strategies. Our use of these tools may result in the third-party providers (e.g., Google, Meta) processing some data about you (see Third-Party Data Sharing below for details). Where required, we will obtain consent for the use of analytics cookies or pixels.
  • Security and Fraud Prevention: We process certain data to maintain the security of our website, network, and users. This includes using information to detect, investigate, and prevent fraudulent transactions, spam, cyberattacks, or other malicious activities. For example, we may log and analyze IP addresses and user activity that appear suspicious to protect against unauthorized access or data breaches. This processing is based on our legitimate interest in keeping our services secure, and in some cases to comply with legal obligations (such as security standards or breach notification laws). If a data breach occurs that affects your personal information, we will notify you and the appropriate authorities as required by law (for example, in line with GDPR and state data breach laws, typically within the timeframe those laws require). We also commit to the “Individual Redress Principle” by which individuals have the right to pursue legal action against misuse of their data[11][12].
  • Legal Compliance: Finally, we may use your information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements or policies, or in response to valid legal requests and processes. For instance, we may retain and produce records to respond to a subpoena, tax or accounting requirements, or to fulfill our obligations under consumer protection laws. This also includes using and preserving information to exercise or defend legal claims. The legal basis for this processing is compliance with laws and our legitimate interest in lawful protection of our rights.

We will not use your personal information for completely new, unrelated purposes without updating this Privacy Policy and, if required, obtaining your consent.

Cookies And Tracking Technology

What Cookies Are: Cookies are small text files placed on your device when you visit a website. They allow the site (or a third party) to recognize your browser and remember information about your visit – such as your preferences or what’s in your shopping cart. We also use similar technologies like web beacons (tiny graphic images embedded in emails or webpages) and local storage.

How We Use Cookies: Petronella’s website uses cookies and similar tracking technologies to provide and enhance our services. For example, we use cookies to remember your preferences and settings for future visits, to keep you logged in if you have an account, and to collect aggregate data about site traffic and interactions[13][14]. Cookies help us:

  • Essential Functions: Enable core site functionality such as security, network management, and accessibility. For instance, if you add items to a cart or fill a form, a cookie may be used to remember your input across pages. These cookies are strictly necessary for the website to operate and cannot be disabled in our systems. (However, you can still manually disable them in your browser, but some parts of the site may not function properly.)
  • Preferences: Remember choices you make (e.g. language or region selection) to provide a more personalized experience (also known as functionality or preferences cookies[15]).
  • Analytics: Collect information about how visitors use our site – which pages are visited, traffic sources, and other analytical data. We use Google Analytics (first-party analytics cookies) to understand website traffic and usage. These “statistics” or “performance” cookies gather information in an aggregated form and do not directly identify individuals[16]. They help us improve our website over time. We may also use similar analytics services or tools.
  • Advertising and Marketing: We use marketing cookies and pixels to track browsing habits and activity across our site in order to deliver relevant advertisements and measure their effectiveness[17]. For example, the Google Ads/DoubleClick cookie (DART) may be used to show you Petronella ads on other websites based on your activity on our site[18][19]. Similarly, we may use the Meta Pixel (Facebook Pixel) to understand your actions on our site (such as visiting a certain page) so that we can tailor future Facebook/Instagram ads to you. We also may utilize email marketing and automation platforms (like Klaviyo or others) which employ cookies or similar tracking to personalize communications and analyze engagement. These marketing cookies often involve third-party partners and can track your online activities to build a profile of your interests[17]. They are usually persistent and third-party in origin.

Third-Party Cookies: Some cookies on our site are set by third parties – for example, analytics and ad partners as mentioned. These third parties may be able to see certain information about you such as your IP address or cookie ID. We endeavor to contractually require such partners to use information only for our purposes and in line with this policy, but note that third-party providers have their own privacy policies which we encourage you to read (e.g., Google’s Privacy Policy, Meta’s Data Policy). For instance, Google may use the data collected via its cookies for its own purposes; however, you can opt-out of Google Analytics and ads as described below.

Cookie Consent (EU/UK and Where Required): In regions where it is legally required (e.g., the European Union, United Kingdom, and certain US states), we will not set non-essential cookies or tracking technologies on your device without your prior consent[20]. When you first visit our site from one of these regions, you will see a cookie banner or pop-up requesting your consent to use cookies. You can choose to accept all cookies, reject all non-essential cookies, or customize your cookie preferences by category (e.g., accept analytics but reject marketing cookies). We categorize cookies as follows: (1) Strictly Necessary – no consent required; (2) Preferences/Functional – consent requested; (3) Analytics – consent requested; (4) Advertising/Targeting – consent requested. We provide information about what data each cookie tracks and its purpose in a clear manner before you consent[21]. Your consent choices will be remembered and documented; we will store a record of your consent as required[22].

Managing and Withdrawing Consent: You have the right to change or withdraw your cookie consent choices at any time. We make it as easy to withdraw consent as to give it[23]. For example, our website may provide a “Cookie Settings” link or icon (often at the bottom of the page) where you can revisit your preferences and disable categories of cookies. If you previously consented to certain cookies, you can uncheck or turn them off through this tool, and our site will honor your updated preferences. Additionally, most web browsers allow you to control cookies through their settings (for instance, you can refuse new cookies, delete existing cookies, or have the browser notify you when a cookie is set). Please note that if you disable cookies entirely (including essential cookies) via your browser, some features of our site (like remembering your login or items in cart) may not work properly[24]. We will never prevent you from accessing our service solely because you declined non-essential cookies[23] – you can refuse cookies and still use our site, though functionality may be limited as described[25].

Do-Not-Track Signals: “Do Not Track” (DNT) is a setting in some web browsers that signals a preference that your activity not be tracked across websites. Our website honors Do Not Track signals to the extent required by law. If a DNT browser signal is detected, we will not plant non-essential cookies or engage in third-party behavioral advertising for that browser[26]. (Note: DNT is a voluntary standard; not all websites respond to it. We strive to honor it as part of our commitment to privacy.) We also recognize Global Privacy Control (GPC) signals from browsers that support it, as a valid opt-out of sale/sharing under California law (see California Privacy Rights below)[27][28].

Cookie Duration: Some cookies are session cookies that expire when you close your browser, while others are persistent cookies that remain until they expire or you delete them. Each cookie used by our site has its own retention period. We adhere to any applicable limits (for instance, some jurisdictions recommend or require that non-essential cookies expire after a certain period, such as 12 months). We will not retain cookie data longer than necessary for its purpose, as described in Data Retention below.

Additional Cookie Choices: For targeted advertising cookies, you can also visit industry opt-out sites for another way to opt-out of interest-based ads. For example: the Network Advertising Initiative opt-out page or the DAA’s WebChoices tool allow you to opt-out of many advertising cookies at once[29][30]. To opt-out of Google Analytics specifically, Google provides a Browser Add-on you can install[31]. On mobile devices, you can typically limit ad tracking via your device settings. Keep in mind these opt-outs are generally device/browser-specific.

For more details, please see our separate Cookie Notice (if provided on our site) which provides a detailed list of cookies and enables fine-tuned control. By continuing to use our website with cookies enabled in your browser (after having the opportunity to set your preferences), you are deemed to consent to our use of cookies as described herein.

Marketing Communications And Consent

We aim to practice permission-based marketing. This means: we will only send you promotional emails or texts if you have opted in to receive them.

Email Marketing: If you join our email list (for example, by submitting your email in our newsletter sign-up or indicating interest in updates), we will send you newsletters, product updates, event invitations, or other marketing emails. Our email sign-up forms use unchecked opt-in boxes or similar affirmative actions – never pre-ticked boxes – to ensure GDPR-compliant consent[32]. By opting in, you give us consent to send you marketing emails. You can unsubscribe at any time by clicking the “unsubscribe” link in any marketing email, or by contacting us at the email below. Once you opt out, we will remove you from the marketing list promptly (usually immediately or within a few business days). We will not re-subscribe you unless you provide new consent. We do not share your email address with third parties for their own marketing without your consent.

We comply with the CAN-SPAM Act for all commercial emails. This means, among other things, our marketing emails will: accurately identify our organization as the sender and not use deceptive headers or subject lines; include our valid physical mailing address; clearly disclose that the email is an advertisement if applicable; and provide a clear opt-out mechanism (such as an unsubscribe link)[6][7]. If you unsubscribe, we will honor your request within 10 business days, as required[33], and we will not charge you or ask for unnecessary information to process your opt-out. We also won’t sell or transfer your email to any third party after you’ve opted out (except to our service providers for compliance purposes)[33].

SMS/Text Messages: If you explicitly consent to receive SMS or text messages from us (for example, by providing your mobile number and checking a box agreeing to texts, or by texting a keyword to our short code), we may send you marketing or informational text messages. By opting in, you authorize Petronella to send text messages to your provided number. Message frequency will vary (we will specify the expected frequency at the time of opt-in, e.g., “up to 4 messages per month”). Message and data rates may apply per your phone carrier’s plan. Text messages may be sent via an automated system. Importantly, your consent to receive texts is not a condition of purchasing any goods or services from us (we will remind you of this when obtaining your consent, to comply with TCPA requirements).

You can opt out of SMS messages at any time by replying “STOP” to any message we send. After texting STOP, you may receive one final confirmation message and then you will not receive any further texts. If you need help or have questions, you can reply “HELP” or contact us at our support email/number. We also abide by TCPA and other telemarketing laws: we will not send marketing texts without the necessary “prior express written consent” from you, and we will respect the National Do Not Call Registry and time-of-day restrictions for any telephone communications[8]. We maintain records of your SMS consent (time, date, method of consent) for compliance auditing.

Voice Calls: We generally only call you by phone if it’s related to a service or inquiry you made (for example, to consult or follow up on a request). Any telemarketing calls (if we ever conduct them) would also require your prior express consent or an established business relationship under applicable law. You can let us know if you prefer not to be contacted by phone for promotional purposes, and we will respect that.

Third-Party Marketing: We do not share your personal information with unaffiliated third parties for their own email or SMS marketing purposes unless you have given consent. For example, we will not sell your contact info to other companies’ mailing lists. If one of our events or offerings involves a partner and we intend to share registration info with that partner, we will inform you at sign-up and give you a choice.

Opt-In and Opt-Out Summary: In short, we take an opt-in approach to email/SMS marketing in line with GDPR and U.S. best practices. Consent will be obtained through a positive action (no pre-ticked boxes)[32], and we will log and remember your consent choices. You have the right to withdraw your consent at any time. Withdrawing consent for marketing communications will not affect any services you have with us; we will simply stop the marketing messages. (However, we may still contact you for non-marketing reasons, as described earlier.) We also allow you to manage your communication preferences (e.g., you might choose to receive newsletters but not text alerts, etc.).

If you have any issues managing your email/SMS subscriptions, you may contact us and we’ll assist in promptly removing you. We honor all opt-out requests quickly and without penalty[33].

How We Share Your Information

We understand that your personal information is important, and we only share it with others in certain circumstances and with appropriate safeguards. We do not sell your personal information to third parties for money. We also do not share your personal information with third parties for their own direct marketing purposes unless you have given permission. Below are the types of recipients with whom we may share data and why:

  • Service Providers (“Processors”): We may share personal information with third-party companies that provide services to us and act on our behalf. These include, for example: website hosting providers, cloud storage providers, customer relationship management (CRM) software, email marketing platforms (such as our newsletter service provider), payment processors, appointment scheduling tools, analytics services (like Google Analytics), and cybersecurity monitoring services. These third parties only receive the information necessary to perform their specific service (for instance, our payment processor will receive your payment details to process a transaction, our email platform gets your email address to send out newsletters, etc.). We contractually require service providers to keep personal information confidential and to use it only for the purposes of providing services to us (not for their own purposes). In other words, when we disclose information to these partners, they are not allowed to sell or use it for other marketing. For example, if we share your email with our email delivery vendor, they cannot add you to their own mailing list. This category of sharing is considered a “business purpose disclosure” under the CCPA (not a sale).
  • Advertising and Analytics Partners: We allow certain third parties to collect information about your activity on our website through cookies and pixels (as described in Cookies above). This includes Google (for analytics and advertising cookies) and Meta/Facebook (for advertising pixels), among others. These partners may receive identifiers (like your cookie ID or IP address) and internet/electronic activity information (pages you visited, actions you took) in the process of providing us their services. We use these tools to understand site usage and to tailor our advertising. Some of this data sharing may be considered a “sale” or “sharing” of personal information under laws like CCPA/CPRA, because the third-party companies can use the data (for example, to improve their services or for ad personalization on their platforms)[34][35]. We want to be transparent that, while we do not monetize your data in exchange for money, the use of analytics and ad cookies could be deemed a “share” for cross-context behavioral advertising purposes. California residents have the right to opt out of this (see California Privacy Rights below for how to exercise that right – including via our cookie management tool or by sending a “Do Not Sell or Share” request). Outside of those analytics/ad context, we do not disclose personal data to third parties who want to use it for their own advertising.
  • Business Transfers: If Petronella (or substantially all of its assets) were to be sold, merged, or otherwise transferred (including in contemplation of such transactions, e.g., due diligence), or if we undergo a reorganization or bankruptcy, personal information we hold may be among the assets transferred to the buyer or successor. In such a case, we would ensure the new owner continues to be bound by privacy obligations either by contract or law, and we would notify you (for example, by email or notice on our site) of any change in data ownership or uses, and your choices.
  • Affiliates: We may share information with our corporate affiliates (entities that control, are controlled by, or under common control with Petronella) if any, in which case we will require them to honor this Privacy Policy. (As of now, Petronella Technology Group, Inc. operates as a single company; if that changes and we have related entities like subsidiaries offering services, they may receive data as needed to coordinate our services to you.)
  • Legal Compliance and Protection: We may disclose personal information when we believe it is necessary to: comply with applicable laws, regulations, legal process, or governmental requests (such as to respond to a subpoena, court order, or regulatory inquiry); enforce our terms and agreements (for example, investigating potential violations of our Terms of Service or this Policy); detect or prevent fraud, security, or technical issues; or protect our rights, property, and safety, or those of our users or the public. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction, or in the context of cyber threat intelligence sharing within the cybersecurity community (we would only share relevant data and in compliance with privacy laws). If we receive a law enforcement request for user data, we will only comply if required by law and after evaluating that the request is lawful and properly scoped. When possible and lawful, we may attempt to notify affected users of such requests.
  • Consent and Direction: We may share information with third parties if you specifically direct or consent to us doing so. For instance, if you request that we introduce you to one of our partner companies for a joint offering, or you use an integration that requires us to send your data to another service at your request, we will share accordingly. We will make it clear at the time of such a request what information will be shared and with whom, so you can decide.
  • De-identified or Aggregated Data: We may share information that has been aggregated and anonymized (so it can no longer be linked to you personally) with third parties for various purposes, such as industry research, marketing, or improving our services. For example, we might share statistics about how many users visited a certain page or the percentage of clients in a certain industry, as long as that information doesn’t identify any individual. Such data is not considered personal information under most laws, and we would ensure no re-identification.

No Unauthorized Third-Party Access: We do not rent or sell your personal details to unaffiliated companies for their independent use. We also do not allow third-party advertisers to collect your information beyond what is described in this policy (like via authorized cookies). If our website contains third-party links (see below), those third parties do not get your data from us – any data you provide to them is under their control and subject to their policies.

Third-Party Links: Our website may contain links to external websites or services that are not operated by us (for example, links to articles, partner websites, social media pages, etc.). If you click those links, you will be directed to third-party sites. We are not responsible for the content or privacy practices of websites we do not own or control. Those sites will have their own privacy policies, which we advise you to review. We provide these links for convenience or reference, but that does not imply our endorsement of the external site’s content or their data handling.

Third-Party Social Media and Widgets: Our site may include social media features or widgets (such as a “Share” or “Follow” button for platforms like Twitter, LinkedIn, or Facebook). If you interact with these, the companies operating those plugins may collect information (like your IP and which page you’re visiting) and may set a cookie to function properly. These features are governed by the privacy policy of the company providing them. If you interact by clicking, that action may be shared on the third-party platform under your profile (if you’re logged in with them).

In summary, we share personal information externally only as needed for the purposes described and always in compliance with applicable privacy laws. If in the future we need to expand our sharing practices (for example, engaging new categories of partners), we will update this Policy and obtain consent if required.

Data Security

We take the security of your personal information seriously and implement a comprehensive set of technical, organizational, and contractual measures to protect it from unauthorized access, use, disclosure, or destruction.

Encryption & Secure Transmission

  • All data transmitted to and from our website is encrypted using industry-standard SSL/TLS protocols.
  • Sensitive information such as credit card numbers is never stored on our servers. Instead, we use PCI-compliant third-party processors such as Intuit QuickBooks, Stripe, Bluepay, and PayPal to handle payment transactions. These providers process data directly on their secure platforms.

Data Storage & Isolation

  • We do not store sensitive personal data (such as Social Security numbers, payment credentials, or health records) on our infrastructure.
  • For client-related documentation, we leverage secure, third-party tools like PreVeil, which provide end-to-end encryption and are designed to meet strict compliance standards (including HIPAA, DFARS, and CMMC requirements).
  • Customer project data is stored in secure enclaves where only authorized individuals with a business need can gain access, and access is tightly controlled and monitored.

Access Control & Authentication

  • Access to systems containing personal or project-related data is restricted based on the principle of least privilege.
  • Multi-factor authentication (MFA) and strong password enforcement are required for internal systems.
  • All staff members are bound by strict confidentiality agreements and undergo regular privacy and security training.

Application & Network Security

Our infrastructure is hardened using firewalls, intrusion detection systems (IDS), extended detection and response (XDR), endpoint protection tools and 24/7 Security Operations Center (SOC) monitoring.

We perform routine vulnerability scanning, log monitoring, and patch management to mitigate cyber threats.

Our infrastructure is hosted with reputable, audited cloud providers and follows cybersecurity best practices (including NIST 800-53, NIST 800-171, 800-172 and CMMC v2.0 ML3 where applicable).

Backup & Resilience

We perform automated, encrypted backups of critical systems and configuration data.

In the event of a system failure, natural disaster, or cyber incident, we have tested business continuity and disaster recovery procedures to restore data availability quickly and securely.

Vendor & AI System Oversight

All third-party service providers, including those powering our AI voice assistants, chatbots, scheduling tools, and cloud infrastructure, are vetted for security posture.

We require vendors to maintain high security standards (e.g., SOC 2 Type II, ISO 27001, or equivalent) and to sign data processing agreements where required.

Any AI-powered tools that interact with customer information are governed by internal access controls, logging, and audit policies to ensure they cannot misuse or leak data.

Regular Testing & Risk Management

We conduct regular security audits, penetration tests, and incident response tabletop exercises to assess our security posture.

Our internal cybersecurity team is constantly monitoring evolving threats and proactively addressing risks to protect both our infrastructure and customer-facing services.

We will update this section over time to reflect evolving security practices, technologies, and regulatory requirements. If you have questions about our cybersecurity measures or need a copy of our security documentation for compliance due diligence, please contact us at help@petronellacomputer.com.

Data Breach Notifications: In the unfortunate event of a data breach that compromises your personal information, we will notify you without undue delay, consistent with applicable laws. For example, for EU individuals, we will comply with GDPR obligations to inform supervisory authorities within 72 hours and affected individuals when required. For U.S. residents, we will follow state breach notification laws which often require notice in a timely manner. Our practice is to notify affected users via email and/or prominent website notice as soon as possible (we aim to do so within 7 business days of discovering a breach, as per our internal policy)[37][38]. We will also take any measures required to mitigate the breach and prevent future occurrences.

By using our site or services, you acknowledge that you understand these security measures and limitations. If you have reason to believe that your interaction with us is no longer secure (for example, if you suspect your account has been compromised), please immediately notify us using the contact information below.

Data Retension

We will retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, as outlined in this Privacy Policy, and for as long as we are required to keep it by applicable law. This means:

  • For ongoing customer relationships, we keep your information for the duration of our relationship (e.g., while you have an account with us or are subscribed to our services) and a reasonable period thereafter, in case you decide to re-engage or there are any post-termination issues to resolve.
  • If you make a purchase or transaction with us, we will retain the details of that transaction for as long as needed for accounting and tax purposes, and to comply with financial recordkeeping laws (which may be a number of years as required by law). Typically, financial records are kept for at least 7 years.
  • If you have corresponded with us (such as through email or support chat), we may retain those communications and our responses until we are sure we have fully resolved your inquiry, and for an additional period in case you bring up follow-up questions. Customer support records are generally kept for a couple of years for training and quality purposes, unless you request deletion sooner (where permissible).
  • We retain marketing consent records (like proof that you opted into our emails or texts) and any opt-out requests indefinitely as required by law, to ensure we honor your preferences going forward and can demonstrate compliance (for example, under GDPR we must be able to show when and how consent was obtained[22]).
  • Job application data (if you apply for a job with us through the site) would be kept through the recruitment process and possibly longer if we anticipate an opportunity to hire you later, but if not hired we will delete or de-identify it in accordance with local employment laws. (This is an example if applicable.)
  • Web analytics data (collected via cookies and similar) is kept according to the cookie’s set expiration or until you delete the cookie. For instance, Google Analytics data is usually retained for 14 months or as configured in our analytics settings. We regularly review if old analytics data is still needed.
  • If you request deletion of your data (and we have verified the request), in general we will delete your personal information from our active systems and logs within 45 days (to comply with laws like CPRA). Some residual data may remain in backups for a short period and will be deleted according to our backup retention schedule (we maintain backups for reliability, which are cycled after a certain time). We will not use that data except to restore backups or for security integrity checks.
  • We may retain anonymized or aggregated information (which is not personally identifiable) indefinitely for analysis, research, and business development.

Once the retention period expires or the purpose is fully achieved, we will either securely erase your personal information or irreversibly anonymize it so that it can no longer be associated with you. If there are pieces of data we cannot fully delete from our systems (for example, data stored in long-term archival backups), we will isolate them and implement appropriate measures to prevent any further processing except as allowed by law (e.g., for security or legal compliance).

If you have any specific questions about our data retention practices (for example, how long we keep a certain type of record), feel free to contact us. We can provide more specific information or accommodate requests to delete data sooner, if feasible and legally permissible.

International Data Transfers

Petronella Technology Group, Inc. is based in the United States, and the personal information we collect is primarily processed and stored on servers located in the U.S. If you are accessing our website or using our services from outside the United States, please be aware that your information will likely be transferred to, stored, and processed in the United States or other jurisdictions. These countries may have data protection laws that are different from those in your country of residence, and in some cases may not be deemed to provide the same level of protection (for example, the EU has determined that the U.S. does not have “adequate” data protection, generally requiring additional safeguards for EU data transfers).

However, we value our international users and take steps to ensure that your privacy is protected consistent with this policy wherever the data is processed. Specifically:

  • EU/EEA and UK Data Transfers: When we transfer personal data from the European Economic Area (EEA), Switzerland, or the United Kingdom to the U.S. (or any other country that is not recognized by the European Commission or UK authorities as providing an adequate level of data protection), we rely on approved legal mechanisms. Typically, we use the European Commission’s Standard Contractual Clauses (SCCs) as a transfer mechanism[39]. These are contractual commitments between companies transferring personal data, which bind the recipient to protect the data according to EU GDPR standards. We have SCCs in place with our service providers where relevant, or an equivalent UK International Data Transfer Addendum for UK data. In some cases, we may rely on your explicit consent for the transfer (for instance, if you voluntarily submit information knowing it will be used in the U.S.), or other derogations under Article 49 of GDPR when applicable (e.g., transfer necessary for contract performance at your request). We continuously monitor guidance from EU authorities and will adopt any new compliance frameworks that become available (such as any approved EU-U.S. data privacy frameworks, if applicable).
  • Additional Safeguards: In addition to SCCs, we implement technical measures like encryption and access controls to further safeguard data in transit and at rest. Where possible, we pseudonymize or minimize data before transferring it internationally. We also carefully choose U.S. service providers that have strong privacy and security practices, and where feasible, those that certify to compliance frameworks (for example, providers that were certified under the EU-U.S. Privacy Shield – though invalidated for EU law, it still reflects a certain standard of care – or those following ISO security standards).
  • Other Regions: For other countries with data export requirements, we similarly ensure compliance. For example, if you are in Canada, your data may be transferred to the U.S.; by using our site, you consent to that transfer. If you are in countries like Australia, New Zealand, etc., we ensure that any overseas recipients handle your information in accordance with this Policy and applicable law.
  • Ongoing Compliance: We stay updated on international data transfer regulations. If new rules or frameworks emerge (for example, updated SCCs or adequacy decisions), we will adapt our practices accordingly. Our goal is to ensure that data originating from any country is accorded a high level of protection, no matter where it flows.

If you have questions about our international data transfer practices, or if you need a copy of the relevant transfer agreements (such as the SCCs), you can contact us at the information provided below. Where required by law, we will make available details of the transfer safeguards (some portions may be redacted for confidentiality).

By using our services and providing us with your information, you acknowledge the transfer of your personal data to the United States or other jurisdictions as described, and understand that these jurisdictions may have different data protection laws. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Your Privacy Rights And Choices

You have a number of rights regarding your personal information, which may vary depending on your jurisdiction. Petronella is committed to honoring these rights. Below, we outline the rights that individuals have under various privacy laws, and how you can exercise them.

Rights for Residents of the European Economic Area (EEA), United Kingdom, and Similar Jurisdictions

If you are in the EEA, UK, or a country with similar data protection laws, you have the following rights under the GDPR (and UK GDPR) with respect to your personal data:

  • Right to Access: You have the right to request confirmation of whether we are processing personal data about you, and if so, to request a copy of the personal data we hold about you[40][41]. This is commonly known as a “data subject access request.” We will provide you with a copy of your data, along with details on what we use it for, who we share it with, how long we keep it, and the sources of the information (if not collected from you directly), as required by law.
  • Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we have about you. If any of your information has changed or you find errors in our data, please let us know. We will rectify inaccuracies without undue delay.
  • Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal data in certain circumstances[42][43]. For example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and we have no other legal basis to keep processing it, or if you object to processing based on our legitimate interests and we have no overriding interest to continue, or if we unlawfully processed your data. We will honor valid erasure requests and also instruct our service providers (processors) to delete your data, subject to any retention obligations (for instance, we might keep a note that you opted to have data erased, which is itself personal data, but that helps us ensure we don’t inadvertently re-contact you). Do note that absolute erasure isn’t possible if we need to retain data for legal compliance (e.g., transaction records for financial audits) or to establish or defend legal claims; we’ll inform you if any such exceptions apply.
  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain situations – for example, while we are verifying the accuracy of data you contested, or if processing is unlawful and you prefer restriction over deletion, or if we no longer need the data but you need us to keep it for legal claims. When processing is restricted, such data will only be processed with your consent or for specific reasons like legal claims or public interest. We will inform you before lifting any restriction.
  • Right to Data Portability: For data that you have provided to us and which we process by automated means based on your consent or to fulfill a contract, you have the right to request a copy in a structured, commonly used, machine-readable format (for example, CSV or JSON file) so you can transmit it to another data controller[41]. You also have the right to have us transfer that data directly to another service provider where technically feasible. This right applies to information you provided directly, and potentially to data generated by your activities if it’s under consent/contract (for example, your profile information, usage history tied to you, etc., as applicable).
  • Right to Object: You have the right to object to our processing of your personal data in certain circumstances. If we are processing your data based on legitimate interests, you can object if you feel our legitimate interest is not compelling enough and your rights outweigh it. If you object, we will consider your request and will stop or limit processing unless we have overriding legitimate grounds or the processing is needed for legal reasons. Importantly, you have an unconditional right to object to your data being used for direct marketing purposes at any time[44][45]. If you object to marketing, we will stop using your data for that purpose immediately. (You can do this easily by using the unsubscribe links or contacting us.)
  • Right not to be Subject to Automated Decisions: As mentioned in the AI section, you have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects on you[46], unless it is necessary for a contract with you, authorized by law, or based on your explicit consent, with safeguards[39][10]. We do not engage in such automated decision-making without human involvement as of now. If that changes, you will have the right to request human intervention, express your point of view, and contest the decision.
  • Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. For example, you can withdraw consent for marketing emails or cookies. Withdrawing consent will not affect the lawfulness of processing that occurred before your withdrawal, but we will cease the processing going forward. If you withdraw consent for a service that requires it (like certain data we need to provide a service), we will advise you if we cannot continue providing the service without that data.
  • Right to Lodge a Complaint: If you believe we have infringed your data protection rights or violated GDPR, you have the right to lodge a complaint with a supervisory authority in the EU member state where you reside, work, or where the issue occurred (for example, the Data Protection Commission in Ireland, the CNIL in France, the ICO in the UK, etc.). We would appreciate the chance to address your concerns first by contacting us, but this right exists regardless. For UK users, the supervisory authority is the Information Commissioner’s Office (ICO).

We will not normally charge a fee for fulfilling these requests, unless the requests are manifestly unfounded or excessive (in which case we may charge a reasonable fee or refuse the request, but we’ll provide an explanation in such cases). We will respond to legitimate requests as soon as possible, and at least within one month, or inform you if we need more time (we can extend by an additional two months for complex or numerous requests, per GDPR, but we will notify you of the extension and the reason).

Rights for California Residents (CCPA/CPRA) and Other U.S. State Privacy Laws

If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Other states (such as Virginia, Colorado, Connecticut, and Utah, etc.) have similar privacy laws taking effect in 2023 that grant comparable rights. We intend to comply with these laws and extend similar rights to residents of those states. This section describes your rights and how to exercise them, focusing on California for specificity:

Categories of Personal Information Collected: In the past 12 months, we have collected (from California consumers) the following categories of personal information, as defined in the CCPA[47]:

  1. Identifiers – e.g., real name, email address, phone number, postal address, IP address, and other similar identifiers.
  2. Personal information categories from Cal. Civ. Code §1798.80(e) (overlapping with identifiers) – e.g., contact information, payment card information (note: we do not keep card numbers beyond transaction processing), etc.
  3. Commercial Information – e.g., records of products or services purchased or considered, and purchasing histories (if you have engaged our services).
  4. Internet or Other Electronic Network Activity – e.g., browsing history, search history, and interactions with our website, emails, or advertisements (as captured via cookies, pixels, and server logs).
  5. Geolocation Data – e.g., approximate location derived from your IP address (which can indicate city or region). We do not track precise GPS location.
  6. Professional or Employment-Related Information – e.g., if you provide your job title, company name, or industry when contacting us or signing up, we collect that. Also, if we provide services to your employer, we might have business contact details.
  7. Inferences – e.g., profiles or summaries we derive from your interactions and preferences (such as inferring your interest in certain services from your browsing).

We do not knowingly collect: biometric information, sensory data (like audio recordings, unless you leave a voicemail or we record a customer service call with notice), non-public education records, or sensitive personal information like social security number, driver’s license, passport, account passwords, or precise health/genetic data from website users. (If in the course of business services we handle sensitive data on behalf of clients, that would be governed by separate agreements and not used for our own purposes). If that ever changes or if we do collect any sensitive personal information for our own purposes, we will provide the appropriate disclosures and opt-out/limit rights under CPRA.

Categories of Sources: We collect personal information directly from you (e.g., via forms you fill out), automatically through your use of our site, and from service providers or partners as described in Information We Collect above[41].

Business or Commercial Purposes for Collection: We collect and use personal information for the purposes outlined in How We Use Your Information above – including providing services, marketing, analytics, security, etc.[48]. These correspond to the “business purposes” under CCPA (such as performing services on behalf of the business, fulfilling orders, processing payments, advertising and marketing (with consent), detecting security incidents, debugging, short-term transient use like session personalization, internal research, and quality control).

Disclosure of Personal Information: We may disclose the above categories of personal information to the third parties described in How We Share Your Information for business purposes. In particular, in the last 12 months, we have disclosed these categories to service providers or contractors (like our cloud hosting, payment processor, analytics providers, etc.) for business purposes of operating our site and services. For example, Identifiers and Internet Activity info are shared with analytics and security service providers; Contact and Transaction info is shared with our payment and email service providers, etc. We require those recipients to keep the information confidential and use it only for our purposes.

Sale or Sharing of Personal Information: We do not sell personal information for money. We also do not knowingly sell personal information of minors under 16. However, as noted, some of our use of third-party advertising cookies and tracking may be considered “sharing” of personal information for cross-context behavioral advertising under CPRA’s definitions. In the last 12 months, we may have shared identifiers (like cookie IDs or hashed emails) and internet/network activity with advertising partners (like Meta or Google) to better target and measure our ads. This is not a “sale” for monetary consideration but could be deemed a sale/share for valuable consideration (advertising services). Out of an abundance of caution, we treat it as such for compliance. Therefore, California residents have the right to opt out of sale or sharing of their personal information. You can exercise this by using our cookie consent tool (refusing advertising cookies will stop that sharing), by enabling a Global Privacy Control (GPC) in your browser which we will honor as an opt-out signal[27][28], or by contacting us as described below (we may in future provide a “Do Not Sell or Share My Personal Information” link on our website home page for easy access, as required by law). Once you opt-out, we will (a) stop the data flows that are considered sales/sharing, and (b) instruct any third parties to whom we “sold” or “shared” data to stop further selling/sharing it. We will not ask you to re-opt-in for at least 12 months.

Specific Rights of California (and similarly Virginia, etc.) Residents:

  • Right to Know: You have the right to request that we disclose to you the following information covering the 12 months prior to your request: (1) The categories of personal information we collected about you; (2) The categories of sources from which we collected it; (3) The business or commercial purposes for collecting, selling, or sharing that personal information; (4) The categories of third parties to whom we disclosed personal information; (5) The specific pieces of personal information we collected about you[40][41]; and (6) If we sold or shared your personal information, the categories of personal information and categories of third parties to whom the information was sold/shared (or, if we did not sell your info, we will confirm that as well)[49]. Much of this information is provided in this Privacy Policy. Upon a verified request, we will provide an individualized response with the specific information about you as required by CCPA. You may request this information up to twice in a 12-month period, free of charge.
  • Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions[42][50]. For instance, we may retain information needed to complete the transaction for which it was collected, to provide a good or service you requested, to detect security incidents, to comply with legal obligations, or other exceptions allowed by law[51][52] (the CCPA lists several exceptions, such as we may keep data needed for debugging or for lawful internal uses compatible with context provided you consented[53][54]). If no exception applies, and once your deletion request is verified, we will delete (and direct our service providers to delete) your personal information from our records. If an exception does apply, we will inform you of that and limit use of the data to the allowed purpose.
  • Right to Correct: Under CPRA (effective 2023) and some other state laws, you have the right to request correction of inaccurate personal information that we maintain about you. Upon verification, we will correct any confirmed inaccuracies. In many cases, you can also correct your information directly (for example, by contacting us to update your contact info).
  • Right to Opt-Out of Sale/Sharing: As discussed, you have the right to opt out of the sale or sharing of your personal information to third parties. “Sharing” here refers to the disclosure of personal info for cross-context behavioral advertising. We do not sell in the traditional sense, but we enable opting out of the types of sharing we do. To opt out, use the methods described above (cookie preferences, GPC, contacting us). Once you opt out, we will honor that for at least 12 months before asking if you want to opt back in.
  • Right to Limit Use of Sensitive Personal Information: If we ever collect “Sensitive Personal Information” (as defined by CPRA) about you for reasons beyond what is considered necessary to provide our services (for example, using it for targeting or if we were to collect precise geolocation, etc.), you would have the right to direct us to limit the use of that information to the purposes allowed by law (such as providing the services). However, at this time, we do not use or disclose Sensitive Personal Information of consumers except for purposes that are exempt from this right (e.g., if we collected a credit card number for a transaction, we only use it to process the payment, which is an expected purpose). Therefore, we do not presently offer a specific “Limit Use of My Sensitive Info” link, because we don’t engage in unrestricted use of sensitive info. Should our practices change, we will update this Policy and provide the appropriate opt-out.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. This means if you choose to exercise your rights under CCPA/CPRA (such as requesting deletion or opting out of sale), we will not deny you goods or services, charge you a different price, or provide a different level of quality just because of that choice[55][56]. If you have exercised a right and feel you received unfair treatment as a result, please contact us immediately. We may offer certain promotions or benefits (like a discount code for newsletter subscribers), which is allowed as long as it’s not unjust or punitive – any such financial incentives related to your data would be described to you at the time, and you can opt in to receive them. We currently do not offer data-for-money incentives or loyalty programs that involve selling personal data; if that ever occurs, we will provide a notice and obtain appropriate consent.

Exercising Your Rights (California and Other States): If you are a resident of California (or Virginia, Colorado, etc.), you or your authorized agent can submit requests to know (access), delete, correct, or opt-out as follows:

  • Contact Us via Email: The easiest way is to email us at help@petronellatech.com with the subject line “Privacy Rights Request” and let us know what you would like to do (e.g., “I am a California resident requesting access to my data” or “Please delete my personal information”).
  • Online Form (if available): We may provide a web form on our site for submitting privacy requests. (Check our Privacy page for a form link, if one is implemented.)
  • Phone: You may call us at 919-422-2607 to submit a request. Our phone line will take your information and route it to our privacy team for processing. (Note: This is not a toll-free number, but it’s our main business line. As an alternative, since we operate mainly online, email is usually more efficient. California law requires a toll-free method for larger businesses; if needed, we will accommodate you via this phone or arrange another method.)
  • Authorized Agent: You may designate an authorized agent to make a request on your behalf. If you do so, we will take steps to verify that the person is authorized to act for you. For example, we may require the agent to provide your written permission or proof of power of attorney, and we may need you to verify your identity directly with us or confirm that you gave the agent permission. This is to prevent fraud.

Verification Process: For certain requests (especially access, deletion, and correction), we will need to verify your identity to a reasonable degree of certainty before providing information or deleting data. This is to protect your privacy – we don’t want to give your data to an impostor. The verification steps may depend on the sensitivity of the data and the type of request. Typically, if you have an account with us, we may verify by having you log in or respond to communications from your account email. If you do not have an account, we might ask you to provide at least two or three pieces of personal info that we can match against our records (such as your last transaction amount, the date you last contacted us, your mailing address on file, etc.). For highly sensitive requests (like disclosure of specific pieces of info such as any stored payment details), we may require more stringent verification (such as a signed declaration under penalty of perjury that you are the consumer whose data is requested). Rest assured, information you provide for verification will only be used to verify and to process your request[57]. If we cannot verify your identity to a sufficient level, we will let you know and may have to deny the request (or give a limited response), but you can provide additional information to attempt to verify again.

Response Timing: We aim to confirm receipt of your request within 10 days and to respond substantively within 45 days of receiving a valid request[58][59]. If we need more time (up to an additional 45 days, for a total of 90 days), we will inform you of the reason and extension in writing. We will deliver our response via email or mail based on your preference. For access requests, we will provide the information in a readily usable format, often electronically. For deletion requests, we will confirm once we have deleted the data (or explain any that we retained under exceptions). For correction, we will confirm the data is corrected or supplement it if we maintain it differently.

Appeals (for Other States): If you are a resident of a state like Virginia, Colorado, or Connecticut that requires an appeal process when a consumer privacy request is denied, you have the right to appeal our decision. If we deny your request, we will inform you of your right to appeal and how to submit an appeal. Typically, you may submit an appeal by replying to our response or contacting us again, indicating that you are appealing the decision. We will have a different team member (or a higher-level reviewer) reevaluate your request and respond within the time frame required by law (generally 45 days for Virginia). If the appeal is denied, we will provide you with a written explanation and information on how you can contact your state’s Attorney General or relevant authority to lodge a complaint.

Other U.S. State Rights: If you are a resident of Virginia, Colorado, Utah, or Connecticut, the rights you have are similar to those above: right to access, correct, delete, opt-out of sale/targeted advertising/profiling, and the right to non-discrimination or no retaliation. We intend our process to cover those as well. For example, “sale” is defined slightly differently in some states (Virginia says sale is for monetary consideration only; we don’t do that anyway). Targeted advertising and profiling opt-outs are explicitly mentioned in some states and we include them within our opt-out processes (so opting out of sale/sharing and profiling for targeted ads covers that). If you have any specific state law question, please contact us.

We are dedicated to enabling these rights and handling your requests with care. Our goal is to be transparent and helpful in giving you control over your personal information. Please note that these rights are subject to certain exemptions and limitations by law. If we cannot fulfill part of your request due to an exemption (for example, we can’t show you certain internal legal memos or info that would violate others’ privacy), we will explain that in our response.

Children’s Privacy

Our website and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 years old. In fact, given the nature of our services (cybersecurity and compliance consulting), it is highly unlikely that children would be users of our site. If you are under 13, please do not provide any personal information to us. If we learn that we have inadvertently collected personal information from a child under 13 without appropriate consent, we will take steps to delete that information promptly.

Parents or guardians: If you become aware that your child under 13 has provided us with personal information, please contact us immediately so that we can delete it.

For teens between 13 and 16, we do not sell their personal information (and in any event, we require opt-in consent for any sale/sharing of personal info of consumers under 16, as mandated by the CPRA). If we ever offer any sections of our site for younger audiences (for example, a learning resource), we will ensure compliance with the Children’s Online Privacy Protection Act (COPPA) and relevant laws, including obtaining verifiable parental consent when required.

In the European Union and UK, the age of consent for online data collection can vary (usually 16, but some countries allow it at 13). We do not knowingly offer services to minors without proper consent. If you are a minor in your jurisdiction, please only use our services with the involvement of a parent or guardian.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will revise the “Last Updated” date at the bottom of this Policy. Any changes will become effective when we post the revised Privacy Policy on our website.

If we make any material changes (significant changes) to the way we collect, use, or share your personal information, we will provide a prominent notice of such changes. For example, we may display a notice on our website’s homepage or notify you via email (if we have your email on file) prior to the change becoming effective, in accordance with applicable laws. We want you to be informed of any new rights or obligations.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you continue to use our website or services after the updated Privacy Policy goes into effect, it signifies your acceptance of the changes. However, if any change would materially reduce your rights or increase your obligations, we will seek your consent where required by law.

For significant updates involving AI or new data uses, note that regulators (like the U.S. FTC) have advised against making quiet changes – thus we will be transparent and possibly request re-consent if we were to use your data in a substantially different manner than previously disclosed[60][61].

If you have any questions about the changes or the policy, reach out to us (see Contact Us below) and we’ll be happy to explain.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please do not hesitate to contact us:

Petronella Technology Group, Inc.
5540 Centerview Dr., Suite 200
Raleigh, NC 27606, USA
Email: help@petronellatech.com
Phone: 919-422-2607

(Please note: This contact information is for privacy and general inquiries. For exercise of legal rights, you may use these or the designated methods described under Your Rights above. If you email us, please include “Privacy Request” in the subject for faster routing.)

We will do our best to respond promptly and address your inquiries. If you contact us to exercise a privacy right, we may need to verify your identity for security reasons as discussed. If you have a disability and need this Privacy Policy provided in an alternative format, please contact us and we will accommodate you.

Thank you for reading our Privacy Policy. We are dedicated to safeguarding your personal information and upholding your privacy rights. Your trust is important to us, and we welcome feedback on how we can improve our privacy practices.

Last Updated: August 6, 2025


[1] [2] [3] [4] [5] [11] [12] [13] [14] [18] [19] [24] [25] [26] [29] [30] [31] [34] [35] [36] [37] [38] Privacy-Policy | Petronella Technology Group, Inc.

https://petronellatech.com/privacy-policy/

[6] [7] [33] CAN-SPAM Act: A Compliance Guide for Business | Federal Trade Commission

https://www.ftc.gov/business-guidance/resources/can-spam-act-compliance-guide-business

[8] The Federal Do Not Call (DNC) Registry and the TCPA as it Applies ...

https://www.isipp.com/text-of-the-tcpa-as-it-applies-to-sms-text-marketing-messages-and-the-do-not-call-dnc-list/

[9] [10] [39] [46] Art. 22 GDPR – Automated individual decision-making, including profiling - General Data Protection Regulation (GDPR)

https://gdpr-info.eu/art-22-gdpr/

[15] [16] [17] [20] [21] [22] [23] Cookies, the GDPR, and the ePrivacy Directive - GDPR.eu

https://gdpr.eu/cookies/

[27] [28] [40] [41] [48] [57] [58] California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General

https://oag.ca.gov/privacy/ccpa

[32] EU & UK GDPR: 5 Must Know Things About Email Consent - Litmus

https://www.litmus.com/blog/5-things-you-must-know-about-email-consent-under-gdpr

[42] [43] [47] [49] [50] [51] [52] [53] [54] [55] [56] [59] CCPA (CPRA) Privacy Policy Checklist - TermsFeed

https://www.termsfeed.com/blog/ccpa-privacy-policy-checklist/

[44] [45] [60] [61] Addressing Artificial Intelligence in Your Privacy Notice: 4 Recommendations for Companies to Consider

https://www.orrick.com/en/Insights/2024/04/Addressing-Artificial-Intelligence-in-Your-Privacy-Notice-4-Recommendations-for-Companies

AI
Petronella AI