Effective Date: January 1, 2024
Issued by: Eight Point Solutions LLC

​

Introduction

​

Eight Point Solutions LLC (“EPS,” “we,” “us,” “our”) is a U.S.-based, veteran-owned security training and intelligence consulting firm. We operate globally in both public and private sector environments. EPS is committed to the lawful, secure, and transparent handling of all personal and organizational data, aligned with U.S. federal law and international privacy regulations.

​

This Privacy Policy outlines how we collect, process, store, disclose, and protect personal data in accordance with:

• General Data Protection Regulation (GDPR)

• California Consumer Privacy Act (CCPA)

• Personal Information Protection and Electronic Documents Act (PIPEDA)

• Children’s Online Privacy Protection Act (COPPA)

• Any other applicable U.S. or foreign data protection laws

​

1. Information We Collect

​

We may collect and process the following types of personal and technical data:

• Identity Information: Full name, email, phone, job title, employer, mailing address

• Transaction Information: Payment card details, billing address, order history

• Technical Data: IP address, browser type/version, device type, OS, time zone

• Behavioral Data: Pages visited, session time, clicks, user journey behavior

• Communications: Email records, live chat messages, inquiry forms, service logs

• Credentialing Data: Training records, certifications, course completions

​

We do not intentionally collect data from children under the age of 13. If we become aware of any such data, we will delete it immediately.

​

2. Purpose of Data Use

​

We process personal data for the following legitimate business and operational purposes:

• Fulfillment of service agreements or contractual training delivery

• Identity and credential verification for certification or access purposes

• Communication regarding services, account management, and client support

• Risk mitigation, operational security, and fraud prevention

• Website performance optimization and behavioral analytics

• Regulatory compliance, audits, and data retention obligations

​

3. Legal Basis for Processing (GDPR & Global Compliance)

​

We process personal data under the following legal bases:

• Consent – Voluntary agreement for specified purposes

• Contractual Obligation – Data required to fulfill a contract or service agreement

• Legal Obligation – Processing required by federal, state, or international law

• Legitimate Interests – Where processing supports security, readiness, or operational needs, without overriding individual rights

​

4. Data Sharing and Disclosure

​

We do not sell personal data.

​

We may disclose data under the following conditions:

• Authorized Personnel: Internal access on a need-to-know basis

• Third-Party Processors: Secure vendors for payment, IT, comms, or analytics

• Legal Compliance: When required by subpoena, regulation, or lawful request

• Mergers/Acquisitions: Data may transfer with business continuity operations

• Explicit Consent: If you give written permission to share your information

​

5. International Transfers

​

EPS may transfer and store personal data across jurisdictions. When doing so, we ensure:

• Use of Standard Contractual Clauses (SCCs) approved by the European Commission

• Compliance with international frameworks such as the EU-U.S. Data Privacy Framework

• All transfers are secured, monitored, and legally reviewed

​

6. Data Security

​

EPS applies rigorous physical, technical, and procedural controls to prevent data compromise:

• Secure server environments and firewall protections

• Multi-factor authentication and access control

• Encrypted transmission and data-at-rest policies

• Continuous monitoring and logging of system activity

• Limited personnel access aligned with operational necessity

​

Despite best practices, no system is invulnerable. EPS continuously evaluates and upgrades its security posture to counter emerging threats.

​

7. Data Retention

​

Data is retained only for the period required to:

• Deliver contracted services

• Satisfy legal and regulatory requirements

• Resolve disputes or enforce agreements

​

When no longer needed, data is securely deleted or anonymized using NIST-compliant destruction protocols.

​

8. Your Rights and How to Exercise Them

​

You may, subject to applicable law, request to:

• Access your personal data

• Correct or update inaccurate information

• Delete your data (“right to be forgotten”)

• Restrict or object to certain processing

• Receive a copy of your data (portability)

• Withdraw consent at any time (if consent was the legal basis)

​

To exercise your rights, email us at: info@eightpointsolutions.com

EPS will respond within required legal timeframes and validate all requests using secure identity verification.

​

9. Cookies and Tracking Technologies

​

We use cookies, pixel tags, and session-based technologies to:

• Monitor site performance

• Enhance navigation and usability

• Track conversion, campaign response, and user engagement

​

You can control cookies via your browser settings or opt-out preferences.

​

10. Policy Updates

​

EPS reserves the right to revise this Privacy Policy as laws, standards, or business operations evolve. Updated policies will be posted with a revised “Effective Date” and communicated to stakeholders as appropriate.

​

11. Contact Us

​

For all privacy-related inquiries, contact:

Eight Point Solutions LLC
1802 Brightseat Rd, 2nd Floor
Hyattsville, MD 20785
Email: info@eightpointsolutions.com
Phone: +1-410-525-5775

​

Eight Point Solutions LLC — Mission-Driven. Data-Secure. No Exceptions.