Legal

Privacy Policy

Last updated: March 24, 2026

1. Who We Are

Flagship Cyber Defense Advisors is a CMMC compliance advisory division of AvanteTec Corporation (“Flagship,” “we,” “us,” or “our”). We are headquartered in San Diego, California.

For the purposes of the EU General Data Protection Regulation (GDPR), AvanteTec Corporation is the Data Controller. For questions regarding your personal data, contact us at:

2. Information We Collect

Information You Provide Directly

When you contact us through our website, schedule a consultation, or engage our services, we may collect:

  • Name, job title, and company name
  • Email address and phone number
  • Information about your defense contracts and compliance needs
  • Any additional information you choose to provide in correspondence

Contact form submissions are processed through Formspree, Inc., a third-party form handling service. Formspree processes your submission data solely to deliver it to us and does not use your data for any other purpose.

Information Collected Automatically

When you visit our website, the following information may be collected automatically:

  • IP address (anonymized where required by law)
  • Browser type and version
  • Operating system and device type
  • Pages visited and time spent on each page
  • Referring website or source

This information is collected through Cloudflare's content delivery and security services, which operate as essential infrastructure for our website. See our Cookie Policy for details on specific cookies used.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To respond to your inquiries and schedule consultations
  • To provide CMMC compliance advisory services
  • To send you information relevant to your compliance engagement (with your consent)
  • To improve our website and services
  • To comply with legal obligations
  • To protect our legitimate business interests

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdiction where GDPR applies, we process your personal data under the following legal bases:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose
  • Contract: Where processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract
  • Legitimate interests: Where processing is necessary for our legitimate business interests, provided these interests do not override your fundamental rights
  • Legal obligation: Where processing is necessary for compliance with a legal obligation

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information. We may share your data with:

  • Cloudflare, Inc.: Content delivery, DNS, SSL, and security services. Cloudflare processes certain technical data (IP addresses, request headers) as part of delivering and protecting our website
  • Formspree, Inc.: Contact form processing. Formspree receives form submission data solely to deliver it to us
  • Google LLC: Google Search Console provides website indexing and search performance data. This service accesses publicly available crawl data, not personal visitor data
  • Microsoft Corporation: Bing Webmaster Tools provides similar search indexing data
  • Professional advisors: Attorneys, accountants, and auditors as needed for business operations
  • Legal requirements: When required by law, court order, or governmental regulation

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

6. International Data Transfers

Our servers are located in the United States. If you are accessing our website from outside the United States, your data will be transferred to and processed in the United States. We take appropriate safeguards to ensure your data is protected in accordance with applicable data protection laws, including the use of Standard Contractual Clauses where required by GDPR.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected:

  • Inquiry and consultation data: 3 years after last contact
  • Client engagement data: 7 years after engagement completion
  • Website server logs: 90 days
  • Cookie consent records: 3 years

8. Your Rights

All Visitors

Regardless of your location, you have the right to:

  • Request access to the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal retention requirements)
  • Opt out of marketing communications at any time

GDPR Rights (EEA/UK Residents)

If you are located in the EEA or UK, you additionally have the right to:

  • Restrict processing of your personal data
  • Data portability (receive your data in a structured, machine-readable format)
  • Object to processing based on legitimate interests
  • Withdraw consent at any time
  • Lodge a complaint with your local data protection authority

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale or sharing of personal information (we do not sell or share personal information)
  • Non-discrimination for exercising your privacy rights
  • Correct inaccurate personal information
  • Limit use and disclosure of sensitive personal information

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or sooner where required by law).

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. As a CMMC compliance firm, security is foundational to our operations. Our website is served over HTTPS with Cloudflare SSL, and we follow industry best practices for data handling. However, no method of transmission over the Internet is 100% secure.

10. Children's Privacy

Our services are directed to businesses and professionals. We do not knowingly collect personal information from individuals under the age of 16. If we become aware that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. For material changes, we will provide prominent notice on our website.

12. Contact Us

For privacy-related inquiries, data subject requests, or complaints:

  • Email: [email protected]
  • Phone: (858) 771-6100
  • Mail: Flagship Cyber Defense Advisors, c/o AvanteTec Corporation, 630 First St., San Diego, CA 92101