Privacy Policy

Last updated: May 20, 2026

Plain-language summary. We collect the information you give us through the contact form (name, email, company, message) and through email or calls with our team. We use it to respond to inquiries, deliver advisory engagements, and run our business. We don't sell your data, we don't use it for advertising, and we don't share it with third parties except the small number of service providers listed below who help us operate the website and our practice.

1. Overview

Advosec, LLC d/b/a The Pylon Group ("Pylon Group," "we," "our," or "us") provides cybersecurity, technology, and AI advisory services to mid-market, enterprise, and PE-backed companies. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website at thepylongroup.com, contact us, or engage us for advisory services.

By using our website or engaging our services, you agree to the collection and use of information in accordance with this policy.

2. Scope of This Policy

This Privacy Policy covers the Pylon Group corporate website (thepylongroup.com), our advisory practice, and our general business communications.

Our software platforms (Scout, Anvil, and Command) operate under separate, platform-specific privacy policies that govern the data those platforms process:

If you are a user of the Scout or Anvil platforms, the platform-specific policy governs your platform usage. This corporate policy governs your interaction with our marketing website and advisory practice.

3. Information We Collect

3.1 Contact and Inquiry Information

When you submit our contact form or reach out by email, we collect the information you provide, which typically includes your name, business email address, company name, and the content of your message. The contact form on our website is processed through a third-party form service (described in Section 5).

3.2 Advisory Engagement Information

When your organization engages us for advisory services (embedded CISO, embedded CIO, GRC, AI engineering, managed third-party risk, or M&A diligence), we receive information necessary to deliver the engagement. This may include business contact information for your team, organizational structure information, security and technology program data, policy documents, audit findings, vendor inventories, and other materials shared by your team in the course of the engagement.

Advisory engagement information is governed by the confidentiality terms in your Master Services Agreement (MSA) or Statement of Work (SOW) with us, which supplement this Privacy Policy.

3.3 Email and Communications

We retain business correspondence (email, scheduled calls, meeting notes) for record-keeping and to deliver our services.

3.4 Website Usage Data

Our infrastructure provider (Cloudflare) automatically logs basic technical information about visits to our website, including IP address, browser type, referring page, and approximate geographic region. This data is used for security monitoring, abuse prevention, and basic operational analytics.

We do not currently deploy third-party analytics platforms (such as Google Analytics) on the marketing website.

3.5 Anti-Spam Verification

Our contact form uses Cloudflare Turnstile to distinguish legitimate submissions from automated abuse. Turnstile collects limited technical signals about your session to make this determination and does not collect personal information beyond what is necessary for that purpose.

4. How We Use Information

We use the information we collect to:

  • Respond to contact form submissions, demo requests, and inbound inquiries
  • Evaluate fit and propose advisory engagements
  • Deliver advisory services under an executed MSA or SOW
  • Send service-related communications about active engagements
  • Operate and secure our website and email infrastructure
  • Comply with our legal, regulatory, and contractual obligations
  • Improve our services, content, and how we communicate

We do not sell your personal information. We do not use your information for advertising. We do not share your information with third parties except as described in Section 5.

5. Service Providers and Sub-Processors

We use the following third-party service providers to operate our website and advisory practice. Each provider has its own privacy practices and processes data on our behalf under data processing terms:

  • Cloudflare — DNS, content delivery, DDoS protection, and Turnstile anti-spam for the website. Cloudflare maintains SOC 2 Type II compliance. Cloudflare Privacy Policy.
  • Web3Forms — Processing of contact form submissions and routing to our team email. Form submission data is transmitted to Web3Forms and then to us. Web3Forms Privacy Policy.
  • Google Workspace — Email, calendar, and document collaboration for our team. Business communications and engagement documents may be stored in Google Workspace. Google Workspace Data Processing Terms.
  • LinkedIn — The "Connect" links on our website point to our LinkedIn company page; clicking those links sends you to LinkedIn under its own privacy terms. We do not embed LinkedIn tracking on our pages.

If we add or change material service providers, we will update this section.

6. Data Sharing and Disclosure

6.1 Legal Requirements

We may disclose your information if required to do so by law, in response to valid legal process (such as a subpoena, court order, or government request), to protect our rights, property, or safety, or to investigate suspected fraud or violations of our Terms of Use.

6.2 Business Transfers

In the event of a merger, acquisition, financing, restructuring, sale of assets, bankruptcy, or similar transaction, your information may be transferred as part of that transaction. We will provide notice of any such change and any meaningful choices you may have regarding your information at that time.

6.3 With Your Consent

We may share information in other ways with your express consent or at your direction.

7. Data Security

We implement technical and organizational measures appropriate to the sensitivity of the data we hold, including:

  • Encryption of data in transit (TLS 1.2+) for all website traffic and form submissions
  • Email and document encryption at rest through Google Workspace
  • Multi-factor authentication on team accounts
  • Principle of least privilege for access to client data
  • Background screening and confidentiality obligations for personnel with client data access
  • Network and endpoint security controls aligned to the standards we recommend to our clients

No method of transmission or storage is 100% secure. While we apply the same security standards to our own operation that we recommend to our advisory clients, we cannot guarantee absolute security.

If you believe you have discovered a security issue affecting our website or services, please report it to [email protected].

8. Data Retention

We retain the information we collect for as long as needed to:

  • Respond to your inquiry or fulfill the purpose for which it was provided
  • Deliver the advisory engagement and meet our contractual obligations
  • Comply with our legal, tax, and regulatory record-keeping obligations
  • Resolve disputes, enforce agreements, and protect our legal rights

Contact form submissions and inbound business inquiries are retained for up to 36 months unless they result in an active engagement. Advisory engagement records are retained for the duration of the engagement and for a period of 7 years following engagement closure, consistent with professional services record-keeping standards.

9. Your Rights

Depending on the jurisdiction in which you reside, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate personal information
  • Request deletion of your personal information (subject to our legal, tax, and contractual record-keeping obligations)
  • Object to or restrict certain processing of your personal information
  • Request portability of your data in a structured, machine-readable format
  • Withdraw consent where our processing relies on consent
  • Lodge a complaint with a data protection authority in your jurisdiction

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

10. Cookies and Tracking

Our marketing website does not currently use third-party analytics cookies, advertising cookies, or cross-site tracking pixels. The website may set essential cookies required for the Cloudflare Turnstile anti-spam check on the contact form; these cookies are deleted automatically when you close your browser session.

If we add analytics or tracking in the future, we will update this section and provide notice.

11. International Data Transfers

The Pylon Group is based in the United States. Our infrastructure providers and the third-party services described in Section 5 are also based in the United States. If you access our website or contact us from outside the United States, your information will be transferred to and processed in the United States.

For visitors from the European Economic Area, the United Kingdom, or other jurisdictions with cross-border transfer requirements, your information may be transferred and processed under standard contractual clauses or other approved transfer mechanisms maintained by our service providers.

12. Children's Privacy

Our website and services are directed to business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it.

13. California Residents (CCPA / CPRA)

If you are a California resident, you have the rights described in Section 9, plus the right to know the categories of personal information we collect and the purposes for which we use it. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act. To exercise your California rights, contact [email protected].

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, provide additional notice through the website or email. Your continued use of our website or services after a change takes effect constitutes acceptance of the revised policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Advosec, LLC d/b/a The Pylon Group
Pennsylvania, United States
Privacy inquiries: [email protected]
Security reports: [email protected]
General: [email protected]