Borealis Security Privacy Policy Privacy notice for borealissecurity.com, Borealis contact and scheduling flows, and related managed-governance marketing or intake activities Effective date: March 15, 2026
Scope control. This policy is for Borealis Security marketing and services-intake contexts. If a person moves into Aurora Command, a customer workspace, a reviewer portal, or a signed managed-services relationship, additional or separate terms, privacy notices, DPAs, and portal-specific disclosures may apply.
Scope and relationship to other documents
This Privacy Policy explains how Borealis Security, Inc. (“Borealis,” “we,” “us,” or “our”) collects, uses, discloses, stores, and otherwise processes personal information in connection with borealissecurity.com, program-review requests, contact and scheduling forms, downloadable resources, security and privacy requests, events, newsletters or marketing communications, and related managed-governance marketing or intake activities. This policy is intended to provide a public, customer-facing description of Borealis’s website and services-intake privacy practices. It supplements, and does not amend, any signed services agreement, order form, Aurora Command policy, Trust Center terms, or data processing addendum that more specifically governs customer content or a paid engagement.
Categories of personal information we collect
We may collect identifiers and contact information such as name, business email, business phone number, company name, job title, mailing details, and similar business-contact data. We may collect commercial and relationship information such as requested services, program interests, form submissions, meeting history, scoping details, notes, and procurement or security-document requests. We may collect internet, device, and usage information such as IP address, browser type, pages viewed, approximate geolocation derived from IP, referral source, cookie identifiers, and interaction data associated with the public website and related request flows. We may collect communications content and support or intake information that you provide in messages, questionnaires, scheduling notes, attachments, screenshots, or similar materials. We may collect marketing-preference and consent information, including whether you opted into optional cookies, newsletter preferences, supported browser privacy signals, unsubscribe actions, and consent-state records. We do not intend to collect highly sensitive regulated data through public marketing forms. Please do not submit medical information, payment-card data, government-issued identifier numbers, children’s data, or other high-risk information unless Borealis expressly requests and authorizes it in writing.
Sources of personal information
We collect personal information directly from you when you submit forms, schedule a call, request a review, contact us, register for events, subscribe to communications, or otherwise interact with the site. We collect limited information automatically through cookies and similar technologies, subject to your settings, supported browser privacy signals, and applicable law. We may receive personal information from business partners, referral sources, scheduling providers, communication platforms, customer representatives, publicly available business sources, or other parties that direct us to contact you in a business context.
How we use personal information
We use personal information to operate, maintain, secure, and improve the Borealis website and related request flows. We use personal information to respond to inquiries, schedule and conduct program reviews or other requested conversations, deliver requested downloads or materials, and evaluate whether Borealis’s services may fit your needs. We use personal information to communicate with you about services you requested, relationship management, operational updates, security or privacy matters, and, where permitted, marketing communications. We use personal information to maintain records, enforce terms, prevent abuse, investigate security incidents, protect our rights and those of others, and comply with law.
How we disclose personal information
We may disclose personal information to service providers and contractors that help us host or secure the website, schedule meetings, deliver email, manage CRM or communications workflows, analyze site performance, support marketing operations, or otherwise operate our business. We may disclose personal information to professional advisers, affiliates, transaction counterparties, law-enforcement or governmental authorities, or other parties where reasonably necessary to comply with law, protect rights or safety, investigate abuse, or support a corporate transaction. If you ask to be routed into Aurora Command or another Borealis-controlled or customer-controlled system, relevant information may be used to facilitate that handoff and operate the requested workflow. Borealis does not sell personal information for money. Depending on the live configuration of optional analytics or marketing technologies and the choices you make, certain identifiers or internet-activity information may be disclosed to analytics or marketing providers in a manner that may be treated as a “sale,” “sharing,” or “targeted advertising” under some state privacy laws. Where applicable, you can control that activity through our Privacy Choices page, cookie controls, and supported Global Privacy Control signals.
Cookies, similar technologies, and privacy choices
Borealis uses cookies and similar technologies to operate the website, remember preferences, maintain security, measure performance, and, where allowed, support analytics or marketing activities. Optional analytics and marketing technologies should remain off until enabled by you through the cookie banner or other supported consent tools. Supported Global Privacy Control signals should keep optional analytics and marketing cookies off on the public Borealis marketing site and related request flows. More detail appears in the Borealis Cookie Policy and Privacy Choices page.
Managed-governance scoping materials and confidentiality
If you share questionnaires, screenshots, draft evidence, deadlines, state-law issues, or other scoping material in connection with a program review or services discussion, Borealis treats those materials as confidential business information within the Borealis delivery context, subject to applicable law and any more specific agreement. You remain responsible for screening submissions for privileged material, prohibited data categories, or information you are not authorized to share. Borealis may reject, redact, delete, or return materials that create operational, legal, privacy, or security risk.
Security
Borealis uses administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, loss, misuse, and alteration. Those safeguards may include access controls, least-privilege practices, logging, encryption where appropriate, vendor management, and incident-response procedures. No method of transmission, storage, or security control is perfect, and Borealis cannot guarantee absolute security.
Retention
Borealis retains personal information only for as long as reasonably necessary for the purposes described in this policy, including to respond to your request, manage the relationship, maintain records, enforce agreements, protect security, satisfy legal obligations, and resolve disputes. Retention periods may vary by data type, engagement status, legal hold, backup cycle, and contractual requirements. Borealis will not retain personal information longer than is reasonably necessary for disclosed purposes.
U.S. state privacy rights
Depending on where you live and applicable legal thresholds, you may have rights to request access to, correction of, deletion of, or copies of certain personal information; to appeal a denied request; or to opt out of certain disclosures or uses recognized by law. You may exercise applicable rights by contacting privacy@borealissecurity.com or using the methods identified on our Privacy Choices page. Borealis may need to verify your request and may deny or limit requests as permitted by law, including for recordkeeping, security, fraud prevention, or other lawful exceptions.
Marketing communications
You may opt out of non-essential marketing emails by using the unsubscribe link in the message or contacting us at privacy@borealissecurity.com. Operational, transactional, legal, security, relationship-management, and services-related communications may still be sent where appropriate even if you opt out of promotional communications.
Children’s privacy and restricted data
The Borealis website is intended for business and professional audiences and is not directed to children under 16. Borealis does not knowingly collect personal information from children under 16 through the public website. Please do not submit highly regulated or unnecessary sensitive information through public forms unless Borealis expressly requests it and has a suitable legal and operational basis to receive it.
International access and U.S. processing
Borealis is based in the United States. If you access the website from outside the United States, your information may be processed in the United States and other jurisdictions where Borealis or its service providers operate, subject to applicable law.
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in technology, vendors, legal requirements, or our practices. When we do, we will update the last-updated date and publish the revised version through a link using the word “privacy” on the relevant website pages.
Contact information
Questions or requests regarding this policy or Borealis’s privacy practices may be sent to privacy@borealissecurity.com or by mail to Borealis Security, Inc., Attn: Privacy Officer, 3300 Arctic Blvd, Suite 201 PMB 1085, Anchorage, Alaska 99503, United States.