Any use of this website is on your own accord.
Notification of Changes to This Policy. Arrakis Consulting is continually improving and adding new functionality and features to its websites and improving and adding to our existing products, services, and programs. Because of these ongoing changes, changes in the law, and the changing nature of technology, Arrakis Consulting data practices will change from time to time. If, or when, our data practices change, Arrakis Consulting will post the changes on our websites to notify you of the changes. We encourage you to check this page frequently. This policy was last updated in August, 2022.
Personal Data Collected Through ArrakisConsulting.com. Other than cookies, as described below, the only personal data Arrakis Consulting currently collects through its websites is the information you voluntarily give us when you use our sites. Your submission of any data is approval for Arrakis to retain, store, and process that data within ethical limits.
For example, you may use this site to contact Arrakis Consulting with questions and comments. When you fill out a form on our websites, you may provide your name and other contact information, including your company's name, your e-mail address, and your mailing address or the mailing address of your company or other personal information. If you do not wish to fill out all of the information on the form you are not required to do so. Most of our registration forms require only your name and e-mail address. When you submit information to us through ArrakisConsulting.com, you will receive a confirmation e-mail if you enter a valid e-mail address.
Use of Personal Data Collected Through ArrakisConsulting.com. Arrakis Consulting uses the personal data information you provide to answer your question or resolve your problem. Arrakis Consulting and our affiliates also use this information to help us improve the content and functionality of our websites, to better understand our customers and markets, and to improve our products and services. Arrakis Consulting and our affiliates may use this information to contact you in the future to tell you about products or services we believe will be of interest to you. If we do so, each communication we send you will contain instructions permitting you to "opt-out" of receiving future communications. Similarly, we may provide "subscription" e-mail services, either directly or through affiliates, which enable you to receive current news about Arrakis Consulting products. For all such services, we will provide an opportunity to "opt-out" of, or cancel, the subscription. Under no circumstances will Arrakis Consulting sell your data to an outside party.
Personal or Company Financial Information. Arrakis processes credit card payments via stripe.com or bill.com or Intuit and does not retain any credit card data from any client.
Anonymous Data Collected Through ArrakisConsulting.com. In addition to the information you provide when you use our websites, Arrakis Consulting uses technology to collect anonymous information about the use of our websites. For example, we use technology to track how many visitors access our websites, the date and time of their visit, the length of their stay, and which pages they view. We also use technology to determine which web browsers our visitors use and the address from which they accessed our sites (for example, if they connected to a Arrakis Consulting website by clicking on one of our banner ads).
This technology does not identify you personally. It simply enables us to compile statistics about our visitors and their use of our sites. Arrakis Consulting and our affiliates use this anonymous data and share it with third parties to improve the content and functionality of our websites, to better understand our customers and markets, and to improve our products and services.
While no method of data transmission is guaranteed against unlawful third party interception or other misuse, Arrakis Consulting uses commercially reasonable efforts to ensure protection of your data including industry-standard encryption and offline security methods in our physical facilities.
Children. Arrakis Consulting does not knowingly collect personal data from children under the age of eighteen. If you are under eighteen, please do not give us any personal data. If you have reason to believe that a child has provided personal data to Arrakis Consulting, please contact us, and we will try to delete that information from our databases.
Our Company Security Posture
Arrakis is uniquely positioned, intentionally, in that we do not collect, store, or process any sensitive company information for ourselves, or our customers, on our own infrastructure. Additionally, under no circumstances, do we ever collect, store, or process any sensitive data relating to the clients of our customers with exception to information discovered as a part of a penetration testing engagement.
All technical work that we perform for clients is through a VPN, and then into a virtual bastion box, in order to protect our customers and refrain from accidentally collecting content that could be viewed as sensitive or placed under the responsibility of Arrakis. Alternatively, some customers elect to provide a customer owned laptop which all work can also be performed on.
Our internal cloud sharing environment is on Box.com (whom we are a reseller for) with additional layered encryption through technology from another 3rd party that prevents Box.com personnel from seeing our data. This additional layered encryption also is replicated to data found on our laptops. Where possible, all physical devices have hardware encryption and have Mobile Device Management (MDM) technology installed with centralized anti-virus. Using this model provides for transparent layered encryption, that is replicated through reliable cloud technology, with very low risk should a laptop or mobile device be compromised or stolen.
Our email and internal collaboration is via Microsoft O365.
For work involving international travel, Arrakis has a tiered VPN solution that protects Arrakis from foreign governments from intercepting the traffic.
Arrakis has no physical infrastructure resources such as servers, routers, firewalls, etc… and any device that acts in such a manner is through either Amazon or Microsoft for redundancy and an extreme low amount of human effort to manage.
Upon separating from a client, Arrakis deletes any data that we are not legally obligated to retain that doesn't have a connection to future business with the client or isn't in the best interests of Arrakis to retain.
In a general sense, any technology that Arrakis recommends is very likely to be implemented by Arrakis as a working example. Essentially, we eat our own dogfood.
By using this model, Arrakis is fairly immune from most regulatory environments such as GDPR, CCPA, or anything similar involving privacy or the protection of data that could be federally or internationally regulated.
Regardless, as a consulting company that supports various federal, state, and local entities, Arrakis has appropriate administrative controls (policies, standards, and procedures) and technology configured in such a way to comply CMMC, NIST800-53, and NIST800-171.
Before Arrakis is a party to any confidential information, Arrakis insists on a mutual non-disclosure to be fully executed.
Should you have a security concern, please email [email protected]_arrakisconsulting.com
Should you have a privacy concern, please email [email protected]_arrakisconsulting.com