Your privacy matters. Here’s how we handle your information.
Last updated: April 2026
When you visit our website, contact us through our inquiry form, or engage our services, we may collect personal information including your name, email address, phone number, organization name, and details related to your cybersecurity needs. We collect this information only when you voluntarily provide it to us.
Our website may also collect standard technical data such as browser type, operating system, pages visited, and time spent on our site through analytics tools. This data is collected in aggregate and is not used to personally identify visitors.
We use the information you provide to respond to your inquiries, deliver our consulting services, send relevant communications you’ve opted into (such as our newsletter), and improve our website and service offerings.
We do not sell, rent, or trade your personal information to third parties. We may share information with trusted service providers who assist in operating our website or conducting our business, provided they agree to keep your information confidential.
When you complete the CMMC Readiness Assessment at merek.io/cmmc/assessment, we store your responses, contact information, and calculated SPRS estimate in a Supabase-hosted PostgreSQL database configured with row-level security and managed under a posture aligned with NIST SP 800-171. Access is restricted to authorized Merek personnel for the purpose of responding to your assessment and providing relevant CMMC resources.
Transactional confirmation and internal notification emails are delivered via Resend from our verified sending domain send.merek.io. We capture the IP address and user-agent string of each submission for audit and fraud-prevention purposes only; these are never used for marketing profiling.
The assessment is a directional self-evaluation and does not constitute a formal CMMC certification, a C3PAO audit, or an official SPRS score. To request deletion of your assessment submission, email privacy@merek.io.
As a cybersecurity firm, we take data protection seriously. We implement industry-standard security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. All data transmitted through our website is encrypted using TLS. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.
Our website may use cookies and similar tracking technologies to enhance your browsing experience and collect analytics data. You can control cookie preferences through your browser settings. Disabling cookies may affect certain features of the website.
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.
Our website and services are not directed at children under 13. We do not knowingly collect personal information from children under 13. Our MindfulBytes educational program operates through schools and districts, and all student data is handled in accordance with FERPA and applicable state privacy laws.
You have the right to request access to, correction of, or deletion of your personal information. You may also opt out of marketing communications at any time. To exercise any of these rights, contact us at info@merek.io.
We may update this privacy policy from time to time. Any changes will be posted on this page with a revised “Last updated” date. We encourage you to review this policy periodically.
If you have questions about this privacy policy or our data practices, please contact us:
Merek Security Solutions, LLC
Santa Fe, New Mexico