Encyphir Risk Management

Privacy Policy

Last updated: 2026-06-27

1. Introduction

Encyphir Risk Management Incorporated ("Company," "we," "us," or "our") is committed to protecting the privacy of our clients, prospects, and website visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you engage with our risk management services, visit our website, or communicate with us.

By using our services or providing us with your information, you agree to the terms of this Privacy Policy. If you do not agree, please refrain from using our services.

2. Information We Collect

We may collect the following categories of personal information:

2.1 Personal Identification Information

  • Full name, job title, and employer information
  • Email address, mailing address, and telephone number
  • Government-issued identification where required for compliance purposes

2.2 Financial and Business Information

  • Business financial statements, revenue data, and risk exposure profiles
  • Insurance policy details and claims history
  • Credit information and banking details for billing purposes

2.3 Technical and Usage Information

  • IP address, browser type, and device identifiers
  • Pages visited, time spent on site, and referral URLs
  • Cookies and similar tracking technologies

2.4 Communications

  • Records of correspondence via email, phone, or written mail
  • Information provided in forms, surveys, or assessments

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, administer, and improve our risk management services
  • To assess risk exposure and develop tailored risk mitigation strategies
  • To communicate with you about your account, services, and relevant updates
  • To comply with applicable laws, regulations, and legal obligations
  • To detect, prevent, and address fraud, security incidents, or other harmful activity
  • To conduct internal analytics and improve our business operations
  • To send transactional communications, service alerts, and important notices

4. Mobile Communications and Text Messaging

We may communicate with you via SMS/text message for purposes such as appointment reminders, service alerts, and account notifications, subject to your prior consent.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

By opting in to receive text messages from us, you acknowledge and agree to the following:

  • Message frequency may vary depending on the nature of your engagement with our services.
  • Standard message and data rates may apply as set by your mobile carrier.
  • You may opt out at any time by replying STOP to any text message we send.
  • For assistance, reply HELP or contact us directly at the information provided in Section 11.

5. Disclosure of Your Information

We do not sell your personal information. We may share your information only in the following limited circumstances:

5.1 Service Providers

We may engage trusted third-party vendors who assist in delivering our services (e.g., cloud hosting, data analytics, payment processors). These parties are contractually obligated to use your data solely for the purpose of providing services on our behalf and must maintain appropriate security standards.

5.2 Legal and Regulatory Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of our Company, clients, or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

5.4 With Your Consent

We may share your information with third parties when you have provided explicit consent for us to do so.

6. Data Security

We implement industry-standard administrative, technical, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encrypted data transmission using TLS/SSL protocols
  • Access controls and role-based permissions for internal staff
  • Regular security assessments and vulnerability testing
  • Secure off-site data backups and disaster recovery procedures

Despite our best efforts, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to take steps to protect your own information and notify us immediately if you suspect unauthorized access.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements. We determine the appropriate retention period based on the nature and sensitivity of the information, the purpose for which it was collected, and applicable legal requirements. As general guidance:

  • Investigative case and client records: Retained for the duration of the engagement and for up to seven (7) years afterward to satisfy legal, regulatory, and professional licensing obligations.
  • Billing and financial records: Retained for up to seven (7) years to meet tax and accounting requirements.
  • Prospect and inquiry information (forms, consultations): Retained for up to twenty-four (24) months from your last interaction, unless you become a client or ask us to delete it sooner.
  • Website analytics and advertising identifiers: Retained for up to twenty-six (26) months, consistent with our analytics provider defaults.

When information is no longer required, we securely delete or anonymize it in accordance with our data retention schedule.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

  • Right to Access: Request a copy of the personal information we hold about you.
  • Right to Correction: Request that we correct inaccurate or incomplete information.
  • Right to Deletion: Request that we delete your personal information, subject to applicable legal obligations.
  • Right to Restrict Processing: Request that we limit the processing of your information in certain circumstances.
  • Right to Data Portability: Request that we provide your information in a structured, machine-readable format.
  • Right to Opt Out: Opt out of certain communications or data uses at any time.

To exercise any of these rights, please contact us using the information in Section 11. We will respond to your request within the timeframe required by applicable law.

9. California Privacy Rights (CCPA/CPRA)

This section applies to California residents and supplements the rest of this Privacy Policy. It is provided under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA").

9.1 Categories of Personal Information We Collect

In the preceding twelve (12) months, we have collected the following categories of personal information, as defined by the CCPA:

  • Identifiers: name, email address, postal address, telephone number, IP address, and online identifiers.
  • Customer records / financial information: billing details, banking information, and insurance or claims information used to provide our services.
  • Characteristics of protected classifications: only where you voluntarily provide them or where required for a specific investigative or compliance purpose.
  • Commercial information: services purchased or considered and engagement history.
  • Internet or network activity: browsing activity, pages viewed, referring URLs, and interactions with our website.
  • Geolocation data: approximate location derived from your IP address.
  • Professional or employment information: job title, employer, and information submitted through job or internship applications.
  • Sensitive personal information: government-issued identification numbers and financial account information, where required for compliance or to deliver our services (see Section 9.5).

We collect this information from you directly, automatically through your use of our website (cookies and similar technologies), and from service providers and analytics partners.

9.2 How We Use and Disclose This Information

We use each category for the business purposes described in Section 3 of this Policy. We disclose personal information to service providers and contractors (such as cloud hosting, analytics, advertising, customer-relationship, and payment providers) as described in Section 5. We disclose identifiers and internet activity to advertising and analytics partners as described below.

9.3 Sale or Sharing of Personal Information

We do not sell your personal information for monetary consideration, and we do not sell or share the personal information of consumers we know to be under 16 years of age.

However, our use of certain advertising and analytics technologies (such as Google Ads and related cookies) may constitute "sharing" of identifiers and internet activity for "cross-context behavioral advertising" under the CCPA. You have the right to opt out of this sharing at any time using our Your Privacy Choices page.

We honor opt-out preference signals, including the Global Privacy Control (GPC). If your browser sends a GPC signal, we treat it as a valid request to opt out of the sale or sharing of personal information for that browser.

9.4 Your California Rights

Subject to certain exceptions, California residents have the right to:

  • Right to Know: Request the categories and specific pieces of personal information we have collected, the sources, the business purposes for collecting it, and the categories of third parties to whom we disclose it.
  • Right to Delete: Request deletion of personal information we collected from you.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt Out of Sale/Sharing: Opt out of the sharing of your personal information for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information: Direct us to limit the use of your sensitive personal information to what is necessary to perform our services.
  • Right to Non-Discrimination: We will not discriminate or retaliate against you for exercising any of your CCPA rights, including by denying services, charging different prices, or providing a different level of quality.

9.5 Sensitive Personal Information

We collect sensitive personal information (such as government-issued identification numbers and financial account information) only as necessary to provide our investigative and risk management services, meet legal and compliance obligations, and prevent fraud. We do not use or disclose sensitive personal information for purposes that would trigger the right to limit beyond those permitted by the CCPA.

9.6 How to Exercise Your Rights

You may submit a request to know, delete, correct, or limit by either of the following methods:

To opt out of sharing, use our Your Privacy Choices page (no account or verification required).

We will verify your identity before fulfilling a request to know, delete, or correct by matching the information you provide with information we maintain. You may use an authorized agent to submit a request on your behalf; we may require written authorization and verification of your identity. We will acknowledge your request within ten (10) business days and respond within forty-five (45) days, with one additional 45-day extension where reasonably necessary and permitted by law.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to operate the site, remember your preferences, analyze traffic, and support advertising. You may configure your browser settings to refuse cookies; however, doing so may limit certain functionality of our website. California residents can also opt out of advertising-related sharing through our Your Privacy Choices page, and we honor Global Privacy Control (GPC) signals.

We use the following categories of cookies and technologies:

  • Essential: Necessary for the website to function and to remember your privacy choices.
  • Analytics: Help us understand how visitors interact with our site, including Google Analytics, Rybbit, and HubSpot.
  • Advertising: Support measurement and cross-context behavioral advertising, including Google Ads / Google Tag Manager and the Bullseye pixel. These are suppressed when you opt out or send a GPC signal.
  • Preference: Remember your settings and preferences for a better experience.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Encyphir Risk Management Incorporated

Attn: Privacy Officer

Email: privacy@encyphir.com

Phone: (888) 965-5150

1401 21st St, STE R Sacramento, CA 95811

12. Updates to This Policy

We reserve the right to update or modify this Privacy Policy at any time. If we make material changes, we will notify you by updating the effective date at the top of this document and, where appropriate, by email or a notice on our website. Your continued use of our services following any changes constitutes your acceptance of the revised policy.