We’re a security firm. We are not in the data-broker business. Specifically:
What we collect
On this website — a minimal analytics pixel (self-hosted) that records page, referrer, country (not IP), and rough screen size. No cookies. No fingerprinting. No third-party analytics.
Through contact forms — whatever you put in the form. We store it in our inbox until the engagement (if any) ends, then we archive and encrypt it.
During engagements — a great deal, but it’s covered by a separate contractual agreement with the customer (typically a Master Services Agreement and Statement of Work). That agreement governs handling, retention, and destruction of all engagement artifacts. Findings and code samples never leave our infrastructure.
What we don’t collect
- We don’t run third-party analytics (Google, Meta, Hotjar, etc.)
- We don’t use marketing pixels
- We don’t sell or rent any data, ever
- We don’t share customer engagement details across customer boundaries
Retention
- Marketing-list emails (if you opted in): kept until you unsubscribe
- Contact-form submissions: 12 months, then deleted
- Engagement artifacts: per the contract, typically 12 months post-engagement, then cryptographically destroyed
Cookies
We use no cookies on this site. If your browser shows one, it isn’t us.
Your rights
Whether you’re in the EU, California, or anywhere else, you can ask us to:
- Show you what we have about you
- Correct anything wrong
- Delete it
Email privacy@yeti.security. We aim to respond inside one business day; statutory deadlines are 30 days.
Changes
We’ll update this page if our practices change. The date at the top reflects the last edit. Material changes go in our journal.
Contact
- General privacy questions — privacy@yeti.security
- EU representative / GDPR — same address, mark “GDPR” in the subject
- Legal address — Yeti.Security, 1810 Blake St, Suite 400, Denver CO 80202