Privacy Policy

1. Introduction

Overview & Scope

Keith Makan Security Consultancy ("KMSEC", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy informs you about how we handle your personal data when you visit our website or engage with our consultancy services, and outlines your privacy rights in accordance with the Protection of Personal Information Act (POPIA) of South Africa.

2. Information We Collect

Data Categories

During the course of our professional engagements—ranging from secure source code reviews to deep-dive manual security assessments—we may collect, use, store, and transfer different kinds of data, including:

  • Identity & Contact Data: First name, last name, professional title, email address, and corporate contact details.
  • Technical & System Data: IP addresses, application architectures, binary configurations, and source code fragments strictly relevant to active assessments.
  • Communications Data: Information shared during project scoping, Statements of Work (SOW), and general correspondence.

3. How We Use Your Data

Purpose of Processing

We will only use your data when legally permitted. Primarily, your information is utilized to:

  • Execute specialized penetration testing, reverse engineering, and consultancy services.
  • Deliver confidential security reports and vulnerability analysis.
  • Manage our client relationship, billing, and contractual obligations.
  • Comply with binding legal and regulatory requirements.

4. Data Security

Protection Measures

Given the sensitive nature of our work, KMSEC employs strict, industry-leading technical and organizational measures to secure your data against unauthorized access, alteration, disclosure, or destruction. Project-specific artifacts (such as decompiled binaries or identified exploit paths) are heavily restricted, encrypted in transit and at rest, and accessible only to authorized personnel bound by strict non-disclosure obligations.

5. Data Retention

Storage Lifecycle

We retain personal and technical data only for as long as necessary to fulfill the purposes for which it was collected. Upon the conclusion of a security assessment and the expiration of our contractual reporting windows, client-specific vulnerability data, source code, and binaries are securely purged from our active analysis environments.

6. Your Legal Rights

POPIA Compliance

Under POPIA, you have rights in relation to your personal data, including the right to request access to, correction of, erasure of, or restriction of the processing of your personal data. If you wish to exercise any of these rights, please contact us directly.