M4 Cyber Solutions logo M4 Cyber Solutions

Privacy Policy

Last updated: May 2026

1. Who we are

M4 Cyber Solutions is a cybersecurity professional services firm based in the United States. We conduct penetration testing, red team operations, wireless assessments, web application testing, physical security reviews, and security training. Our primary contact email is [email protected].

2. Information we collect

Contact form. When you submit our contact form we collect your name, email address, organization name (if provided), phone number (if provided), and the message content. This information is used solely to respond to your inquiry and scope a potential engagement.

Client portal. Authenticated clients access a private portal that contains engagement deliverables — including reports, findings, host inventory, wireless maps, and attack-path data. Portal accounts are created by M4 staff and tied to a specific engagement. Portal data is scoped to that engagement only.

Server logs. Our web server retains standard access logs (IP address, browser, pages visited, timestamps) for security and operational purposes. Logs are retained for 90 days.

3. How we use your information

  • To respond to contact form submissions and discuss potential engagements
  • To deliver agreed engagement deliverables via the client portal
  • To fulfill contractual obligations under a signed engagement agreement
  • To maintain the security and integrity of our systems

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Client portal data

Engagement data in the client portal (findings, host data, evidence artifacts, uploaded PDFs) is owned by the client and held in trust by M4 Cyber Solutions. Portal data is retained for 30 days following engagement close, after which it is securely deleted. Clients are responsible for downloading and retaining any deliverables they require before that window expires.

Portal access is restricted by authenticated login. Staff access to portal data is limited to personnel directly involved in your engagement.

5. Data security

We use HTTPS encryption for all data in transit. The client portal requires authenticated login. Passwords are hashed; we do not store cleartext credentials. Our systems are hosted on hardened infrastructure and access is restricted by role.

6. Cookies

Our website uses session cookies required for the client portal login functionality. We do not use third-party advertising or tracking cookies. If you do not log in to the portal, no persistent cookies are set.

7. Your rights

You may request access to, correction of, or deletion of personal information we hold about you by contacting us at [email protected]. We will respond within 30 days.

8. Third-party subprocessors

Our hosting infrastructure provider processes data on our behalf as a subprocessor in order to operate and deliver this service. No client engagement data is shared with subprocessors beyond what is necessary to operate the platform.

9. Changes to this policy

We may update this policy. Material changes will be communicated via email to active clients and posted here with an updated date.

10. Contact

For privacy questions: [email protected]  ·  571-469-1545

← Back to home