Privacy Policy

---

Owner and Data Controller:

Oc2pi LLC

3223 Avent Ferry Rd STE A0F - Suite 213

Raleigh, NC 27606

Effective Date (Last Updated): October 30, 2025

1. Types of Data Collected

Among the types of Personal Data this website ("Application") collects, either directly or through third parties, are: Cookies, Usage Data, first name, last name, phone number, company name, profession, address, and email address.

• Voluntary Data: Personal Data may be freely provided by the User, such as when submitting a contact form.
• Automatic Data: Usage Data and Cookies are collected automatically when using this Application.
• Mandatory Data: Unless specified otherwise, all Data requested by this Application is mandatory, and failure to provide this Data may make it impossible for us to provide our services. Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
• Cookies and Tracking: Any use of Cookies or other tracking tools by this Application serves the purpose of providing the service required by the User, in addition to other purposes described in this policy and in the Cookie Policy (if available).
• Third-Party Data: Users are responsible for any third-party Personal Data obtained, published, or shared through this Application and must confirm that they have the third party’s consent to provide the Data to the Owner.

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The Data processing is carried out using computers and IT-enabled tools, following organizational procedures strictly related to the purposes indicated.

In addition to the Owner, the Data may be accessible to certain types of persons in charge involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical1 service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.

The Data is processed at the Owner’s operating offices (Raleigh, NC) and in any other places where the parties involved in the processing are located.

Depending on the User’s location, data transfers may involve transferring the User’s Data to a country other than their own. Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or 2to any international organization (like the UN), and about the security measures taken by the Owner to safeguard their Data. If any such transfer takes place, inquire with the Owner for more information.

As a security consulting firm focused on higher education, we recognize and are committed to complying with all applicable federal and state data protection laws.

A. Client Confidentiality: Any non-public information, including security assessment results, vulnerability data, or proprietary business processes shared during a paid consulting engagement, is treated as highly confidential and is governed by the terms of our specific Service Agreement and Non-Disclosure Agreement (NDA).

B. FERPA Compliance: In our role as a vendor, contractor, or "School Official" (as defined under FERPA) for educational institutions, Oc2piLLC will never access, use, or re-disclose any Personally Identifiable Information (PII) from student education records except as strictly necessary to fulfill the services outlined in our contract with the institution and as explicitly permitted by FERPA regulations. We implement robust technical and organizational measures to safeguard this data in accordance with our contractual obligations.

The Owner may process Personal Data relating to Users if one of the following applies:3

• Users have given their consent for one or more specific purposes.4
• Provision of Data is necessary for the performance of an agreement with the Us5er and/or for any pre-contractual obligations thereof.
• Processing is necessary for compliance with a legal obligation to which the Owner is subject.
• Processing is related to a task that is carried out in the public interest or in the exercise of official authority.
• Processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.

Note for European Users: Where the processing of Personal Data is subject to European data protection law, we will always rely on one of the legal bases listed above.

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

• Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.6
  
• Personal Data collected for the purpos7es of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.
  
• Specificity of Retention: Where data is collected for internal purposes (e.g., website analytics, contact inquiries), we will generally retain that data for a period of 36 months to analyze trends and manage business operations, unless retention is mandated by law or for pending litigation.
• The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

The Data concerning the User is collected to allow the Owner to provide its Services, as well as for Analytics, Platform services and hosting, and Contacting the User.

Purpose Data Collected Services Used Place of Processing Contacting the User Address AddressAddress, company name, email address, first name, last name, phone number, and profession. Contact Form Owner's Operating Offices AnalyticsAnalytics (Monitoring web traffic and user behavior)Cookies and Usage Data. Google  Analytics (Google Inc.)United States (Privacy Shield participant)Platform services and hosting (Running key components of the website)Various types of Data as specified in their privacy policies.WordPress.com (Automattic Inc.)United States Various types of Data as specified in their privacy policies. SiteGround.com United States

By filling in the contact form with their Data, the User authorizes this Application to use these details to reply to requests for information, quotes, or any other kind of request as indicated by the form’s header.

Users may exercise certain rights regarding their Data processed by the Owner. You have the right to:

• Withdraw Consent: Withdraw consent at any time where you have previously given it for the processing of your Personal Data.
• Object to Processing: Object to the processing of your Data if the processing is carried out on a legal basis other than consent. (Note: You can object to processing for direct marketing purposes at any time without providing any justification.)
• Access Data: Learn if Data is being processed by the Owner and obtain a copy of the Data undergoing processing.
• Verify and Seek Rectification: Verify the accuracy of your Data and ask for it to be updated or corrected.
• Restrict Processing: Under certain circumstances, restrict the processing of your Data to only storage.
• Erase Data (Right to be Forgotten): Under certain circumstances, obtain the erasure of your Data.
• Data Portability: Receive your Data in a structured, commonly used, and machine-readable format and, if technically feasible, have it transmitted to another controller.
• Lodge a Complaint: Bring a claim before your competent data protection authority.

Any requests to exercise User rights can be directed to the Owner through the contact details provided below. These requests are free of charge and will be addressed as early as possible and always within one month.

The User’s Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action. The Owner may also be required to reveal personal data upon request of public authorities.

For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) or use other Personal Data (such as the IP Address) for this purpose.

This Application does not support “Do Not Track” requests. To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their respective privacy policies.

If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact us at:

Oc2pi LLC

3223 Avent Ferry Rd STE A0F - Suite 213

Raleigh, NC 27606

Email: info@oc2pi.com

Phone: 919-819-1681