PRIVACY AND DATA HANDLING

How Bedrock handles information submitted through this site.

This page describes what bedrocksafe.com collects, how it is processed, who processes it, how long it is retained, and how to make a request. Bedrock Security Advisory Group LLC operates this site. Questions about this policy can be sent to contact@bedrocksafe.com.

Public-channel handling discipline. Bedrock's public website, email, and contact forms are not approved channels for classified information, Controlled Unclassified Information (CUI), export-controlled technical data (ITAR/EAR), source-selection information, proprietary third-party data, or sensitive government information. Public submissions should remain unclassified and non-CUI. If a matter requires controlled handling, contact Bedrock by phone to establish the appropriate path before transmitting details.

What this site collects

Bedrock collects information you submit voluntarily through one of the following paths:

Contact and intake forms. Name, email, phone number (optional), company, role, scope of inquiry, and any additional notes you provide.
Capability and teaming inquiries. Same fields as contact, plus any documents you attach or content you paste.
Email correspondence. Anything you send to a Bedrock email address (contact@, teaming@, risk@, fcl@, careers@, kfunston@, phernandez@).
Server logs. Cloudflare Pages and our serverless functions retain standard request metadata (IP address, user agent, timestamp, request path) for operational, security, and abuse-mitigation purposes.

Bedrock does NOT solicit or accept Controlled Unclassified Information (CUI) or classified information through this site. Do not submit CUI or classified content through bedrocksafe.com. Classified or CUI material is handled out of band through cleared channels appropriate to the program.

Who processes the information

Bedrock uses the following third-party processors for site infrastructure and form handling:

Cloudflare hosts the site (Cloudflare Pages), provides the CDN and edge security layer, processes form submissions through Cloudflare Functions, stores intake records in Cloudflare KV, and processes bot-detection challenges through Cloudflare Turnstile. All public forms on bedrocksafe.com post to Bedrock-controlled Cloudflare Functions (no third-party form processor).
Resend is the transactional email provider for outbound confirmations and operator notifications.
Microsoft 365 / Outlook hosts the @bedrocksafe.com mailbox infrastructure.

How long Bedrock retains submissions

Active inquiries: retained while the engagement, pursuit, or relationship is active, plus a reasonable follow-up window (typically up to 24 months).
Closed inquiries that did not result in engagement: retained up to 12 months from last contact, then purged, unless a longer retention is required by an active legal or regulatory hold.
Engagement records: retained per the engagement letter and applicable record-retention requirements (typically 7 years for business records).
Server logs: retained per Cloudflare's default operational logs (typically rolling weeks to months) for security and abuse mitigation.

How Bedrock uses the information

To respond to your inquiry and schedule any scoping or capability conversation.
To execute engagement, teaming, NDA, or referral discussions you initiate.
To maintain operational and security records.
To comply with applicable legal, regulatory, and contractual obligations.

Bedrock does NOT sell, rent, lease, or trade submitted information. Bedrock does NOT use submissions for advertising or for third-party marketing.

Cookies and analytics

bedrocksafe.com uses minimal cookies. The Cloudflare edge layer and Cloudflare Turnstile may set short-lived cookies for security and challenge purposes. Bedrock does not run third-party advertising trackers. If a future change adds analytics, this policy is updated and posted with the effective date.

Security posture

Bedrock applies common operational security practices to the site infrastructure including TLS, security headers, edge bot mitigation, and rate limits where appropriate. The site separately publishes its security policy and disclosure path at bedrocksafe.com/security-policy and a security contact at /security.txt.

How to make a request

To request a copy of what Bedrock holds about you, to correct a submission, or to ask for deletion of a submission, email contact@bedrocksafe.com with subject line "Privacy request" and describe the request. Bedrock responds within 30 days. Some records (engagement records, records subject to a legal or regulatory hold) cannot be deleted while the obligation is active; Bedrock will tell you so explicitly and identify the basis.

Changes to this policy

Bedrock updates this policy when site infrastructure, processors, or retention practices change materially. The effective date appears at the top of the page. Material changes are also reflected in the site changelog and in the next published version of the capability statement.

Bedrock Security Advisory Group LLC · SDVOSB · UEI H323F8L44MV5 · CAGE 01R17
1674 S. Fishmarket Rd · McLoud, OK 74851 · contact@bedrocksafe.com · +1 937.301.9776
Effective 2026-06-01. Last updated 2026-06-01.