Fractional CISO for Startups

Effective date: September 15, 2025Who we are
Northwoods Global Advisors (“NWGA”, “we”, “us”, “our”) provides fractional/vCISO and security advisory services to startups and small companies. If you have questions, email michael [at] nwglobaladvisors.com.Information we collect
You give us:
• Contact form / email / booking: name, email, company, message, and call details you choose to share.
• Newsletter (Substack): email address and preference settings (managed by Substack).
• Downloads & resources: if a resource is gated by email, we collect the address you provide.We collect automatically (site analytics):
• Basic traffic data (page views, referrers, device/browser info).
• We do not run ads or behavioral advertising.Note: We may use a privacy-respecting analytics tool (e.g., Plausible, which is cookie-free) or Google Analytics. We do not combine analytics with advertising IDs.How we use information
• Respond to inquiries and deliver requested resources.
• Provide services you ask for (e.g., scheduling a call).
• Operate and improve our website and content.
• Communications you opt into (newsletter/updates).
• Legal, security, and fraud prevention purposes.Legal bases (EEA/UK visitors)
We process personal data when one of these applies: consent (e.g., newsletter), contract (to respond/provide services you request), legitimate interests (site operations, security), and legal obligations.Sharing and processors
We don’t sell your personal information. We share it only with service providers who help us run the site and deliver what you requested, such as:
• Carrd (website hosting/build)
• Substack (newsletter subscriptions and post delivery)
• Calendly or similar (call scheduling)
• Analytics (e.g., Plausible or Google Analytics)
• Email provider (sending/receiving email)
• Blog feed display (an RSS widget or API to show recent posts)These providers process data on our instructions and under appropriate safeguards.International transfers
Our service providers may process data in the U.S. and other countries. We rely on appropriate safeguards (e.g., standard contractual clauses) provided by those services when required.Data retention
• Contact & inquiries: typically up to 24 months after our last interaction (so we can follow up and track context), unless you ask us to delete earlier.
• Newsletter: until you unsubscribe (managed by Substack).
• Booking details: as long as needed to coordinate the call and for routine business records.
• Analytics: per the provider’s default retention (aggregate/anonymous where possible).Your choices & rights
• Unsubscribe from the newsletter at any time via Substack.
• Opt out of non-essential cookies (if we use them) via your browser or any consent tool we provide.
• Access, correct, or delete your information: email [email protected].
• Depending on your location, you may have additional rights (e.g., data portability, objection). We’ll honor applicable law.Cookies and tracking
Our site uses only the scripts we need to operate (e.g., analytics, embedded forms, or the blog feed). If we use cookie-free analytics (like Plausible), no personal data is stored in cookies. If we use Google Analytics, it may set cookies for measurement—your browser settings and any consent banner we provide control that behavior.Security
We use reasonable administrative, technical, and organizational measures to protect personal information. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.Children
Our site and services are not directed to children under 16, and we do not knowingly collect their personal information.Changes to this policy
We may update this policy from time to time. We’ll post the updated version with a new Effective date.Contact
Questions or requests: michael [at] nwglobaladvisors.com