Privacy Policy

This Privacy Policy explains how 10x National Security collects, uses, shares, protects, and retains personal information when you visit our website, contact us, apply for roles, attend events, visit our facilities, or otherwise interact with us.

For privacy questions, data rights requests, deletion requests, or other privacy-related inquiries, contact us at privacy@10xnationalsecurity.com.

Last updated: May 18, 2026

Scope

This policy applies to personal information handled by 10x National Security in connection with our website, business development, recruiting, events, security operations, and related business activities. It does not apply to third-party websites, platforms, or services that we do not control.

If we provide additional privacy notices for a specific product, service, application, employment process, or contract, those notices may supplement or supersede this Privacy Policy for the applicable activity or relationship.

Personal information we collect

The personal information we collect depends on how you interact with us. It may include:

• Contact and identity information, such as name, email address, phone number, mailing address, employer, title, organization, and professional profile information.
• Business communications, such as messages, requests, meeting notes, feedback, event registrations, and information you provide when contacting us.
• Recruiting and employment information, such as resume or CV details, education, work history, qualifications, references, interview notes, compensation expectations, eligibility to work, veteran status where voluntarily provided, and other information needed to evaluate candidates.
• Security and facility information, such as visitor logs, badge records, access records, camera footage where used, and information needed to protect personnel, facilities, systems, and sensitive projects.
• Technical and usage information, such as IP address, browser type, device identifiers, operating system, referring pages, pages viewed, timestamps, approximate geolocation derived from IP address or network information, and website interaction data.
• Compliance and diligence information, such as information needed for supplier, subcontractor, partner, customer, export control, sanctions, procurement, security, or regulatory reviews.
• Sensitive information, only where appropriate and permitted, such as government identification, citizenship or immigration status, security clearance information, disability or accommodation information, health or safety information, or demographic information voluntarily provided in recruiting or compliance contexts.

We do not intentionally collect sensitive personal information through this website unless you choose to provide it or it is necessary for a specific business, security, legal, or employment purpose.

Sources of information

We may collect information:

• directly from you, such as through messages, forms, applications, calls, meetings, or events;
• automatically through our website and security systems;
• from service providers, recruiting platforms, professional networks, references, background check providers, or public sources;
• from customers, suppliers, contractors, partners, government entities, or other organizations involved in our work.

Cookies and similar technologies

Our website may use cookies, server logs, analytics tools, pixels, tags, or similar technologies to operate the website, understand website performance, remember preferences, diagnose issues, protect against abuse, and improve visitor experience.

Based on the current implementation of our public website, we do not use third-party advertising pixels, cross-site retargeting tags, or session replay tools. If we add technologies such as Google Analytics, Microsoft Clarity, HubSpot, LinkedIn Insight Tag, Meta Pixel, or similar services, we will update this policy and provide any legally required notice, consent, or opt-out mechanism.

You can adjust cookie settings through your browser controls. Some features may not function properly if cookies are disabled. Where legally required, we recognize browser-based opt-out preference signals such as Global Privacy Control (GPC).

How we use personal information

We may use personal information to:

• operate, maintain, secure, and improve our website, facilities, systems, and business operations;
• respond to inquiries, requests, proposals, and business opportunities;
• communicate with customers, partners, suppliers, candidates, visitors, and other contacts;
• evaluate vendors, subcontractors, partners, and potential business relationships;
• process job applications, evaluate candidates, conduct interviews, and support recruiting;
• manage events, meetings, facility access, visitor records, and physical security;
• protect the safety, security, and integrity of personnel, facilities, information, products, systems, and networks;
• detect, prevent, investigate, or respond to fraud, cyber incidents, misuse, policy violations, or unlawful activity;
• comply with contracts, procurement requirements, export controls, sanctions rules, employment laws, national security obligations, legal process, and regulatory requirements;
• maintain records, perform audits, enforce agreements, resolve disputes, and defend legal claims;
• analyze website performance, trends, and business operations, including through aggregated or de-identified information.

We do not sell personal information.

Legal bases for processing

Where privacy laws require a legal basis for processing, we rely on one or more of the following bases:

• performance of a contract or steps taken before entering into a contract;
• our legitimate interests, such as operating our business, improving our website, protecting systems and facilities, recruiting, and communicating with business contacts;
• compliance with legal obligations;
• protection of vital interests, safety, security, national security interests, or public interest where applicable;
• your consent, where required or appropriate.

You may withdraw consent where processing is based on consent, but withdrawal will not affect processing that occurred before withdrawal or processing based on another lawful basis.

How we share information

We may share personal information with:

• Affiliates and related entities, where needed for business operations, security, recruiting, compliance, or administration.
• Service providers and subprocessors, such as cloud hosting providers, content delivery networks, analytics providers, cybersecurity providers, communications providers, recruiting and background check providers, identity providers, AI service providers, payment processors, legal, accounting, consulting, insurance, and other operational providers.
• Customers, partners, suppliers, and contractors, where needed to evaluate, perform, or support business relationships and contracts.
• Government, law enforcement, national security, regulatory, or public authorities, where required or appropriate under law, contract, procurement, security, or legal process.
• Professional advisors, such as attorneys, auditors, accountants, insurers, consultants, and other advisors.
• Transaction parties, such as potential investors, lenders, acquirers, successors, or advisors in connection with a financing, merger, acquisition, reorganization, sale of assets, or similar transaction.
• Other parties with your direction or consent, or where disclosure is necessary to protect rights, safety, security, property, or legal interests.

We do not knowingly sell personal information for money. We also do not knowingly share personal information of children under 16 for cross-context behavioral advertising.

If we offer hosted products, customer portals, or software-as-a-service environments, we may use additional service providers or subprocessors to host, secure, operate, support, monitor, and improve those services. Product-specific privacy, security, data processing, or customer agreement terms may provide additional details.

International transfers

10x National Security is based in the United States. If you access our website or interact with us from outside the United States, your personal information may be processed in the United States and other countries where we or our service providers operate.

Where required, we use appropriate safeguards for international transfers, which may include contractual commitments, data protection agreements, standard contractual clauses, or other mechanisms permitted by law.

Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, loss, misuse, or destruction. These safeguards may include access controls, logging, encryption, security monitoring, personnel training, vendor diligence, and incident response procedures.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Data retention

We retain personal information for as long as reasonably necessary to fulfill the purposes described in this policy, comply with legal obligations, support security and audit requirements, perform contracts, resolve disputes, enforce agreements, and maintain business records.

Retention periods may vary based on the type of information, the context in which it was collected, legal requirements, contract requirements, security needs, and whether the information is needed for an active relationship, investigation, claim, or dispute. When information is no longer reasonably needed, we may delete, de-identify, aggregate, archive, or securely retain it as permitted or required by law.

Examples of typical retention periods include:

• recruiting records are generally retained for up to three years after the recruiting process ends, unless a longer period is needed for legal, audit, security, or talent pipeline purposes;
• website and security logs are generally retained for up to twenty-four months, unless needed for security investigations, incident response, legal holds, or compliance requirements;
• visitor records are generally retained for up to two years, depending on facility, customer, and security requirements;
• security camera footage, where used, is generally retained for up to ninety days unless needed for security, legal, safety, or investigative purposes;
• business contact and contract records are retained for the life of the relationship and for a reasonable period afterward for audit, compliance, dispute resolution, and recordkeeping purposes.

De-identified and aggregated information

We may create de-identified, anonymized, or aggregated information from personal information and use it for analytics, security, research, reporting, and business purposes. We will not attempt to re-identify de-identified information except as permitted by law, such as to test whether de-identification measures are effective.

Job applicants and recruiting

If you apply for a role with 10x National Security, we may use application materials and related information to evaluate your candidacy, communicate with you, conduct interviews, verify qualifications, perform background or reference checks where appropriate, support hiring decisions, comply with employment-related obligations, and maintain recruiting records.

We may collect sensitive information during recruiting only where relevant and permitted, such as work authorization, security clearance information, disability accommodation information, voluntary demographic information, or legally required employment information.

We may use automated tools, including AI-assisted systems and third-party service providers, to help organize, summarize, validate, analyze, or process candidate information in support of recruiting and operational workflows. We do not make solely automated employment decisions without human involvement.

Facility visitors and security

If you visit a 10x National Security facility or attend an in-person event, we may collect information needed to manage access, verify identity, protect personnel and facilities, comply with customer or government requirements, and maintain security records. This may include visitor logs, access records, badge information, host information, arrival and departure times, and security camera footage where used.

If we record calls, meetings, events, or interviews, we will provide notice where required by law or practical in the context.

Your choices and rights

Depending on where you live, you may have rights to request access, correction, deletion, restriction, objection, portability, or withdrawal of consent for certain personal information. You may also have the right to appeal certain privacy-related decisions or lodge a complaint with a data protection authority.

To make a request, contact us at privacy@10xnationalsecurity.com. We may need to verify your identity and authority before fulfilling a request. Some information may be retained or exempt from a request where permitted or required by law.

United States state privacy rights

Certain U.S. state privacy laws, including California privacy law, may provide residents with rights regarding personal information. Depending on your state and our legal obligations, these rights may include:

• the right to know or access personal information we collect, use, disclose, sell, or share;
• the right to request deletion of personal information;
• the right to correct inaccurate personal information;
• the right to opt out of certain sales, sharing, targeted advertising, or profiling;
• the right to limit the use or disclosure of sensitive personal information in certain circumstances;
• the right not to receive discriminatory treatment for exercising privacy rights;
• the right to use an authorized agent, where permitted by law.

We do not sell personal information for money. Based on the current implementation of our public website, we do not use third-party advertising pixels, cross-site retargeting tags, or session replay tools. If future advertising or analytics technologies are considered a “sale,” “sharing,” or targeted advertising under applicable law, eligible individuals may have the right to opt out through browser controls, legally recognized opt-out preference signals such as GPC where required, or by contacting us.

California notice at collection

For California residents, the categories of personal information we may collect are described in “Personal information we collect” above. The purposes for collection and use are described in “How we use personal information.” The categories of third parties to whom we may disclose personal information are described in “How we share information.” Retention practices are described in “Data retention.”

We may collect identifiers, professional or employment information, internet or network activity information, geolocation information derived from IP address, audio/visual information where security cameras or calls are used, education information, inferences drawn from the above, and sensitive personal information where appropriate for recruiting, security, compliance, or legal purposes.

European Economic Area, United Kingdom, and similar jurisdictions

If you are located in the European Economic Area, United Kingdom, Switzerland, or another jurisdiction with similar data protection laws, you may have rights to access, correct, delete, restrict, object to, or receive a copy of certain personal information. You may also have the right to object to direct marketing and to lodge a complaint with your local supervisory authority.

Where we rely on legitimate interests, those interests may include website operation, security, business communications, recruiting, partner and supplier management, legal compliance, fraud prevention, and protection of our personnel, facilities, systems, and information.

Australia and other international privacy rights

If you are located in Australia or another jurisdiction with privacy rights, you may have rights to request access to personal information, request correction, object to certain processing, or make a privacy complaint. We will respond to requests consistent with applicable law.

Children

Our website is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us so we can take appropriate action.

Third-party links and services

Our website may link to third-party websites, platforms, job boards, social media pages, or other services. We are not responsible for the privacy practices, security, or content of third-party services. Review their privacy notices before providing information to them.

Website submissions

Do not send classified, export-controlled, proprietary, sensitive, or confidential information through public website channels unless we have expressly authorized that transmission method in writing. Information submitted through public website channels may not be treated as confidential unless a separate written agreement applies.

Changes to this policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last updated” date above. Your continued use of or interaction with the website after changes become effective means the updated policy applies where permitted by law.

Contact

For privacy questions or requests, contact 10x National Security at privacy@10xnationalsecurity.com.