Giga-Green Giga-Green

Privacy Policy

By Giga-Green , CMMC Consulting Team Last updated

Last updated: July 7, 2026.

Giga-Green Technologies, Inc. (“Giga-Green”, “we”, “us”, or “our”) operates giga-green.com (the “Site”). This Privacy Policy explains what information we collect from visitors and clients, how we use it, who we share it with, and the choices you have.

By using the Site, you agree to the practices described here. If you do not agree, please do not use the Site.

Who we are

Giga-Green Technologies, Inc. is a U.S.-based CMMC consulting firm headquartered in North Dakota, with additional presence in Minnesota and Arizona. You can reach us at info@giga-green.com or +1 (701) 630-7188.

What this policy does and does not cover

This Privacy Policy covers information you submit through this Site and information collected automatically as you use it.

It does not cover information exchanged with us during a consulting engagement under a separate written agreement (e.g., System Security Plans, POA&Ms, Controlled Unclassified Information, or other client-provided data). Client engagement data is governed by that separate agreement and by the DFARS, CMMC, and NIST 800-171 requirements that apply to it. Client-provided CUI is never processed through this marketing website or its analytics/CRM tooling.

Categories of personal information we collect

We collect the following categories of personal information from Site visitors:

  • Identifiers. Name, business email address, business phone number, employer / organization name, job title.
  • Commercial information. Interest in specific services (inferred from the pages you visit and the forms you submit), scheduled meeting requests.
  • Internet or network activity. IP address (used to derive approximate geolocation, then discarded per our analytics provider’s settings), pages viewed, referring URL, browser type, device type, timestamps.
  • Inferences. Aggregated inferences about your interest in CMMC consulting drawn from the categories above.

We do not knowingly collect sensitive personal information (as defined by the California Privacy Rights Act) through this Site, such as government identifiers, precise geolocation, financial account details, race, religion, health information, biometric information, or content of private communications. Do not submit sensitive personal information through Site forms.

Sources of information

  • Directly from you — when you fill in a form, book a meeting, send us an email, or call us.
  • Automatically as you use the Site — cookies, log files, and analytics/advertising tags, as described below and only after cookie consent for non-essential tools.
  • From service providers acting on our behalf, including HubSpot (CRM and forms), Google Analytics 4 (site usage measurement), Meta / Facebook (advertising measurement and audiences), and LinkedIn (advertising measurement and audiences).

How we use information

We use the personal information we collect to:

  • Respond to your inquiry, schedule a meeting, or fulfill a resource request (e.g., emailing you a webinar recording or a downloadable CMMC template).
  • Maintain continuity in our customer relationship management system across separate visits or interactions.
  • Understand which parts of the Site are useful, which are not, and where visitors leave — so we can improve the content.
  • Comply with legal obligations, including responding to lawful requests from public authorities.
  • Detect, prevent, and respond to fraud, security incidents, and misuse of the Site.

Legal bases (for visitors covered by the EU/UK GDPR): we rely on your consent for optional cookies and marketing communications; on legitimate interests for essential site operation, security, and basic analytics; and on contractual necessity for follow-up after you initiate contact with us.

How we share information

We share personal information only with the service providers required to operate this Site and our business:

  • HubSpot, Inc. — CRM, marketing automation, forms, live chat, and meeting scheduling.
  • Google LLC (Google Analytics 4) — site usage measurement, with IP anonymization enabled.
  • Meta Platforms, Inc. (Facebook / Instagram) — the Meta Pixel measures our advertising performance and enables audience matching on Facebook and Instagram.
  • LinkedIn Corporation — the LinkedIn Insight Tag measures our advertising performance and enables audience matching on LinkedIn.
  • Railway Corp. — website hosting.
  • Microsoft Corporation — email delivery (info@giga-green.com and support@giga-green.com are hosted on Microsoft 365).

Each provider processes personal information only on our instructions and under contractual privacy commitments. We do not sell personal information for monetary consideration. However, our use of the Meta Pixel and LinkedIn Insight Tag for advertising measurement and audience matching may be considered “sharing” for cross-context behavioral advertising under the California Privacy Rights Act (CPRA). Because these tags only load after you accept our cookie banner, you exercise your opt-out right by declining (or subsequently revoking) that consent — see the “Cookies and similar technologies” section below.

Other than the categories listed above, we do not share personal information with third parties, except:

  • With your consent.
  • When required to comply with law, legal process, or a lawful government request.
  • To protect the rights, property, or safety of Giga-Green, our clients, our personnel, or the public.
  • In connection with a merger, acquisition, or sale of assets, in which case any successor will be bound by this Policy or an equivalent one.

Cookies and similar technologies

We use two categories of cookies and similar technologies:

  • Strictly necessary — cookies required for the Site to function, including one that records your response to the consent banner so we do not re-prompt you. These do not require consent under most privacy laws.
  • Analytics — Google Analytics 4 and HubSpot cookies used to measure site usage and support CRM continuity.
  • Advertising — Meta (Facebook) Pixel and LinkedIn Insight Tag cookies used to measure the effectiveness of our ads and to match visitors to advertising audiences.

None of the analytics or advertising cookies load until you accept the consent banner. If you reject the banner, no analytics, marketing, or advertising cookies are set and no per-visitor tracking data is sent to those providers.

You can withdraw consent at any time by clearing this Site’s cookies in your browser; you will be re-prompted on your next visit.

We honor the Global Privacy Control (GPC) signal where applicable. Under our current implementation, all analytics and advertising cookies are opt-in, so GPC’s practical effect is the same as declining the consent banner. We do not currently respond to legacy “Do Not Track” browser signals because there is no consensus standard for their handling.

Data retention

  • Form submissions and CRM data are retained in HubSpot for as long as needed to support the client relationship, and thereafter as required for our contractual, tax, and legal obligations. Our internal data retention policy is 7 years by default.
  • Analytics data in Google Analytics 4 is retained per the platform default (14 months) unless we adjust that configuration.
  • Server access logs kept by our hosting provider are retained for a rolling window (typically 30 to 90 days) for security and operational purposes.

Your privacy rights

Depending on where you live, you may have rights under privacy laws that apply to your personal information. These rights typically include:

  • Right to know / access. Confirmation of whether we process your personal information, and access to that information.
  • Right to correct. Correction of inaccurate personal information.
  • Right to delete. Deletion of personal information, subject to legal exceptions.
  • Right to opt out of sale or sharing. We do not sell personal information for monetary consideration. Our use of the Meta Pixel and LinkedIn Insight Tag may be considered “sharing” for cross-context behavioral advertising. You exercise your opt-out by declining our cookie banner (or clearing this Site’s cookies so the banner re-prompts you). We honor the Global Privacy Control (GPC) signal for the same purpose.
  • Right to limit use of sensitive personal information. We do not knowingly collect sensitive personal information through this Site.
  • Right to portability. A copy of your personal information in a portable format, where applicable.
  • Right to non-discrimination. We will not discriminate against you for exercising any of these rights.
  • Right to appeal. If we deny a request, you may appeal our decision by replying to the denial. If the appeal is denied and you are in a jurisdiction that allows further recourse, we will provide contact information for the applicable regulator.

Residents of California, Colorado, Connecticut, Virginia, Utah, Texas, and other U.S. states with comprehensive privacy laws may exercise the rights above by emailing info@giga-green.com. We will respond within the timeframes required by applicable law (typically 45 days, extendable once for another 45 days when reasonably necessary).

Residents of the European Economic Area, the United Kingdom, and Switzerland may also exercise rights under the GDPR / UK GDPR / Swiss FADP, including the right to lodge a complaint with your local supervisory authority.

Verifying your request. To protect your information, we will take reasonable steps to verify your identity before honoring a rights request. This may include asking you to confirm information we already hold about you, or using a verified email address on file.

Authorized agents. You may designate an authorized agent to make requests on your behalf. We will require reasonable proof of the agent’s authority (such as a signed permission or a power of attorney) before responding.

Automated decision-making

We do not use personal information collected through this Site for automated decision-making or profiling that produces legal or similarly significant effects.

International data transfers

Giga-Green is based in the United States. If you access the Site from outside the U.S., your information will be transferred to and processed in the U.S. Where required, our service providers rely on Standard Contractual Clauses or an equivalent lawful transfer mechanism to transfer personal information from the EEA, UK, or Switzerland to the U.S.

Security

We follow the NIST 800-series security practices we recommend to clients. That includes:

  • Access controls on internal systems.
  • Encryption in transit for Site traffic (HTTPS/TLS 1.2+).
  • Multi-factor authentication for administrative accounts.
  • Vendor selection focused on providers with FedRAMP or equivalent security postures.
  • Consent-gated analytics so no per-visitor tracking loads until a visitor accepts the cookie banner.

No system is perfectly secure. If you believe you have found a security issue with the Site, please review our disclosure contact in /.well-known/security.txt.

Security incident notification. In the event of a data breach that affects your personal information, we will notify you and the relevant regulators as required by applicable law.

Children’s privacy

This Site is not directed to children under 16 and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

The Site contains links to third-party websites (e.g., government CMMC resources, NIST publications, DoD portals). This Privacy Policy does not apply to those websites. We are not responsible for the content or privacy practices of any third-party site.

Governing law and disputes

This Privacy Policy is governed by the laws of the State of North Dakota, without regard to its conflict-of-laws principles. Any dispute arising out of or related to this Policy will be resolved as set out in our Terms and Conditions, including the Governing Law and Dispute Resolution provisions there.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will change the “Last updated” date above. Material changes will be highlighted at the top of the page for at least 30 days after they take effect. Your continued use of the Site after an update takes effect constitutes acceptance of the updated Policy.

Contact

Questions about this Privacy Policy, or requests to exercise your privacy rights?

  • Email: info@giga-green.com
  • Phone: +1 (701) 630-7188
  • Postal mail: Available on request. Please email us and we will provide the current mailing address for privacy correspondence.