Privacy is the work itself.
We're a senior security consulting practice. Discretion isn't a setting on this site - it's the operating model. This page is the public-facing version of how we handle client engagement information, public disclosure, and visitor data.
Every engagement is conducted under NDA.
Before we exchange anything that could identify a client, scope a problem, or describe their environment, we sign a mutual non-disclosure agreement. That includes the work we do, the deliverables we produce, the conversations that surround them, and the existence of the engagement itself.
We do not publish case studies. We do not name clients. We do not anonymize and publish engagement narratives. The nature of the work - the timing, scale, and circumstances of many engagements - would make clients immediately identifiable even with names omitted, which our NDAs specifically prohibit.
Practitioner credentials, references, representative case work, and experience summaries are shared during qualified conversations under NDA. Public materials on this site, in collateral, and in marketing exist to introduce the practice - not to detail it.
If a client wants to talk about it, that's their call.
The confidentiality posture above runs in one direction: we don't speak about clients without permission. Clients are free to speak about their own engagements however and whenever they choose.
If a client wishes to publish, reference, or publicly acknowledge work done with MCT Security - a press release, a conference talk, a regulatory filing, a board narrative, a case study from their side, a quoted attribution - we'll partner, participate, cooperate, review, and accommodate as appropriate. Where the request requires our material, our time, or our approval, we'll work to get it right.
The default is silence on our end. The exception is the client's choice.
What this site does (and doesn't) collect.
This site is intentionally lean. We don't run a contact form, a chat widget, or a marketing pixel.
What does happen:
- Analytics - we use Google Analytics (GA4) to understand how visitors find and use this site: which pages are visited, how long people stay, what country and device type they're using, and how they arrived. This data is aggregated and used to improve the site. We do not use it for advertising, behavioural profiling, or remarketing. Google's privacy policy governs their handling of analytics data: policies.google.com/privacy.
- Hosting logs - this site is hosted on Cloudflare Pages. Cloudflare keeps short-term operational logs (IP address, request timing, user agent) for security, abuse prevention, and debugging. These are not used for advertising or behavioural profiling. Cloudflare's privacy and log retention policies are described at cloudflare.com/privacypolicy.
- Email contact - if you write to us, your email and whatever you include lives in our mail system. We treat that conversation the same way we treat any pre-NDA conversation: with discretion.
- Phone contact - calls to our toll-free or international lines are answered by live operators. We don't record calls without telling you.
If we add heatmaps, session replay, embedded widgets, marketing pixels, or any other visitor-level telemetry beyond the analytics described above, this page will be updated to describe exactly what's collected, how long it's kept, and who has access. The change will happen before the tooling goes live, not after.
What we haven't been asked.
We don't take engagements that draw the attention of national-security or counter-intelligence law enforcement, and we don't expect clients to. We do, however, operate in a space where some of our clients reasonably want to know what we've been compelled to disclose - silently or otherwise - about engagements that touch theirs. This section exists for them.
As of 29 May 2026, MCT Security has not:
- Received a National Security Letter (NSL).
- Received an order from the Foreign Intelligence Surveillance Court (FISA) or any analogous secret court.
- Received any other classified or gag-ordered legal process directed at MCT Security or its principals.
- Been compelled to provide client information, work product, or engagement records under any order that prohibited disclosure of the order's existence.
- Been required to install, host, or operate monitoring, surveillance, backdoor, or other compromise tooling at the direction of any government agency.
- Had any of the foregoing accompanied by a prohibition on telling our clients, our counsel, or the public about it.
This statement is reaffirmed on a routine cadence. If you are reading this page and the date above is more than 30 days old, treat the absence of a recent reaffirmation as informative - not as a confirmation that nothing has changed.
If this entire section disappears from the page, read into that what you need to. The mechanics of a warrant canary mean we cannot, and will not, tell you why it's gone. Removal is not a routine edit - it is the only signal the law permits us to give. Calendar the date above, watch for its return, and draw your own conclusions in its absence.
Separately, we do cooperate with lawfully issued, publicly known legal process - subpoenas, search warrants, court orders served through normal channels - and we will tell affected clients about such process to the extent the law permits. The canary above is specifically about secret compulsion and the gag orders that typically accompany it. That distinction matters.
Asking us to forget you.
If you've contacted us and would like the email thread, your contact details, or any other information we hold about you deleted, write to info@mctsecurity.com and ask. We'll do it within a business day and confirm when it's done. No process, no portal, no jurisdictional games.
For active or recent client engagements, deletion is governed by the engagement agreement and any retention obligations it specifies. Talk to your principal contact.
When this page changes, it'll change visibly.
If we add a tool, a service, or a practice that affects what's collected or how it's used, this page is updated first and a dated note added at the top. We don't track this kind of change for SEO; we track it because it's the right way to operate.
Questions about anything on this page: info@mctsecurity.com.