Skip to Content

FORTRESS21 – PRIVACY POLICY

Personal information collection statement (PICS) last updated: 12/19/25

1. Our Commitment to Privacy

Fortress21 respects your digital asset sovereignty. We operate on a principle of data minimization: we only collect what is absolutely necessary to provide our service, and we retain it for the shortest time possible.

2. What We Collect

We may collect the following personal data:

  • Contact information: Name (or pseudonym) and email address (required for booking confirmation and communication links).

  • Technical data: Limited information provided during assessments (e.g., hardware models used, operating systems) necessary to design your security architecture.

  • Payment data: The data we collect depends entirely on your chosen payment method:

    • BTCPay Server (Digital asset on-chain): We collect only the invoice ID and technical procedure hash. This is our most private option.

    • Stripe (Credit Card / Fiat): If you pay via credit card, your payment is processed directly by Stripe. We do not view or store your full card number, CVC, or expiry date. Stripe may collect additional metadata (such as your IP address) for fraud prevention.

IMPORTANT: We never ask for, collect, or store your access credentials, master recovery keys, passwords, or PIN codes.

2.1. Data We DO NOT Collect

To allow for full transparency regarding our non-custodial nature:

  • We do not collect or store your acquisition history, asset balance, or financial technical procedure logs.

  • We do not process asset acquisitions, and therefore do not collect banking wire information related to asset acquisition.

3. How We Use Your Data

We use the collected data strictly for the following purposes:

  • To schedule and conduct your consultation (via third-party tools such as Cal.com).

  • To process payments and generate invoices.

  • To communicate important security updates (only if you explicitly opt-in to our newsletter or retainer service).

4. Cookies and Usage Data

4.1. Website Cookies

Our website may use essential cookies to ensure proper functionality (e.g., keeping your booking slot active). We do not use third-party tracking pixels for advertising purposes.

4.2. Analytics

If we analyze website traffic, we use privacy-focused, anonymized analytics tools that do not scrape personal data or track your movements across the web.

5. Data Sharing and International Transfers

5.1. Third-Party Service Providers

We do not sell, trade, or rent your personal data. We share data with trusted service providers solely for operational purposes. These include:

  • Scheduling: Cal.com

  • Video conferencing: Jitsi (integrated via Cal.com) as our primary secure video channel.

  • Backup communication: We may use Zoom or Google Meet as a backup purely if technical issues arise, and only with your explicit consent.

  • Payment processing:

    • BTCPay Server: Self-hosted and private.

    • Stripe: Third-party credit card processor. Governed by the Stripe privacy policy.

5.2. Cross-Border Transfer

You acknowledge that because we utilize global software providers (SaaS), your data (such as your email address for a calendar invite) may be transferred to and processed in jurisdictions outside of Hong Kong. We select providers that maintain high standards of data security.

6. Data Security and Destruction

6.1. Security Measures

We employ industry-standard encryption (TLS/SSL) for communication and store sensitive client files in encrypted, offline environments where possible. Access to client data is restricted strictly to authorized personnel handling your case.

6.2. Post-Consultation Destruction

Upon the conclusion of your engagement and the expiry of any warranty period, Fortress21 actively deletes technical notes and architectural diagrams related to your specific architecture, retaining only the basic technical procedure data required for Hong Kong tax and accounting compliance.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected or to comply with legal/accounting requirements in Hong Kong (typically 7 years for financial records).

8. Your Rights

Under the Personal Data (Privacy) Ordinance (PDPO) of Hong Kong, you have the right to:

  • Request access to the personal data we hold about you.

  • Request correction of any inaccurate data.

  • Request the deletion of data (where not overridden by legal compliance).

To exercise these rights, please contact our data protection officer at: fortress21@fortress21.com