Effective Date: 2024-06-07 Last Updated: 2026-04-17
This Privacy Policy explains how Input Output, LLC ("iO," "we," "us," or "our") collects, uses, shares, and protects personal information when you visit https://www.inputoutput.com, interact with our products and services, or otherwise engage with us (collectively, the "Service").
We take privacy seriously. As a cybersecurity and information security firm, the way we handle your personal information is both a legal obligation and a reflection of the standards we hold ourselves to. This policy is written to be as clear as possible, to explain what we do, why we do it, and what rights you have.
If you do not agree with any part of this policy, please do not use the Service.
Summary at a Glance
We collect information you give us (name, email, company, payment details, and so on) and information we automatically receive when you use the Service (IP address, browser, pages viewed).
We use that information to provide and improve our Service, manage your account, fulfill contracts, respond to you, and send you communications you have consented to receive.
We share information only with service providers that help us operate the Service, with your consent, or as required by law.
You have rights under privacy laws, including the right to access, correct, delete, and port your information, and the right to opt out of marketing and certain types of sharing.
We retain information only as long as we need it, and we follow industry-standard security practices to protect it.
You can reach our privacy team at any time by contacting us.
Table of Contents
1. Who We Are and How to Contact Us
Data Controller: Input Output, LLC Mailing Address: 125 S State Road 7, Suite 104-#406, Wellington, FL 33414, United States General Phone: 844.487.8868 Website: Contact Us
For any question about this Privacy Policy, your personal information, or to exercise your privacy rights, please contact us. We respond to verified requests within the timeframes required by applicable law.
2. What Personal Information We Collect
We collect the following categories of personal information. The categories are organized to align with the California Consumer Privacy Act (CCPA/CPRA) statutory categories so California residents can clearly see what applies to them.
CCPA CategoryExamples of What We CollectSourceIdentifiersFull name, email address, phone number, IP address, account usernameFrom you, automaticallyPersonal information (Cal. Civ. Code § 1798.80(e))Mailing address, billing address, payment card or bank informationFrom youCommercial informationProducts or services purchased, subscriptions, order history, transaction recordsFrom you, from our systemsInternet or network activityBrowser type, pages viewed, referring URL, time and date of access, clickstream dataAutomaticallyGeolocation data (general)Approximate location derived from IP address (city or region level, not precise)AutomaticallyProfessional or employment informationCompany name, job title, business mailing addressFrom youInferencesPreferences and interests derived from interactions with the ServiceFrom our analysis
We do not knowingly collect: precise geolocation, biometric information, government-issued ID numbers (beyond what is needed for payment processing), racial or ethnic origin, religious beliefs, health information, sexual orientation, or any other "sensitive personal information" as defined by CPRA, unless you voluntarily provide it in a support request or similar communication. If you do provide such information to us, we process it only for the purpose you supplied it.
3. How We Collect Information
We collect information in the following ways:
Directly from you when you fill out a registration form, create an account, submit a contact or quote request, purchase a product or service, subscribe to our newsletter, leave a review, or otherwise communicate with us.
Automatically when you visit the Service, through cookies, server logs, analytics tools, and similar technologies (see the Cookies section below).
From service providers that help us operate the Service, such as payment processors, analytics providers, and marketing platforms. Those providers only share information with us to help us deliver the Service.
From publicly available sources such as business registries, LinkedIn, and professional directories, in limited circumstances for B2B marketing purposes.
4. Why We Process Your Information
We use your personal information for the following purposes. For each purpose we identify the applicable legal basis under the EU and UK General Data Protection Regulation (GDPR), which also informs how we handle your information under US state privacy laws.
PurposeLegal Basis (GDPR)Providing and maintaining the ServicePerformance of a contractManaging your account and authenticationPerformance of a contractProcessing purchases, payments, refunds, and related transactionsPerformance of a contract, legal obligationProviding customer support and responding to your inquiriesLegitimate interests, performance of a contractSending you transactional communications about your account or purchasesPerformance of a contract, legitimate interestsSending you marketing, newsletters, and promotional offersConsent (which you can withdraw at any time)Improving and personalizing the Service, including analyticsLegitimate interests, consent where required for non-essential cookiesPreventing fraud, abuse, and security incidentsLegitimate interests, legal obligationComplying with applicable laws and responding to legal processLegal obligationEnforcing our terms and resolving disputesLegitimate interestsDisplaying testimonials you have given explicit consent to publishConsent
We do not use your personal information for automated decision-making that produces legal or similarly significant effects without your knowledge.
5. Who We Share Your Information With
We share personal information only in the following circumstances and only with parties bound by appropriate contractual and security obligations.
With service providers and subprocessors. We work with trusted vendors that process personal information on our behalf under written data processing agreements. Current categories include:
Hosting and infrastructure: web hosting and content delivery providers
Payment processing: PCI-compliant payment processors
Email, CRM, and marketing automation: platforms that send transactional and marketing communications
Analytics: tools that help us understand Service usage (see Cookies)
Customer support and ticketing: help desk and messaging platforms
Advertising: advertising platforms for targeted campaigns, only where you have consented to advertising cookies
Security and fraud prevention: tools that detect and mitigate abuse of the Service
With your consent. We will share your personal information for any other purpose with your explicit consent.
For business transfers. If iO is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred to the acquiring or successor entity. We will notify affected users in advance where required by law.
For legal reasons. We may share personal information when we reasonably believe it is necessary to:
comply with applicable law, regulation, legal process, or governmental request
enforce our terms of service or other agreements
detect, prevent, or address fraud, security, or technical issues
protect the rights, property, or safety of iO, our users, or the public
We do not sell your personal information for money. Under California law, some sharing of information for cross-context behavioral advertising is treated as a "sale" or "share." You can opt out of this type of sharing at any time using the mechanisms in the Your Privacy Rights section below.
6. How Long We Retain Your Information
We keep personal information only as long as we need it for the purposes described in this policy, then we delete or anonymize it. Specific retention periods depend on the category of information:
CategoryRetention PeriodAccount and contact informationDuration of your relationship with iO, plus 3 yearsPayment, billing, and tax records7 years, to comply with IRS and state tax requirementsTransaction and order records7 years, for legal and accounting purposesMarketing preferences and consent recordsUntil you withdraw consent, then up to 3 years in suppression lists to honor your opt-outSupport and customer service communications3 years after resolutionUsage data and server logsTypically 13 monthsSecurity logs and audit records2 years, or longer if required by applicable frameworksBackups90 days after deletion from primary systems
Information that has been anonymized so that it can no longer identify you may be retained indefinitely for analytics and research purposes.
7. Your Privacy Rights
Depending on where you live, you have specific rights regarding your personal information. We honor these rights regardless of your location, to the extent practical.
Universal Rights (All Users)
Access. Request a copy of the personal information we hold about you.
Correction. Ask us to correct information that is inaccurate or incomplete.
Deletion. Ask us to delete your personal information, subject to our legal obligations to retain certain records.
Opt-out of marketing. Unsubscribe from marketing emails at any time using the link in each email, or by contacting us.
EU, UK, and EEA Residents (GDPR)
Under the GDPR, you additionally have the right to:
Portability. Receive your personal information in a structured, commonly used, machine-readable format and transmit it to another controller.
Restriction. Request that we limit the processing of your personal information in certain circumstances.
Objection. Object to processing based on legitimate interests or direct marketing.
Withdraw consent. Withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Lodge a complaint with your local supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.
California Residents (CCPA and CPRA)
California residents have the right to:
Know what personal information we collect, use, disclose, and sell or share.
Delete personal information we have collected from you.
Correct inaccurate personal information we maintain about you.
Opt out of the sale or sharing of personal information for cross-context behavioral advertising.
Limit the use and disclosure of sensitive personal information.
Non-discrimination. We will not deny, charge different prices for, or provide a different level of service because you exercised any of these rights.
To exercise these rights, please contact us or submit a request through our website. You may designate an authorized agent to submit a request on your behalf, subject to verification.
Shine the Light (Cal. Civ. Code § 1798.83). California residents may request information about our disclosures of personal information to third parties for their direct marketing purposes in the preceding calendar year. To make a request, contact us with "Shine the Light Request" in the message line.
Do Not Sell or Share My Personal Information. iO does not sell personal information in the traditional sense. If you use cookies or similar technologies that share data for cross-context behavioral advertising, that sharing may qualify as a "sale" or "share" under CCPA/CPRA. You can opt out by:
Clicking the "Do Not Sell or Share My Personal Information" link in the footer of inputoutput.com
Using the cookie consent tool to disable advertising cookies
We honor Global Privacy Control (GPC) signals sent from your browser as an opt-out of sale and sharing.
Other US States (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Similar Laws)
Residents of states with comprehensive privacy laws (including Virginia's VCDPA, Colorado's CPA, Connecticut's CTDPA, Utah's UCPA, Texas's TDPSA, and Oregon's OCPA) have rights similar to those listed above, including the right to access, delete, correct, port, and opt out of targeted advertising and sales. To exercise these rights, please contact us.
If we deny a request, you have the right to appeal. Appeals should be sent made through our contact us page with "Privacy Rights Appeal" in the message line.
How to Submit a Request
For all privacy rights requests, please contact us with:
Your name and contact information
The specific right you wish to exercise
Enough information for us to verify your identity (we may ask for additional verification for sensitive requests)
We will respond within 45 days for US state law requests, and within 30 days for GDPR requests. Complex requests may require an extension, which we will notify you of in advance.
8. Cookies and Tracking Technologies
Cookies are small text files placed on your device when you visit the Service. We use cookies and similar technologies (pixels, local storage, tags) for the purposes described below.
Cookie CategoryWhat It DoesConsent Required?Strictly necessaryAuthentication, session management, security, load balancing. The Service cannot function without these.NoFunctionalityRemember your preferences (language, timezone, display settings).Yes where requiredPerformance and analyticsMeasure traffic and usage patterns so we can improve the Service. Cannot directly identify you.Yes where requiredAdvertising and targetingDeliver relevant ads and measure ad campaign effectiveness. May be shared with advertising partners.Yes
Who sets cookies: Cookies are set by iO (first-party) and by our service providers (third-party). A current list of cookie providers is maintained in our cookie consent tool, accessible at any time via the cookie icon in the footer.
Managing cookies: You can accept or reject non-essential cookies through the cookie consent banner presented on your first visit, or by clicking the cookie preferences link in the footer. You can also disable cookies through your browser settings, though some parts of the Service may not function properly if you do.
Do Not Track (DNT). Our Service does not currently respond to DNT browser signals, because there is no industry standard on how to interpret them. We do honor Global Privacy Control (GPC) signals as an opt-out of sale and sharing.
9. Marketing and Communications
Email marketing. We send marketing emails only to recipients who have opted in (typically by subscribing to our newsletter, registering for a resource, or checking a marketing consent box at signup). Every marketing email contains an unsubscribe link in the footer.
SMS communications. We do not send SMS marketing messages unless you have provided prior express written consent, for example by completing an SMS-specific opt-in flow. You can opt out of SMS messages at any time by replying STOP to any message.
Transactional communications. Regardless of your marketing preferences, we may send you transactional messages (receipts, security alerts, service updates, password resets) because those communications are necessary to provide the Service.
Testimonials and reviews. If you share a testimonial, review, or case study with us, we will ask for your explicit consent before publishing it. You may withdraw that consent at any time by contacting us, and we will remove the testimonial within a reasonable period.
10. Children's Privacy
The Service is intended for business users and is not directed to children under the age of 13 (or under 16 in the EU/UK and certain US states). We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us and we will delete the information promptly.
11. Security
As a cybersecurity and information security firm, we hold ourselves to the standards we recommend to our own clients. Our security program includes:
Encryption in transit using TLS 1.2 or higher for all communications with the Service.
Encryption at rest using AES-256 or equivalent for databases, backups, and payment information.
Access controls based on the principle of least privilege, with role-based access and multi-factor authentication required for all administrative access.
Network segmentation and firewalling of production systems.
Continuous monitoring and logging of administrative actions and security events.
Vulnerability management, including regular patching and periodic penetration testing (we are a penetration testing firm, so this is baked into our practice).
Vendor and subprocessor security review before onboarding, with contractual data protection obligations.
Security awareness training for all employees with access to personal information.
Incident response procedures aligned with NIST SP 800-61 and applicable breach notification laws.
Breach notification. In the event of a personal data breach that is likely to result in a risk to your rights or freedoms, we will notify affected users and applicable regulators within the timeframes required by law (72 hours for GDPR, plus state-specific US timelines). Notifications will describe the nature of the breach, the categories of information affected, the likely consequences, and the measures we are taking to address it.
No system can guarantee perfect security. While we take reasonable and industry-standard measures to protect your information, you use the Service at your own risk and should take steps to protect your account (strong passwords, MFA where offered, promptly reporting suspected compromises).
12. International Data Transfers
iO is headquartered in the United States, and the personal information we collect is primarily stored and processed in the US. If you access the Service from outside the US, your information will be transferred to, stored in, and processed in the United States, which may have different data protection laws than your country of residence.
For transfers of personal information from the EU, UK, EEA, or Switzerland to the United States or other third countries, we rely on appropriate safeguards including:
Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office (ICO)
Supplementary technical and organizational measures where required by applicable guidance
Your consent in specific, limited circumstances
A copy of the SCCs used in our vendor agreements is available on request at by contacting us.
13. Third-Party Links
The Service may contain links to third-party websites, products, or services that we do not own or operate. We are not responsible for the privacy practices of those third parties. When you leave the Service, we recommend reviewing the privacy policies of any site you visit and evaluating their practices before providing personal information.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
Update the "Last Updated" date at the top of this policy
Notify you via email (where we have your email address) or by a prominent notice on the Service at least 30 days before the changes take effect
Provide you a reasonable opportunity to review the changes and to exercise your rights (including the right to close your account or object to material changes)
Non-material changes (typographical corrections, clarifications that do not affect your rights) may take effect immediately without notice. We encourage you to review this policy periodically.
15. Contact Us
If you have any question, concern, or complaint about this Privacy Policy or our handling of your personal information, please contact us:
Input Output, LLC Attn: Privacy Team 125 S State Road 7, Suite 104-#406 Wellington, FL 33414 United States
We take privacy inquiries seriously and will respond as quickly as we can, and always within the timeframes required by applicable law.
This Privacy Policy is provided for informational purposes and reflects Input Output, LLC's privacy practices as of the Last Updated date. It is not a substitute for legal advice. We recommend reviewing this policy with qualified legal counsel before publication to confirm it accurately reflects your specific processing activities, vendor relationships, and jurisdictional obligations.