Privacy Policy
Effective Date: May 23, 2026 | Governance: State of Texas & PCI DSS Standard Baseline
1. Information We Collect
DFI Security Inc LLC ("DFI Security") collects, controls, and manages consumer metadata strictly necessary to execute complex tactical training programs, fulfill identity-clearance verification procedures for restricted modules like "The MM Program", and protect secure networks. We manage individual identifiers including full legal names, operational callsigns, encrypted email vectors, phone contacts, residential jurisdictions, and government-issued background verifications or identification clearances.
2. Cardholder Data & PCI DSS Compliance
In strict alignment with the Payment Card Industry Data Security Standard (PCI DSS), DFI Security operates a system architecture that ensures complete isolation from raw financial keys. We do not ingest, process, transmit, or store Primary Account Numbers (PAN), cardholder verification values (CVV/CVC), or expiration date sets on our physical or cloud infrastructure.
Our digital operational flow applies asymmetric encryption layers to forward raw transaction assets directly to Level-1 certified PCI DSS third-party payment processing gateways. Client sessions leverage system tokenization strings, securing merchant-side validation patterns while protecting consumer primary account elements against systematic compromises.
3. Texas Identity Data Protection Controls
Pursuant to the Texas Business and Commerce Code Chapter 521 (Identity Theft Enforcement and Protection Act), DFI Security maintains comprehensive technical, physical, and digital safeguards to enforce strict security boundaries around all personal data elements. In the event of an unvetted boundary access anomaly affecting sensitive files, automated reporting matrices are prepared to distribute notices directly to verified clients and the Texas Attorney General's database within mandated legal windows.
4. Cookies, Asset Tracing, and Logging Matrices
Our secure server layers record telemetry interactions including Internet Protocol (IP) locations, network provider footprints, web browser profiles, and interaction timestamps. This data acts strictly as analytical defense layers against unauthorized access attempts or operational system testing. We disallow the monetization, lease, or third-party transfer of your identifier strings to secondary commercial aggregators.
5. Data Retention and Destruction
Information structures remain active only throughout your functional training deployment cycles or across historical accounting tracks mandated by federal state revenue regulations. Upon reaching legal milestones, inactive user assets pass through military-grade multi-pass cryptographic data data sanitization protocols, ensuring total, irrecoverable removal from all secure backup storage structures.