- 1191 Patuxent Greens Laurel Maryland 20708
- +1 (301) 821-7362
- contact@nabayasolutions.com
Privacy Policy
NABAYA Business Solutions LL
NABAYA is Maryland’s trusted provider of NIST CSF, CMS 912, GAP Assessment, virtual CISO (vCISO) services, SOC 2, CMMC, HIPAA, and ISO 27001 compliance for healthcare organizations, FinTech companies, and government contractors. We protect your data with the same standards we hold our clients to.
đ Effective: May 1, 2025  đ Updated: April 25, 2026 đGoverned by Maryland & U.S. Law đ GDPR Compliant
Our Services: Cybersecurity, Grc & Compliance, Cloud Security, Ai Security, Managed & Advisory Services, Software ,Development, Data Analytics ,vCISO Services⢠SOC 2 Compliance â˘CMMC for GovCon â˘HIPAA Compliance â˘Penetration Testing â˘Cloud & AI Security â˘Managed IT Services Cybersecurity, Grc & Compliance, Cloud Security, Ai Security, Managed & Advisory Services, Software ,Development, Data Analytics
In This Policy
 1. Who We Are
 2. Data We Collect
 3. Comments
 4. Media
 5. Cookies
 6. Embedded Content
 7. Who We Share With
 8. How Long We Retain
 9. Your Rights
 10. Where Data Is Sent
 11. Children’s Privacy
13. Policy Changes
14. Contact Us
Need cybersecurity or compliance help? We serve healthcare, FinTech & GovCon organizations across Maryland & D.C.
Book a Free AssessmentGet Your Security Score
About This Policy
NABAYA Business Solutions LLC is a cybersecurity, compliance, and managed IT services firm headquartered in Laurel, Maryland. We help healthcare organizations, FinTech companies, and government contractors across the DMV region achieve and maintain security compliance â including SOC 2, CMMC, HIPAA, ISO 27001, and more.
This Privacy Policy explains how we handle the personal data of visitors to www.nabayasolutions.com. As a cybersecurity firm, data protection is not a checkbox for us â it is a core operating principle. We apply the same rigor to our own data practices that we bring to every client engagement.
This policy complies with the Maryland Online Data Privacy Act (MODPA), applicable U.S. federal law, and the EU General Data Protection Regulation (GDPR) for visitors from the European Economic Area.
1. Data Controller Who We Are
NABAYA Business Solutions LLC is a cybersecurity, GRC (Governance, Risk & Compliance), and managed IT services firm headquartered in Laurel, Maryland, serving organizations across Maryland, Virginia, and Washington D.C. since 2018.
We specialize in helping healthcare organizations achieve HIPAA compliance, government contractors meet CMMC and DFARS requirements, and FinTech and technology companies pass SOC 2 and ISO 27001 audits â often through our fractional virtual CISO (vCISO) service, which delivers board-level security leadership at a fraction of the cost of a full-time hire.
| Detail | Information |
|---|---|
| Legal Name | NABAYA Business Solutions LLC |
| Business Type | Limited Liability Company (LLC), registered in Maryland |
| Principal Address | Laurel, Maryland, United States |
| Website | www.nabayasolutions.com |
| Privacy Contact | contact@nabayasolutions.com |
| Phone | +1 (301) 821-7362 |
| Founded | 2018 |
| Services | Virtual CISO (vCISO) ¡ SOC 2 ¡ CMMC ¡ HIPAA ¡ ISO 27001 ¡ Penetration Testing ¡ Zero Trust ¡ Cloud & AI Security ¡ Managed IT Services |
| Data Controller (GDPR) | NABAYA Business Solutions LLC is the data controller for all personal data processed through this website. |
How NABAYA Helps Organizations Like Yours
Cybersecurity & Compliance Services for Healthcare, FinTech & Government Contractors
vCISOFractional CISO â security leadership without the full-time cost
SOC 2Type I & II readiness, gap analysis, audit management
CMMCLevel 1â3 assessment and SSP prep for DoD contractors
HIPAASecurity & Privacy Rule compliance for healthcare orgs
ISO 27001Information security management system (ISMS) implementation
Pen TestingNetwork, web app & social engineering assessments
Cloud & AIAWS, Azure, GCP security architecture & AI governance
Managed ITHelp desk, monitoring & infrastructure â Maryland & DMV
2.Data Collection What Personal Data We Collect
NABAYA collects personal data only to the minimum extent necessary to operate our website, respond to inquiries, deliver services, and improve user experience. We collect data in the following ways:
Data You Provide Directly
When you use our contact form, book a consultation via Calendly, download a compliance checklist, or complete our Compliance Readiness Quiz, you may provide:
- Full name and business email address
- Company name, size, and industry
- Phone number (optional)
- Job title or role
- The content of your inquiry or form submission
- Quiz responses related to your organization’s compliance posture
Data Collected Automatically
When you visit www.nabayasolutions.com, our web server and analytics tools automatically collect:
- IP address, browser type and version, operating system
- Pages visited and time spent on each page
- Referring URL and device type
- Date and time of your visit
This data is collected through cookies and similar tracking technologies. See Section 5 for our full Cookie Policy.
Data from Third-Party Scheduling Tools
If you book a consultation through our Calendly integration, Calendly collects your name, email address, and pre-qualification responses. Calendly operates under its own Privacy Policy at calendly.com/privacy. NABAYA receives your booking details and intake responses.
3.User-Generated Content Comments
The NABAYA website currently does not enable a public comment feature on blog posts or resource articles. If we introduce commenting in the future, this policy will be updated accordingly.
If Comments Are Enabled in the Future
Should NABAYA enable visitor comments, the following practices will apply:
- We collect the data shown in the comment form â typically name, email address, and comment content.
- Email addresses provided with comments are used solely to notify the commenter of replies. They are never published publicly.
- We may use an automated spam-detection service (such as Akismet) to review submitted comments. Comment data may be sent to this service for evaluation.
- Approved comments are retained indefinitely so that follow-up conversations can be contextualized. You may request deletion by contacting contact@nabayasolutions.com.
- An anonymized hash of your email address may be provided to the Gravatar service to determine whether you have a profile image. Gravatar’s privacy policy is available at automattic.com/privacy.
Data Minimization Commitment
NABAYA only requests the minimum information necessary for each interaction. We do not require account creation to access website resources, and we do not collect sensitive personal data categories (health records, financial accounts, or government IDs) through our website.
4.Images & Files Media
Visitors to the NABAYA website cannot currently upload images, documents, or other media files through the public-facing site.
Team and Profile Images
Images of NABAYA team members displayed on our website are used with the full consent of each individual. These images are hosted on NABAYA-controlled infrastructure and are not linked to third-party social platforms in ways that enable user tracking.
If Media Upload Is Enabled
Should NABAYA introduce file upload functionality (for example, through a secure client portal for compliance engagements), the following will apply:
- Avoid uploading images that contain embedded location data (EXIF GPS), as this data may be accessible to others who download the file.
- NABAYA will process uploaded files only for the stated purpose â for example, to support a SOC 2 readiness assessment or HIPAA gap analysis.
- Uploaded media is stored on NABAYA-controlled or contracted secure infrastructure within the United States.
- Files uploaded as part of a professional engagement are retained only for the duration of that engagement, then securely deleted.
5.Tracking Technologies Cookies
NABAYA’s website uses cookies and similar tracking technologies to operate essential site functions, analyze visitor behavior, and improve user experience.
What Are Cookies?
A cookie is a small text file placed on your device by a website you visit. Cookies allow the site to recognize your device on return visits and store session preferences. Cookies are not programs â they cannot execute code or deliver malware.
Cookies We Use
| Cookie Type | Duration | Purpose | Example |
|---|---|---|---|
| Strictly Necessary | Session | Enable core site functionality, form submissions, and navigation. Cannot be disabled. | Session ID, CSRF protection token |
| Analytics | Up to 2 years | Measure page performance, visitor counts, and content engagement via Google Analytics 4. | GA4 _ga, _ga_[ID] cookies |
| Functional | Up to 1 year | Remember quiz progress or form field responses to improve return-visit experience. | Quiz session state |
| Third-Party Scheduling | Session / 30 days | Set by Calendly when you book a consultation to maintain your booking session. | Calendly cal.js session cookie |
| Marketing (if enabled) | Up to 90 days | Used by LinkedIn Insight Tag to measure campaign effectiveness. Not used to serve ads. | LinkedIn li_fat_id (if active) |
Managing Your Cookie Preferences
- Browser Settings:Â All major browsers allow you to refuse or delete cookies through the settings menu. Disabling strictly necessary cookies may affect site functionality.
- Cookie Banner:Â On your first visit, a cookie consent banner will appear. You may accept all, reject non-essential, or manage preferences individually. Your choice is stored for up to 12 months.
- Opt-Out Links: For Google Analytics, install the Google Analytics Opt-Out Add-On. For LinkedIn, manage preferences at linkedin.com/psettings.
No Advertising Cookies
NABAYA does not use cookies to serve targeted advertising. Any marketing measurement tools are limited to understanding how visitors arrived at our site â not tracking them across third-party websites.
6.Third-Party Integrations Embedded Content from Other Websites
Pages on the NABAYA website may include embedded content from third-party platforms, such as:
- Calendly scheduling widgets on consultation booking pages
- YouTube or Vimeo video embeds in educational resource content
- LinkedIn social sharing buttons
- Interactive compliance tools hosted on Typeform or Outgrow
How Embedded Content Behaves
Embedded content behaves exactly as if you had visited those websites directly. Third-party services may collect data about you (including your IP address), use cookies, and build a behavioral profile if you are logged in to those platforms while viewing our site.
Third-Party Services Currently Used
| Service | Purpose on NABAYA Site | Their Privacy Policy |
|---|---|---|
| Calendly | Consultation booking widget on /contact/ and hero section | calendly.com/privacy |
| Google Analytics 4 | Visitor analytics and conversion tracking | policies.google.com/privacy |
| Google Tag Manager | Tag management for analytics and conversion events | policies.google.com/privacy |
| LinkedIn (if active) | Social sharing or Insight Tag for campaign measurement | linkedin.com/legal/privacy-policy |
| Typeform / Outgrow (if used) | Compliance Readiness Quiz hosted externally and embedded via iframe | Per platform â disclosed at point of use |
NABAYA reviews third-party integrations periodically. We do not embed content from advertising networks, data brokers, or social media platforms beyond those listed above.
7.Third Parties Who We Share Your Data With
NABAYA does not sell, rent, or trade your personal data to any third party. We share personal data only in the following limited circumstances:
Service Providers and Sub processors
We engage a small number of trusted third-party service providers who process personal data on our behalf, solely to support our website and business operations. Each provider is contractually bound to handle data in accordance with this policy and applicable law.
| Provider | Role / Purpose | Data Shared | Location |
|---|---|---|---|
| Web Hosting Provider | Hosts nabayasolutions.com and stores web server logs | IP address, server access logs | United States |
| Calendly | Manages consultation bookings and confirmation emails | Name, email, intake responses | United States |
| Google Analytics 4 | Website traffic measurement and conversion tracking | Anonymized behavioral data, IP address | United States / EU |
| Email Marketing Platform (e.g., Mailchimp) | Automated follow-up emails for quiz and lead magnet subscribers | Email address, first name, industry segment | United States |
| CRM (if in use) | Stores contact records and engagement history for prospective clients | Name, email, company, inquiry notes | United States |
Legal and Professional Obligations
NABAYA may disclose personal data without prior consent only to:
- Comply with a valid legal obligation, court order, subpoena, or lawful U.S. government request
- Protect the rights, property, or safety of NABAYA, our clients, or the public
- Fulfill obligations in connection with a business transfer, merger, or acquisition â in which case the successor entity must comply with this policy
What We Do Not Do
- We do not sell personal data to data brokers, advertisers, or third parties for commercial gain.
- We do not share client or prospect data with other companies for their own marketing purposes.
- We do not profile individuals using website-collected data for decisions with legal or significant effects.
- We do not disclose data to government agencies except as required by law with appropriate legal process.
A Note on Cybersecurity Engagements
Personal data shared during a professional service engagement â such as employee names in a HIPAA assessment or network diagrams in a penetration test â is governed by a separate Engagement Letter and Data Processing Agreement, not this website Privacy Policy.
8.Data Life cycle How Long We Retain Your Data
NABAYA retains personal data only as long as necessary to fulfill its purpose or as required by applicable law. At the end of each retention period, data is securely deleted, permanently anonymized, or archived in a non-identifiable form.
| Data Category | Retention Period | Rationale |
|---|---|---|
| Contact form submissions | 3 years from submission | Maintain record for follow-up and service continuity. Deleted or anonymized after. |
| Calendly booking records | 2 years from booking | Support scheduling history and follow-up communications. |
| Quiz responses (with email) | 2 years, or until unsubscribed | Support personalized email nurture sequences. Deleted on opt-out. |
| Email marketing list | Until unsubscribed, deleted within 30 days | Active consent required. Deleted promptly on opt-out. |
| Web server logs (IP, pages) | 90 days from visit | Security monitoring and troubleshooting. Auto-deleted after period. |
| Google Analytics data | Up to 14 months (GA4 default) | Aggregate visitor trends. Anonymized at collection; no PII retained by NABAYA. |
| Client engagement records | 7 years from engagement close | Financial and professional record-keeping as required by U.S. law. |
| Job applicant data | 1 year from application (if not hired) | Standard recruiting retention for legal compliance. |
You may request early deletion of your personal data at any time. Send requests to contact@nabayasolutions.com. See Section 9 for exceptions.
9.Individual Rights What Rights You Have Over Your Data
Depending on your location, you have specific rights regarding the personal data NABAYA holds about you. We honor these rights for all individuals who make a verifiable request, regardless of jurisdiction.
đď¸ Right to Access
Request a copy of the personal data we hold about you, including categories, source, and how we use it.
âď¸ Right to Rectification
Request correction of inaccurate or incomplete personal data we hold about you.
đď¸ Right to Erasure
Request deletion of your personal data, unless retention is required by law or to defend a legal claim.
â¸ď¸ Right to Restrict Processing
Request that we limit how we use your data while a dispute or correction request is being resolved.
đŚ Right to Data Portability
Receive your personal data in a structured, machine-readable format (e.g., CSV or JSON) where feasible.
đŤ Right to Object
Object to processing for direct marketing. We will stop processing immediately upon receiving your objection.
âŠď¸ Right to Withdraw Consent
Withdraw consent for email marketing at any time. Withdrawal does not affect lawfulness of prior processing.
âď¸ Right to Non-Discrimination
Exercising any privacy right will never affect the quality or availability of services you receive from NABAYA.
đ Right to Lodge a Complaint
File a complaint with your applicable data protection authority if you believe your rights have been violated.
How to Exercise Your Rights
Email contact@nabayasolutions.com with subject line “Privacy Rights Request.” Include your full name, the email associated with your data, the specific right(s) you wish to exercise, and any context that will help us locate your records.
We acknowledge requests within 5 business days and fulfill them within 30 calendar days. Complex requests may be extended by an additional 30 days with notice. We may verify your identity before fulfilling access, correction, or deletion requests.
Data Protection Authorities
EU/EEA residents: File a complaint with your EU member state supervisory authority. A directory is available at edpb.europa.eu.
U.S. residents: Contact the Maryland Attorney General’s Consumer Protection Division or the Federal Trade Commission (FTC) at ftc.gov/complaint.
10.Data Residency Where Your Data Is Sent
NABAYA is headquartered in the United States, and the majority of personal data we collect is stored and processed within the United States.
Data Storage Locations
| Data Type | Primary Storage | Notes |
|---|---|---|
| Website contact form submissions | United States | Stored on NABAYAâs web server and CRM infrastructure within the U.S. |
| Calendly booking data | United States | Calendly is a U.S.-based company. See their privacy policy for storage details. |
| Google Analytics data | United States / EU | GA4 offers data residency selection. NABAYA configures U.S. residency where available. |
| Email marketing list | United States | Email platform (e.g., Mailchimp) is U.S.-based with standard contractual protections. |
| Quiz completion data | United States | Captured on NABAYA-controlled infrastructure or via Typeform (U.S.-based). |
International Data Transfers
If you are accessing our website from outside the United States â particularly from the EEA, United Kingdom, or Switzerland â your personal data may be transferred to and processed in the United States. Where such transfers occur, NABAYA relies on:
- Standard Contractual Clauses (SCCs)Â approved by the European Commission, incorporated into agreements with third-party subprocessors
- The EU-U.S. Data Privacy Framework (DPF)Â where applicable to our service providers
- Explicit consent obtained at the point of data collection where required by applicable law
To request a copy of the safeguards in place for international transfers, contact contact@nabayasolutions.com.
11.Minors Children’s Privacy
The NABAYA website and services are directed exclusively to business professionals and organizations. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected information from a minor, contact us immediately at contact@nabayasolutions.com. We will promptly delete any such data upon verification.
12.Data ProtectionHow We Protect Your Data
As a cybersecurity firm, data security is foundational to how NABAYA operates. We implement administrative, technical, and physical safeguards aligned with the same frameworks â NIST CSF, SOC 2, HIPAA Security Rule â that we implement for our clients:
- Encryption of all data in transit via TLS 1.2 or higher (HTTPS) across every page
- Access controls restricting personal data to authorized NABAYA personnel on a need-to-know basis
- Regular security reviews of our website infrastructure and third-party integrations
- Contractual data protection requirements imposed on all service providers
- Secure deletion protocols applied at the end of every data retention period
Despite these measures, no internet transmission or electronic storage system is 100% secure. If you believe your interaction with NABAYA has been compromised, contact us immediately at contact@nabayasolutions.com.
13.Policy Updates Changes to This Privacy Policy
NABAYA may update this Privacy Policy to reflect changes in our data practices, services, or applicable law. When we make material changes, we will:
- Update the “Last Updated” date at the top of this document
- Post the revised policy at www.nabayasolutions.com/privacy-policy
- Where required by law or deemed appropriate, notify affected individuals by email
Your continued use of the NABAYA website following any update constitutes acknowledgment of the revised policy.
14.Get in Touch Contact Us
For questions, concerns, or data rights requests regarding this Privacy Policy, contact us through any of the following channels:
| Contact Method | Details |
|---|---|
| Privacy Requests (Email) | contact@nabayasolutions.com â Subject: "Privacy Rights Request" |
| Phone | +1 (301) 821-7362 |
| Mailing Address | NABAYA Business Solutions LLC, Laurel, Maryland, United States |
| Website Contact Form | www.nabayasolutions.com/contact |
| Response Commitment | We acknowledge privacy inquiries within 5 business days and fulfill requests within 30 calendar days. |
Need Cybersecurity or Compliance Help?
NABAYA Business Solutions LLC helps healthcare organizations, FinTech companies, and government contractors across Maryland, Virginia, and Washington D.C. achieve SOC 2, CMMC, HIPAA, and ISO 27001 compliance â and maintain it. Our virtual CISO (vCISO) service delivers executive security leadership at a fraction of the cost of a full-time hire.
đ Book a Free Security Assessmentđ Get Your Security Score
NABAYA SolutionsBusiness Solutions LLC
Securing Innovation, Empowering Growth
Laurel, MD ¡ Maryland ¡ Virginia ¡ Washington D.C.
HomevCISO ServicesSOC 2 & GRC ComplianceCMMC for GovConHIPAA for HealthcareCybersecurity ServicesManaged IT â MarylandContact UsPrivacy Policy
Cybersecurity,  Grc & Compliance, Cloud Security, Ai Security, Managed & Advisory Services, Software ,Development, Data Analytics ,vCISO Services¡ SOC 2 Compliance ¡CMMC for GovCon ¡HIPAA Compliance ¡Penetration Testing ¡Cloud & AI Security ¡Managed IT Services Cybersecurity,  Grc & Compliance, Cloud Security, Ai Security, Managed & Advisory Services, Software ,Development, Data Analytics
Š 2025â2026 NABAYA Business Solutions LLC. All rights reserved.Effective: May 1, 2025 ¡ Updated: April 25, 2026