PRIVACY POLICY

Domain Methods

Effective Date: May 6, 2026

This Privacy Policy describes how Domain Methods ("Company," "we," "us," or "our") collects, uses, stores, shares, and protects information when you use our security audit services (the "Services"). This policy is drafted in compliance with Oregon state law, including the Oregon Consumer Privacy Act (OCPA), ORS Chapter 646A, and applicable federal privacy frameworks.

By submitting a request, making a payment, or entering into any agreement with us, you acknowledge that you have read and understood this Privacy Policy and consent to the practices described herein.

1. WHO THIS POLICY APPLIES TO

This Privacy Policy applies to:

  • Individual founders, developers, and independent contractors who engage our Services;
  • Businesses and legal entities that engage our Services on behalf of an organization;
  • Visitors to our website who submit inquiries or contact forms.

This Policy applies to all individuals and entities worldwide who interact with us, but is specifically governed by and construed in accordance with the laws of the State of Oregon, USA.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

When you contact us or engage our Services, we collect:

  • Full name and business or trading name;
  • Email address and other contact details you provide;
  • Payment information (processed through third-party payment processors; we do not store full card details);
  • Details about your application, including stack, deployment environment, and architecture overview;
  • Repository access credentials (read-only access where possible), provided during the audit engagement;
  • Communications between you and our team via email or other channels.

2.2 Code and Technical Data

As part of the security audit process, we access and process:

  • Source code from repositories you provide access to;
  • Configuration files, environment file structures (not contents of .env files unless relevant to the audit scope), and deployment settings;
  • Architecture documentation and project overviews you share with us.

See Section 5 (Data Retention and Deletion) for how this data is handled after audit completion.

2.3 Automatically Collected Information

When you visit our website, we may collect:

  • IP address and approximate geographic location;
  • Browser type, device type, and operating system;
  • Pages visited, time spent, and referral source;
  • Cookies and similar tracking technologies (see Section 9).

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

  • To deliver and fulfill the security audit Services you have engaged us for;
  • To communicate with you about your audit, findings, and next steps;
  • To process payments and manage billing;
  • To execute and maintain the NDA, Non-Compete Agreement, and Code Deletion Agreement signed at the start of each engagement;
  • To improve our audit methodologies and internal processes using anonymized, non-attributable statistical data (see Section 6);
  • To comply with applicable law, including Oregon law and any applicable federal regulations;
  • To respond to legal requests, enforce our Terms and Conditions, or protect the rights and safety of our team or others.

We do not use your personal information or your code for marketing, advertising, or sale to third parties.

4. USE OF LARGE LANGUAGE MODELS (LLMs)

Our audit process involves both manual review by senior security engineers and the use of AI-powered scanning tools. This includes submitting portions of your code or full repository contents to third-party large language model (LLM) providers.

By engaging our Services, you explicitly consent to the following:

  • Your code, in part or in full, may be submitted to LLM providers of our choosing for analysis purposes;
  • The specific LLM providers we use are at our discretion and may change without prior notice;
  • We select providers that, to our reasonable knowledge, operate under appropriate data handling and confidentiality standards, but we cannot guarantee the data practices of any third-party provider;
  • We disclaim all liability for any breach, unauthorized disclosure, or misuse of your code or data that occurs at the LLM provider level. Any such incident is the sole responsibility of the LLM provider.

We recommend that before sharing repository access, you review your codebase for hardcoded secrets, credentials, API keys, or sensitive personal data, and sanitize or rotate such values where possible.

To the extent required by the OCPA or other applicable law, your consent to LLM processing is obtained through your agreement to these Terms and this Privacy Policy. If you do not consent to your code being processed by LLM providers, you should not proceed with our Services.

5. DATA RETENTION AND DELETION

5.1 Source Code

Your actual source code, repository contents, and any credentials or access tokens provided for the purpose of the audit are deleted as soon as the audit process is completed. This commitment is memorialized in the Code Deletion Agreement executed at the start of each engagement.

5.2 Project Documentation

High-level project summaries, architecture overviews, and non-code documentation associated with your engagement are retained for up to 90 calendar days following delivery of your audit report. This data is retained for internal quality assurance, record-keeping, and audit trail purposes.

5.3 Your Right to Request Deletion

You may request deletion of your project documentation at any time within the 90-day retention window by sending a written request to:

contact@highvelocityclub.com

We will process deletion requests within 15 business days of receipt. We will confirm in writing when deletion is complete.

5.4 Anonymized Statistical Data

We retain the right to use anonymized, aggregated, non-attributable statistical data derived from audit engagements (for example, aggregate vulnerability counts, stack types, common finding categories) for internal benchmarking, service improvement, and marketing. This data cannot be used to identify you, your organization, or your codebase.

5.5 Financial Records

Payment records and invoicing information are retained for a minimum of seven (7) years as required for tax and accounting compliance under Oregon law.

6. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:

  • Service providers and subcontractors: We may share information with contractors or subcontractors who assist in delivering the audit, including parties who may be located outside the United States. All such parties are bound by written confidentiality and data processing agreements that provide protections no less protective than those in this Policy. We remain responsible for ensuring your data is handled appropriately regardless of where processing occurs.
  • LLM providers: As described in Section 4, portions of your code may be submitted to LLM providers as part of the scanning process.
  • Payment processors: We share payment information with third-party payment processors solely for the purpose of processing your transaction. We do not store full payment card data.
  • Legal compliance: We may disclose information where required by law, court order, regulatory authority, or to protect the rights, property, or safety of the Company, our clients, or others.
  • Business transfers: In the event of a merger, acquisition, or sale of substantially all our assets, your information may be transferred as part of that transaction. We will notify you in advance by email or website notice.

7. YOUR RIGHTS UNDER OREGON LAW

If you are an Oregon resident, you have the following rights under the Oregon Consumer Privacy Act (OCPA), effective July 1, 2024:

  • Right to Know: You have the right to know what personal data we collect, how we use it, and whether it is shared or sold.
  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Correction: You may request that we correct inaccurate personal data.
  • Right to Deletion: You may request deletion of your personal data, subject to lawful exceptions (such as financial record retention obligations).
  • Right to Opt Out: You have the right to opt out of the sale of personal data. We do not sell personal data.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights under the OCPA.

To exercise any of these rights, contact us at contact@highvelocityclub.com. We will respond within 45 days of receipt. If we need additional time, we will notify you within the initial 45-day period and may extend our response by an additional 45 days where reasonably necessary.

You may appeal a denial of your rights request by replying to our written denial. If you are unsatisfied with our response, you may contact the Oregon Department of Justice at www.doj.state.or.us.

8. SECURITY MEASURES

We implement commercially reasonable technical and organizational security measures to protect your information from unauthorized access, disclosure, alteration, or destruction. These include:

  • Encryption of data in transit using industry-standard protocols;
  • Access controls limiting who within our team can access client code and data;
  • Contractual confidentiality obligations with all personnel and subcontractors;
  • Prompt deletion of source code upon audit completion as described in Section 5.

No method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security. In the event of a data breach that is reasonably likely to harm you, we will notify you without unreasonable delay as required under Oregon's data breach notification law (ORS 646A.604).

9. COOKIES AND TRACKING

Our website may use cookies and similar tracking technologies for the following purposes:

  • Essential cookies: Required for the website to function, such as form submission and session management.
  • Analytics cookies: Used to understand how visitors interact with our website, such as pages visited and time on site. We use this data in aggregate form only.

You may disable cookies in your browser settings. Disabling cookies may affect the functionality of certain parts of our website. We do not use cookies for advertising or behavioral profiling.

10. CHILDREN'S PRIVACY

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected personal information from a minor, we will delete it promptly. If you believe a minor has provided us with personal information, contact us at contact@highvelocityclub.com.

11. INTERNATIONAL DATA TRANSFERS

We are based in the United States and your data is processed and stored in the United States. If you are located outside the United States, please be aware that your information will be transferred to, stored, and processed in the US, where data protection laws may differ from those in your jurisdiction.

By engaging our Services, you consent to this transfer and processing. We take steps to ensure that your data receives an adequate level of protection regardless of where it is processed.

12. THIRD-PARTY LINKS AND SERVICES

Our website may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party services you access through links on our website. We are not responsible for the privacy practices of third parties.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (using the email address you provided) or by posting a prominent notice on our website, at least 30 days before the changes take effect.

Your continued use of our Services after the effective date of any updated Privacy Policy constitutes your acceptance of the updated policy. If you do not agree to the updated policy, you should discontinue use of our Services and contact us to request deletion of your data.

14. CONTACT AND DATA CONTROLLER

If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us at:

Domain Methods

[Registered Address, Oregon, USA — PLACEHOLDER]

contact@highvelocityclub.com

15. GOVERNING LAW

This Privacy Policy is governed by and construed in accordance with the laws of the State of Oregon, United States of America, without regard to its conflict of law principles. Any disputes arising from or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the state and federal courts located in Oregon.

END OF PRIVACY POLICY

Last updated: May 6, 2026

om