Privacy Policy

Effective Date: July 23, 2025

Lystrup Maher LLC is deeply committed to safeguarding the privacy, confidentiality, integrity, and availability of all personal and proprietary information. This policy details our unwavering commitment to responsible data handling, robust security measures, and strict adherence to applicable laws and industry standards, ensuring the trust and confidence of our clients.

We collect information necessary to provide our consulting, engineering, and design services. 

This includes:

• Personal Information: Name, email address, phone number, mailing address, and company or organization name. Collected for contractual fulfillment, client communication, and account management purposes.
• Technical and Intellectual Property (IP) Information: Drone schematics and design files, CAD models and specifications (including from software like SolidWorks), pre-patented or patented materials, trade secrets, and proprietary content. Collected solely to deliver contracted engineering and design services, optimize solutions, and ensure proper handling of client innovations.
• Usage and Interaction Data: Website form submissions, meeting and scheduling information, communications via email and project management systems, and metadata from Zoom, Google Meet, and Calendly interactions. Collected to enhance service delivery, optimize internal workflows, and improve the user experience on our platforms.

We adhere to the principle of data minimization, collecting only the personal and proprietary information essential to deliver our services effectively and lawfully.

We collect information through various channels:

• Contact forms on our website
• Direct email and phone communications
• Project collaboration platforms (e.g., ClickUp)
• Online scheduling tools (e.g., Calendly)
• Meetings via Google Meet or Zoom
• Freelance platforms (e.g., UpWork)

Where applicable, and especially for data not strictly necessary for contract fulfillment, we obtain your explicit consent for data collection.

Your information is used to:

• Provide consulting, engineering, and design services.
• Optimize client deliverables and internal workflows.
• Conduct internal analysis to improve our services.
• Fulfill legal and regulatory obligations (e.g., ITAR compliance).
• Communicate and schedule meetings efficiently.

All uses of your information strictly adhere to the principle of data minimization. Regarding "Usage and Interaction Data," we use this data in an aggregated and anonymized form to improve our services (e.g., to analyze project durations or identify common bottlenecks) and do not analyze the content of communications for this purpose. We do not currently use this data for non-essential analytics or marketing.

We prioritize data security. Information is stored on a combination of secure local servers and encrypted cloud systems, utilizing industry-standard encryption protocols (e.g., AES-256). Our security measures include:

• Standard Projects: Use of Google Drive with encryption and access control for non-sensitive project data.
• ITAR-Restricted Projects: Use of offline, air-gapped systems. All deliverables and reports for such projects are generated using offline Microsoft Word and are not processed or stored on cloud systems like Google Drive.
• Strict role-based access to sensitive data, implemented through the Principle of Least Privilege.
• Regular internal reviews and periodic third-party security assessments.
• A robust information security management system aligned with recognized frameworks such as NIST 800-171 and relevant CMMC requirements to protect Controlled Unclassified Information (CUI).

We use third-party services solely as necessary for business operations. This includes industry-standard design software such as SolidWorks. Each provider undergoes rigorous due diligence. We maintain contractual agreements (e.g., Data Processing Agreements) with these providers, explicitly limiting their use of your information. This includes a strict prohibition on using generative AI tools (like ChatGPT and Gemini) on any system that processes, stores, or transmits client proprietary information.

We provide a standard Mutual Non-Disclosure Agreement (MNDA) to all clients. Beyond MNDAs, we employ comprehensive internal controls to protect your IP, including strict data segregation, access controls, and robust lifecycle management protocols from intake to secure destruction.

We do not sell, rent, or share client information or IP with third parties for their own marketing purposes. We will only share testimonials, product images, company logos, or case studies with prior written consent from you for each specific use.

Our standard policy is to securely delete or return all client proprietary and personal data within 90 days following the completion of a project or termination of our engagement. We retain only the data necessary to comply with our legal obligations or for archival purposes as required by law.

You have the right to request:

• A copy of your stored data.
• Correction of inaccurate data.
• Deletion of your information (subject to our data retention policy and legal obligations).

For any privacy-related questions or requests, please contact us at privacy@lystrupmaher.com.

In the unlikely event of a data breach, we will promptly assess the situation and notify affected individuals and regulatory authorities as required by applicable law.

All Lystrup Maher LLC personnel are regularly trained on data privacy and security protocols to ensure adherence to this policy.