Privacy Policy

Effective: May 2026

1. Who We Are

Standfast is a product of MoGhraOps, LLC — a Service-Disabled Veteran-Owned Small Business providing Zero Trust Security Architecture and CMMC compliance management for Defense Industrial Base contractors. Our website is primarily informational and is not designed as a consumer-facing platform or marketplace.

2. Information We Collect

By default, this site collects very limited information:

• Basic technical details such as IP address, browser type, and pages visited, as part of standard web server logs.
• Information you voluntarily provide when you contact us — such as your name, email address, organization, and any details you choose to include in your message.

3. How We Use Information

We use information only for limited, mission-oriented purposes:

• Responding to inquiries or requests you send us.
• Maintaining early access interest and follow-up communications.
• Improving the reliability and security of the website.
• Understanding, in aggregate, how visitors find and use our content.

We do not sell, rent, or trade your personal information. Ever.

4. Cookies and Analytics

This site is designed to run with minimal or no third-party tracking. If analytics or additional tools are added in the future, this policy will be updated to describe exactly what is in use and how it operates — before those tools go live.

5. Data Security

We build security infrastructure for a living. We apply that same security-first mindset to our own systems. While no system can be guaranteed perfectly secure, we apply reasonable technical and organizational safeguards to protect any information under our control.

6. Links to Other Sites

Our website may contain links to external websites. We are not responsible for the content or privacy practices of those sites. We encourage you to review the privacy policy of any site you visit.

7. Contact About Privacy

If you have questions about this Privacy Policy or how we handle information, reach us at:

Email: contact@moghraops.com

Mailing Address:
MoGhraOps, LLC
17350 State Hwy 249, Ste 220 #29269
Houston, TX 77064

8. Client Data & Artifact Retention

For clients of the Standfast platform, compliance artifacts — including scan reports, remediation run logs, POA&M snapshots, and evidence packages — are retained in Standfast-managed infrastructure for a period of three years and four months from the date of generation. This covers the full CMMC certification cycle plus a buffer period for reassessment preparation.

Upon termination of a client engagement, Standfast will generate a complete export of all artifacts associated with that client. The client will be provided a secure, time-limited download link to retrieve their data. Upon confirmed receipt — acknowledged by the client in writing — Standfast will delete the client's data from its infrastructure and issue a written deletion affirmation confirming the purge.

Download links remain active for 30 days following offboarding. If data is not retrieved within that window, Standfast will notify the client and extend once. Data not retrieved after the extension period will be purged on schedule. Standfast does not retain client compliance data beyond the terms described here.

9. Updates to This Policy

As Standfast grows and the platform evolves, this Privacy Policy may be updated. When changes are made, the content on this page will be revised so the latest version is always available here.