The CMMC Information Institute, Inc. (“CMMC Info”) Privacy Policy was updated on October 13, 2022.

Your privacy is important to CMMC Info so we have developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your personal information.

Collection and Use of Personal Information

Personal information is data that can be used to identify or contact a single person.

You may be asked to provide your personal information anytime you are in contact with CMMC Info or a CMMC Info affiliated company. CMMC Info and its affiliates may share this personal information with each other and use it consistent with this Privacy Policy. We may also combine it with other information to provide and improve our products, services, content, and advertising. You are not required to provide the personal information that we have requested, but, if you chose not to do so, in many cases we will not be able to provide you with our products or services or respond to any queries you may have.

Here are some examples of the types of personal information CMMC Info may collect and how we may use it:

What personal information we collect

When you create a CMMC Info ID, purchase a product, join our forums, register for an Event, sign up for a service, download software or a software update, register for a class or other training, connect to our services, contact us (including by social media), or participate in an online survey, we may collect a variety of information, including your name, mailing address, phone number, email address, contact preferences, device identifiers, IP address, location information, credit card information, and profile information where the contact is via social media.

When you share your content, send gift certificates and products, or invite others to participate in CMMC Info services or forums, CMMC Info may collect the information you provide about those people such as name, mailing address, email address, and phone number. CMMC Info will use such information to fulfill your requests, provide the relevant product or service, or for anti-fraud purposes.

How we use your personal information

We may process your personal information: for the purposes described in this Privacy Policy, with your consent, for compliance with a legal obligation to which CMMC Info is subject, for the performance of a contract to which you are party, in order to protect your vital interests, or when we have assessed it is necessary for the purposes of the legitimate interests pursued by CMMC Info or a third party to whom it may be necessary to disclose information. If you have questions about this legal basis you can contact the Data Protection Officer.

The personal information we collect allows us to keep you posted on CMMC Info’s latest product and service announcements, software updates, and upcoming events. If you don’t want to be on our mailing list, you can opt-out anytime by contacting us.

We also use personal information to help us create, develop, operate, deliver, and improve our products, services, content and advertising, and for loss prevention and anti-fraud purposes. We may also use your personal information for account and network security purposes, including in order to protect our services for the benefit of all our users, and pre-screening or scanning uploaded content for potentially illegal content, including child sexual exploitation material. Where we use your information for anti-fraud purposes it arises from the conduct of an online transaction with us. We limit our uses of data for anti-fraud purposes to those which are strictly necessary and within our assessed legitimate interests to protect our account owners and our services. For certain online transactions we may also validate the information provided by you with publicly accessible sources.

We may use your personal information, including date of birth, to verify identity, assist with identification of users, and to determine appropriate services. For example, we may use date of birth to determine the age of CMMC Info account holders.

We reserve the right to disclose and/or transfer your personal data to a third party if we have reason to believe that disclosing the personal data is necessary to identify, contact, or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our right or property, other website users, Event attendees, or anyone else who could be harmed by such activities. Additionally, we may disclose personal data in response to a subpoena, warrant, or other court order, or when we believe in good faith that a law, regulation, subpoena, warrant, or other court order requires it – or authorizes us to do so – or to respond to an emergency situation.

We also reserve the right to disclose and/or transfer personal data to a third party in the event of a proposed or actual purchase, sale (including a liquidation, realization, foreclosure or repossession), lease, merger, amalgamation or any other type of acquisition, disposal, transfer, conveyance or financing of all or any portion of CMMC Info, or of any of the business of CMMC Info or a chapter/division thereof, in order for you to continue to receive the same products and services from the third party.

From time to time, we may use your personal information to send important notices, such as communications about purchases and changes to our terms, conditions, and policies. Because this information is important to your interaction with CMMC Info, you may not opt out of receiving these communications.

We may also use personal information for internal purposes such as auditing, data analysis, and research to improve CMMC Info’s products, services, and account owner communications.

If you enter into a sweepstake, contest, or similar promotion we may use the information you provide to administer those programs.

If you apply for a position at CMMC Info or we receive your information in connection with a potential role at CMMC Info, we may use your information to evaluate your candidacy and to contact you. If you are a candidate, you will receive more information about how CMMC Info handles candidate personal information at the time of application.

Source of your personal information where they are not collected from you

We may have received your personal information from other persons if that person has shared their content with you using CMMC Info products, sent gift certificates and products, or invited you to participate in CMMC Info services or forums. We may also validate the information provided by you when creating a CMMC Info account with a third party for security and fraud prevention purposes.

If you are a potential candidate for employment with CMMC Info, we may have received your personal information from third parties such as recruiters or external websites. We will use the personal information we receive to contact you about a potential opportunity or in evaluating your candidacy. If you did not provide us your personal information directly, we will inform you of the source when we first contact you regarding your candidacy.

Collection and Use of Non-Personal Information

We also collect data in a form that does not, on its own, permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:

We may collect information such as occupation, language, zip code, area code, unique device identifier, referrer URL, location, and the time zone where a CMMC Info product is used, or service is accessed, so that we can better understand account owner behavior and improve our products, services, and advertising.

We may collect information regarding account owner activities on our website, services, our store, and from our other products and services. This information is aggregated and used to help us provide more useful information to our account owners and to understand which parts of our website, products, and services are of most interest. Aggregated data is considered non‑personal information for the purposes of this Privacy Policy.

We may collect and store details of how you use our services, including search queries. This information may be used to improve the relevancy of results provided by our services. Except in limited instances to ensure quality of our services over the Internet, such information will not be associated with your IP address.

If we do combine non-personal information with personal information the combined information will be treated as personal information for as long as it remains combined.

Cookies and Other Technologies

CMMC Info’s websites, online services, interactive applications, email messages, and advertisements may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help us better understand user behavior, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches. We treat information collected by cookies and other technologies as non‑personal information. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal information by local law, we also treat these identifiers as personal information. Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as personal information for the purposes of this Privacy Policy.

Ads that are delivered by CMMC Info’s advertising platform may appear in CMMC Info News and Information, and in our Forums or other services.

CMMC Info also uses cookies and other technologies to remember personal information when you use our website, online services, and applications. Our goal in these cases is to make your experience with CMMC Info more convenient and personal. For example, knowing your first name lets us welcome you the next time you visit the CMMC Info Forums. Knowing your country and language − and if you are an educator, your school − helps us provide a customized and more useful online experience. Knowing someone using your computer or device has shopped for a certain product or used a particular service helps us make our advertising and email communications more relevant to your interests. And knowing your contact information and hardware identifiers helps us personalize the services you receive.

If you want to disable cookies, check with your provider to find out how to disable cookies. Please note that certain features of the CMMC Info website will not be available once cookies are disabled.

As is true of most internet services, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data. We use this information to understand and analyze trends, to administer the site, to learn about user behavior on the site, to improve our product and services, and to gather demographic information about our user base as a whole. CMMC Info may use this information in our marketing and advertising services.

In some of our email messages, we use a “click-through URL” linked to content on the CMMC Info website. When account owners click one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our account owner communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages. Pixel tags enable us to send email messages in a format account owners can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to account owners.

Disclosure to Third Parties

At times CMMC Info may provide third parties with certain personal information to provide or improve our products and services, including to deliver products or provide services at your request, or to help CMMC Info market to consumers. When we do, we require those third parties to handle it in accordance with relevant laws. CMMC Info does not sell personal information, and personal information will never be shared with third parties for their marketing purposes. If you enroll in an Event, or if you enroll in a class or session sponsored or taught by a third party, we may share your information with Event sponsors and class/session instructors.

Service Providers

CMMC Info shares personal information with companies who provide services such as information processing, extending credit, fulfilling account owner orders, delivering products and providing services to you, managing and enhancing account owner data, providing account owner service, assessing your interest in our products and services, and conducting account owner research or satisfaction surveys. These companies are obligated to protect your information and may be located wherever CMMC Info operates. For example, we allow you to link your CMMC Info account with one or more social media accounts. In creating such linkages, we share certain information about you with your chosen social media services provider.


It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for CMMC Info to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate. We may also disclose information about you, but only where there is a lawful basis for doing so, if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users.  This could include providing information to public or governmental authorities. Additionally, in the event of a reorganization, merger, or sale we may transfer any and all personal information we collect to the relevant third party.

Protection of Personal Information

CMMC Info takes the security of your personal information very seriously. CMMC Info online services such as the CMMC Info Forums, protect your personal information during transit using encryption such as Transport Layer Security (TLS). When your personal data is stored by CMMC Info, we use computer systems with limited access housed in facilities using physical security measures.

When you use some CMMC Info products, services, or applications, or post on a CMMC Info Forum, chat room, or social networking service, the personal information and content you share is visible to other users and can be read, collected, or used by them. You are responsible for the personal information you choose to share or submit in these instances. For example, if you list your name and email address in a forum posting, that information is public. Please take care when using these features.

The Existence of Automated Decision-Making, Including Profiling

CMMC Info does not take any decisions involving the use of algorithms or profiling that significantly affect you.

Integrity and Retention of Personal Information

CMMC Info makes it easy for you to keep your personal information accurate, complete, and up to date.  We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy and any service specific privacy summaries.  When assessing these periods we carefully examine our need to collect personal information at all and if we establish a relevant need we only retain it for the shortest possible period to realize the purpose of collection unless a longer retention period is required by law.

Your Privacy Rights

You can help ensure that your contact information and preferences are accurate, complete, and up to date by signing in to your CMMC Info ID account page.  For other personal information we hold, we will provide you with access (including a copy) for any purpose including to request that we correct the data if it is inaccurate or delete the data if CMMC Info is not required to retain it by law or for legitimate business purposes.

We may decline to process requests that are frivolous/vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.  We may also decline aspects of deletion or access requests if we believe doing so would undermine our legitimate use of data for anti-fraud and security purposes as described earlier.  Online tools for the exercise of access, deactivation/restriction, correction, or deletion requests are available on a regional basis by signing in to your account. When you make a request using these online tools, we will verify your identity and the legitimacy of your request.


The California Consumer Privacy Act provides California consumers with the right to obtain from CMMC Info information about the personal information about you that we collect, use, and disclose.  You can exercise your rights through an authorized agent by providing relevant details via the web form on our Legal page.

If you choose to exercise your privacy rights, you have the right to not to receive discriminatory treatment or a lesser degree of service from CMMC Info.

Your California Privacy Disclosures

California consumers have a right to knowledge, access, and deletion of their personal information under the California Consumer Privacy Act. California consumers also have a right to opt out of the sale of their personal information by a business and a right not to be discriminated against for exercising one of their California privacy rights. CMMC Info does not sell the personal information of California consumers and does not discriminate in response to privacy rights requests.

CMMC Info provides notice of our privacy practices in this Privacy Policy.  The Privacy Policy includes what personal information is collected, the source of the personal information, and the purposes of use, as well as whether CMMC Info discloses that personal information and if so, the categories of third parties to whom it is disclosed.  More information about how CMMC Info handles personal information in connection with specific CMMC Info services is presented in service-specific notices at or before your first use of the service.

California consumers with a CMMC Info account can exercise their rights directly or through an authorized agent by signing in to their CMMC Info account. If you are a California consumer without a CMMC Info account and you or your authorized agent would like to exercise your privacy rights, requests may be made via the web form on our Legal page.  If you do not have a CMMC Info account, CMMC Info will ask you for information which we consider necessary to verify your identity for security and to prevent fraud.  This information may include name, contact information, and information related to your transaction or relationship with CMMC Info, but the specific information requested may differ depending on the circumstances of your request for your security and to protect privacy rights. If we delete your personal information, we will both render certain personal information about you permanently unrecoverable and also deidentify certain personal information.

Do Not Track

CMMC Info does not track its account owners over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. Third parties that have content embedded on CMMC Info’s websites such as a social feature or a stock ticker may set cookies on a user’s browser and/or obtain information about the fact that a web browser visited a specific CMMC Info website from a certain IP address. Third parties cannot collect any other personally identifiable information from CMMC Info’s websites unless you provide it to them directly.

Notice for Minors

Minors are prohibited from accessing or using CMMC Info.  If we are notified that an account belongs to a minor, we will investigate and reserve the right to disable or delete the account without notice to you.  At any time you can delete or remove content you have posted using the deletion or removal options within our services.  If you have questions about how to remove content in a specific service or if you would like additional assistance with deletion you can contact us via the form on our Legal page.  Although we offer deletion capability for our services, you should be aware that the removal of content may not ensure complete or comprehensive removal of that content or information posted through the services.


You have the right to opt-out of the sale of your personal information.  CMMC Info does not sell your personal information.

Where the online tool is not currently available for access requests in your region, a request may be made directly to our Legal page.

Children & Education

We understand the importance of taking extra precautions to protect the privacy and safety of children using CMMC Info products and services.  Children under the age of 13, or equivalent minimum age in the relevant jurisdiction, are prohibited from using the CMMC Info website.  This includes, without limitation, schools wishing to use the CMMC Info site for their students.  If we learn that we have collected the personal information of a child under 13, or equivalent minimum age depending on jurisdiction, outside the above circumstances we will take steps to delete the information as soon as possible.  If at any time a parent needs to access, correct, or delete data associated with their child’s CMMC Info ID, they may contact us through the web form on our Legal page.

Location-Based Services

To provide location-based services on CMMC Info products, CMMC Info and our partners and licensees, such as maps data providers, may collect, use, and share precise location data, including the real-time geographic location of the computer or device from which you are accessing the CMMC Info website or other content. Where available, location-based services may use GPS, Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, and other technologies to determine your devices’ approximate location.  We may use this information to limit access to portions of the site based on your geographic location, detect anomalous activities such as logins from unexpected regions, and for other purposes. 

Access to and Control of Information

CMMC Info takes your privacy and the protection of your personal information seriously, and we will provide you with reasonable access to and control of the personal information that you have provided to us.  You may request to update your personal information or to opt in to or opt out of any service offerings at any time.

For individuals located in the European Economic Area, you may have additional rights concerning your personal data, such as to access, obtain a copy of, correct, or delete that information or to withdraw your consent or object to the collection, use, sharing, or other processing of that information. To make any request with respect to your personal information, please contact CMMC Info via the form on our Legal page.

Data Security

We employ reasonable physical, electronic, and procedural security measures to safeguard your personal information and to help protect against unauthorized access and disclosure.  Online registration information, such as payment card information, will be secured using a commercially accepted method of encryption.  However, please be aware that no method of electronic transmission is completely infallible, and we cannot guarantee its absolute safety.  We encourage you to use reasonable care in how you handle and disclose your personal information, username(s), and password(s).  If you become aware of any breach of Site security, please contact us immediately.

Data Retention

CMMC Info retains your personal information for as long as necessary to fulfill the purposes for which it was collected as set forth in this privacy policy, after which we will securely destroy or delete such personal information from our records unless otherwise required by law.  We will retain and use information as necessary to comply with legal obligations, resolve disputes, enforce agreements, and as otherwise set forth in this privacy policy.

International Data Transfer

If you are visiting the Site from outside the United States, please be aware that you are sending information, including personal data, to the United States where our servers are located.  That information may then be transferred within the United States or to other countries outside the United States other than your country of residence.  Countries other than your country of residence, including the United States, may have data privacy and protection laws that differ from, and potentially provide less protection than, the applicable laws in your country of residence.

To the extent that CMMC Info may be deemed to have transferred personal data outside of the European Economic Area, we rely on multiple legal bases for doing so.  For individuals located in the European Economic Area: (i) you consent to our use of your personal information in accordance with this privacy policy, including the transfer of your information across international boundaries to jurisdictions anywhere in the world as permitted by applicable law, when you provide your personal information; (ii) we will use the standard contractual data protection clauses adopted by the European Commission, which provide safeguards for the transfer of such data, in connection with the provision of certain services that involve such transfers; and (iii) we may obtain separate consent in connection with the provision of certain services that involve the transfer of personal data.

Our collection, use, sharing, and other processing of your personal information will at all times be governed by this privacy policy.

Third‑Party Sites and Services

CMMC Info websites, products, applications, and services may contain links to third-party websites, products, and services.  Our products and services may also use or offer products or services from third parties − for example, a third‑party smart phone app.

Information collected by third parties, which may include such things as location data or contact details, is governed by their privacy practices.  We encourage you to learn about the privacy practices of those third parties.

Our Organization-wide Commitment to Your Privacy

To make sure your personal information is secure, we communicate our privacy and security guidelines to CMMC Info employees and strictly enforce privacy safeguards within the company.

Privacy Questions

If you have any questions or concerns about CMMC Info’s Privacy Policy or data processing, you would like to contact our Data Protection Officer, or if you would like to make a complaint about a possible breach of local privacy laws, please contact us via the web form on our Legal page. You can always contact us by phone, too.

When a privacy question or question about personal information received in response to an access/download request is received we have a team which triages your contact to address your issue.  Where your issue may be more substantive in nature, we may request more information from you.  All such substantive contacts receive a response within seven (7), days wherever possible – providing a response on the issue raised, requesting additional information where necessary or indicating that a response will require additional time.  You may at any time refer your complaint to the relevant regulator in your jurisdiction if you are unsatisfied with a reply received from us.  If you ask us, we will endeavor to provide you with information about relevant complaint avenues which may be applicable to your circumstances.

Where your complaint indicates an improvement could be made in our handling of privacy issues we will take steps to make such an update at the next reasonable opportunity. If a privacy issue has resulted in a negative impact on you or another person we will take steps to address that with you or that other person.

CMMC Info may update its Privacy Policy from time to time.  When we change the policy in a material way, a notice will be posted on our website along with the updated Privacy Policy.  We will also attempt to contact you via your contact information on file, for example by email, notification or some other equivalent method.