CMMC Dashboard Logo
PRIVACY POLICY

Last Updated: 7/9/2025

This Privacy Policy describes how CMMC Dashboard, LLC (“we,” “us,” or “our”) collects, uses, and shares personal information in connection with CMMC Dashboard.

Prohibited Data. The Service is not approved for Controlled Unclassified Information (CUI), Federal Contract Information (FCI), ITAR-controlled data, or any data subject to export-control or national-security handling rules. Do not upload such material to the platform.

1. Information We Collect

Account Data: Name, email, organization, role, billing information.

User Content: Links, file paths, comments, uploaded documents.

Usage Data: Login timestamps, pages visited, IP addresses, device/browser details.

2. How We Use Information

  • Service Delivery: Authenticate users, manage accounts, store and display Your Content.
  • Improvement & Analytics: Aggregate usage metrics to enhance functionality and UX.
  • Communications: Send transactional emails (account notices, billing) and optional updates.
  • Legal Compliance: Comply with legal obligations, protect rights, detect and prevent fraud.
  • AI Model Improvement (Opt-in Only): We do not use customer prompts or outputs to train external or third-party models by default. If you expressly opt in, we may log anonymized inputs and outputs from the AI policy generator to refine our internal algorithms. Never submit CUI, FCI, or other regulated data to the AI tool.

3. Legal Basis for Processing

  • Contract Performance: To fulfill our obligations under your subscription.
  • Legitimate Interests: Service improvement, fraud detection, security monitoring.

4. Data Sharing & Disclosure

  • Service Providers: Hosting (e.g., AWS), email delivery, analytics, payment processors.
  • Legal Requests: Respond to valid subpoenas, court orders, or government requests.
  • Business Transfers: In connection with mergers, acquisitions, or asset sales (with notice).
  • No Data Sales: We do not sell personal information to third parties.

5. Data Retention

We retain personal and user‑generated data for the duration of your account plus two years, unless a longer retention period is required by law.

You may request deletion of your account and data via our contact page; we will comply unless prohibited by legal obligations.

6. Security Measures

  • Encryption: TLS for data in transit; AES‑256 for data at rest.
  • Access Controls: Role‑based permissions.
  • Monitoring & Testing: Regular security assessments, vulnerability scans, and incident response planning.

7. Your Rights & Controls

  • Access & Correction: You may review and update your account information at any time.
  • Data Portability & Deletion: You can request a copy of your data or deletion by contacting us on our contact page.
  • Opt‑Out: You may opt out of non‑essential communications at any time via unsubscribe links.

8. International Transfers

All data is stored and processed in the United States. If we transfer data outside the U.S., we will ensure appropriate safeguards are in place.

9. Children’s Privacy

The Service is intended for organizational users and not directed to children under 18. We do not knowingly collect personal information from minors.

10. Changes to This Policy

We will post updates here with a revised “Last Updated” date and, for material changes, notify you via email.