Privacy Policy

Version 1.2 | Last Updated: March 2026 | Effective Date: March 2026

Summary: CyberPolicyPros collects only the information necessary to deliver our services and process your purchases. We do not sell, rent, or share your personal information with third parties for their marketing purposes.

1. Who We Are

CyberPolicyPros LLC ("CyberPolicyPros," "we," "us," or "our") provides cybersecurity compliance documentation templates and advisory services through our website at cyberpolicypros.net.

CyberPolicyPros LLC
15503 Brinton Way
Brandywine, MD 20613
Privacy inquiries: privacy@cyberpolicypros.net
Legal inquiries: legal@cyberpolicypros.net
Website: cyberpolicypros.net

This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with your use of cyberpolicypros.net and our services. It applies to all users regardless of location and supplements our Terms of Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Contact and quote request forms. Name, work email address, phone number, company name, number of employees, compliance framework needs, and project details submitted through our Get a Quote page and Jotform-powered contact forms.
  • Readiness Assessment responses. Organization size, industry sector, current compliance posture, and framework requirements submitted through our Jotform-powered Readiness Assessment.
  • Purchase information. Name, billing address, email address, and order details collected at checkout. Payment card data is processed directly by Stripe, Inc. and is never transmitted to or stored by CyberPolicyPros.
  • Account information. Username and email address if you create a WooCommerce account on our site.
  • Electronic signature and disclosure records. When you sign the CyberPolicyPros Licensing Agreement during order fulfillment, we collect your typed name, optional title, two consent confirmations (checkbox states), email address, IP address, and submission timestamp. This data constitutes your electronic signature under the ESIGN Act and is retained for license enforcement and legal compliance.
  • Support communications. Email content and attachments when you contact us at support@cyberpolicypros.net or legal@cyberpolicypros.net.

2.2 Information Collected Automatically

  • Log data. IP address, browser type and version, operating system, referring URL, pages visited, time and date of access, and time spent on pages.
  • Cookies and similar technologies. See Section 7 for details on our use of cookies.
  • Device information. Device type, screen resolution, and general geographic location derived from IP address.

2.3 Information from Third Parties

  • Payment processors. Stripe provides us with transaction confirmation, order ID, and limited billing information necessary to fulfill your order. We do not receive full payment card numbers.
  • Jotform. Form submission data from our contact and readiness assessment forms hosted on Jotform is transmitted to us via Jotform's platform. Jotform's privacy policy governs data held on their servers.

2.4 Embedded Document Tracking

  • Digital watermarks. Policy documents delivered through our fulfillment system contain visible and hidden digital watermarks tied to your unique serial number. These watermarks enable us to verify licensing status and trace documents back to the original purchaser in the event of unauthorized redistribution. Watermark tracking data (serial number, associated email address, framework list, and issue date) is retained in accordance with our data retention policy described in Section 5.

3. How We Use Your Information

We use personal information for the following purposes:

  • To process and fulfill your purchase orders and deliver documentation products to your email address.
  • To respond to inquiries, quote requests, and support communications.
  • To record and maintain electronic signature records as required by the ESIGN Act.
  • To send order confirmations, delivery notices, and service-related transactional communications.
  • To send renewal reminders for Annual Update Subscriptions as required by the FTC Negative Option Rule and the Maryland Automatic Renewal Law.
  • To prevent fraud, unauthorized access, and abuse of our services.
  • To comply with applicable legal obligations, including responding to lawful requests from government authorities.
  • To improve our website, services, and user experience.
  • To maintain records required by applicable law.

3.1 Legal Basis for Processing (GDPR)

For customers located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal information on the following legal bases:

  • Contract performance (Art. 6(1)(b) GDPR). Processing your name, email, billing information, and order details is necessary to fulfill your purchase and deliver your documentation.
  • Legal obligation (Art. 6(1)(c) GDPR). Retaining electronic signature records, transaction records, and certain communications is required by the ESIGN Act and applicable tax and commercial law.
  • Legitimate interests (Art. 6(1)(f) GDPR). Security monitoring, fraud prevention, and service improvement are based on our legitimate interests, which do not override your rights and freedoms.
  • Consent (Art. 6(1)(a) GDPR). Where we request your consent for specific processing (such as marketing communications), we will process data only with your explicit consent, which you may withdraw at any time.

4. How We Share Your Information

We do not sell, rent, trade, or share your personal information with third parties for their marketing purposes. We share information only in the following circumstances:

  • Payment processing. Stripe, Inc. processes all payment transactions. Your payment card data is transmitted directly to Stripe and is subject to Stripe's Privacy Policy (stripe.com/privacy) and PCI-DSS compliance. We receive only transaction confirmation and limited billing metadata from Stripe.
  • Form hosting. Jotform, Inc. hosts our contact and readiness assessment forms. Information submitted through those forms is processed by Jotform subject to their privacy policy (jotform.com/privacy). We receive form submission data via Jotform's platform.
  • Service providers. We may share information with hosting providers (GoDaddy), caching and performance services (LiteSpeed), security services (Wordfence), and email delivery services who are bound by confidentiality and data processing obligations no less protective than those in this Policy.
  • Legal requirements. We may disclose information when required by applicable law, court order, or government authority. We will provide advance notice where legally permissible.
  • Business transfers. In the event of a merger, acquisition, or sale of substantially all of our assets, personal information may be transferred to the successor entity, which will be bound by this Policy.
  • Protection of rights. We may disclose information where necessary to protect our rights, property, or safety, or the rights, property, or safety of others, consistent with applicable law.

5. Data Retention

We retain personal information for the following periods:

  • Purchase records and electronic signature metadata. Seven (7) years from the date of your last transaction, consistent with our Terms of Service and applicable commercial record-keeping requirements.
  • Support and communication records. Three (3) years from the date of last communication.
  • Readiness Assessment and contact form submissions. Two (2) years from the date of submission, or until you request deletion.
  • Account information. For the duration of your account and for three (3) years after account closure, unless a longer period is required by law.
  • Log data and automatic collection. Up to twelve (12) months.

After the applicable retention period, personal information is securely deleted or anonymized. We may retain information longer where required by applicable law or where necessary to resolve disputes or enforce our agreements.

6. Data Security

We implement reasonable and appropriate technical, administrative, and physical security measures to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures include HTTPS/TLS encryption for all web traffic, access controls limiting personal data access to authorized personnel, and third-party payment processing through PCI-DSS compliant providers.

No method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Data Breach Notification. In the event of a security breach that is reasonably likely to cause harm to individuals whose personal information we hold, we will notify affected Maryland residents and other affected individuals as required by the Maryland Personal Information Protection Act, Md. Code, Com. Law § 14-3504, and other applicable state and federal breach notification laws. Notification will be provided without unreasonable delay to the email address on file or by substitute notice as permitted by law.

7. Cookies and Tracking Technologies

Our website uses the following categories of cookies and similar technologies:

  • Strictly necessary cookies. Required for the operation of our website, including shopping cart functionality, session management, and security (Wordfence). These cannot be disabled.
  • Performance and caching cookies. Set by LiteSpeed Cache to improve website loading times. These cookies do not collect personally identifiable information.
  • Functional cookies. Remember your preferences such as currency, language, and cart contents across sessions.
  • Analytics cookies. If we use analytics services, these cookies collect anonymous information about how visitors use our site. No personally identifiable information is shared with analytics providers.

Most web browsers allow you to control cookies through browser settings. Disabling strictly necessary cookies may impair the functionality of our website, including the checkout process. You may also opt out of certain tracking by using browser privacy modes or privacy-focused browser extensions.

8. Your Privacy Rights

8.1 Rights for All Users

Regardless of your location, you may contact us at privacy@cyberpolicypros.net to:

  • Request access to the personal information we hold about you.
  • Request correction of inaccurate or incomplete personal information.
  • Request deletion of your personal information, subject to our legal retention obligations and the requirements of the ESIGN Act.
  • Withdraw consent to processing where consent is the legal basis, without affecting the lawfulness of processing before withdrawal.

We will respond to all requests within 45 days. If we need additional time, we will notify you within the initial 45-day period.

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), Cal. Civ. Code § 1798.100 et seq.:

  • Right to know. Request disclosure of the categories and specific pieces of personal information we have collected, the sources of collection, the purposes of collection, and the categories of third parties with whom we share information.
  • Right to correct. Request correction of inaccurate personal information.
  • Right to delete. Request deletion of personal information, subject to certain exceptions.
  • Right to opt out of sale or sharing. We do not sell or share personal information for cross-context behavioral advertising. No opt-out is required, but you may submit a request to confirm our practices.
  • Right to limit use of sensitive personal information. We do not use or disclose sensitive personal information for purposes other than those permitted by CPRA.
  • Right to non-discrimination. We will not discriminate against you for exercising your CCPA/CPRA rights.

To exercise your California rights, contact privacy@cyberpolicypros.net. We will verify your identity before responding to deletion or access requests. We will respond within 45 days, with one permitted extension of an additional 45 days where reasonably necessary.

8.3 EEA, UK, and Swiss Residents (GDPR and UK GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and applicable national implementations, including:

  • Right of access (Art. 15 GDPR). Obtain a copy of your personal data and information about how it is processed.
  • Right to rectification (Art. 16 GDPR). Request correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR). Request deletion of personal data where processing is no longer necessary or where you withdraw consent, subject to legal retention obligations.
  • Right to restriction (Art. 18 GDPR). Request that we restrict processing of your personal data in certain circumstances.
  • Right to data portability (Art. 20 GDPR). Receive personal data you have provided to us in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR). Object to processing based on legitimate interests, including profiling.
  • Right to lodge a complaint. You have the right to lodge a complaint with your national data protection supervisory authority if you believe we have not complied with applicable data protection law.

International Data Transfers. CyberPolicyPros is based in the United States. If you are located in the EEA, UK, or Switzerland, your personal information is transferred to and processed in the United States. Such transfers are conducted in reliance on Standard Contractual Clauses (SCCs) as approved by the European Commission, or on other lawful transfer mechanisms, as applicable. By using our services, you acknowledge that your data will be processed in the United States.

8.4 Maryland Residents

Maryland residents have privacy rights under the Maryland Consumer Protection Act, Md. Code, Com. Law § 13-101 et seq., and the Maryland Personal Information Protection Act, Md. Code, Com. Law § 14-3501 et seq. Nothing in this Privacy Policy waives any non-waivable rights you may have under Maryland law.

9. Children's Privacy

Our services are directed to business professionals and organizations, not to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected information from a child, please contact privacy@cyberpolicypros.net and we will promptly delete it.

10. Third-Party Links

Our website may contain links to third-party websites, including Jotform, Stripe, and other services. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

10A. CAN-SPAM, Do Not Track, and Accessibility

Email Communications

When CyberPolicyPros sends you commercial or marketing email communications, each message will include an unsubscribe mechanism. You may opt out of marketing emails at any time by clicking the unsubscribe link in any marketing email or by contacting privacy@cyberpolicypros.net with the subject line "Email Opt-Out." Opting out of marketing emails does not affect transactional emails related to your purchases, such as order confirmations, delivery notices, and subscription renewal reminders.

In compliance with the CAN-SPAM Act (15 U.S.C. § 7701 et seq.), all commercial email from CyberPolicyPros will identify CyberPolicyPros LLC as the sender, include our physical postal address (15503 Brinton Way, Brandywine, MD 20613), and honor opt-out requests within ten (10) business days.

Do Not Track

Some browsers transmit "Do Not Track" signals to websites. CyberPolicyPros does not currently respond to Do Not Track signals because no industry-wide standard for honoring such signals has been established. We will reassess this position as standards develop. This disclosure satisfies the California Online Privacy Protection Act (CalOPPA), Cal. Bus. & Prof. Code § 22575.

Accessibility

CyberPolicyPros is committed to making our website accessible to all users, including those with disabilities. We work toward conformance with Web Content Accessibility Guidelines (WCAG) 2.1 Level AA, as referenced by the Americans with Disabilities Act (ADA) and Section 508 of the Rehabilitation Act. If you experience difficulty accessing any content on cyberpolicypros.net or require information in an accessible format, please contact us at support@cyberpolicypros.net and we will make reasonable accommodations. We welcome feedback on the accessibility of our site.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy at cyberpolicypros.net/privacy-policy/ with a new "Last Updated" date and provide notice by email to customers with active accounts or subscriptions. Your continued use of our services after the effective date of an updated policy constitutes your acceptance of the changes.

12. Contact Us

For privacy inquiries, requests to exercise your rights, or questions about this Policy:

CyberPolicyPros LLC
15503 Brinton Way
Brandywine, MD 20613
Privacy: privacy@cyberpolicypros.net
Legal: legal@cyberpolicypros.net
Website: cyberpolicypros.net

We will respond to all privacy-related requests within 45 days.

CyberPolicyPros LLC | Privacy Policy Version 1.2 | March 2026 | cyberpolicypros.net

Scroll to Top