Privacy Policy | Cyber Protection Services

Cyber Protection Services LLC ("CybPro," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect, how and why we use it, who we share it with, how we protect it, and the choices and rights you have. It applies to cyberprotection.com (the "Website") and to the products and services we provide, including our TripleCV GRC platform, CMMC and compliance advisory services, web services, and related offerings (collectively, the "Services").

This Policy works together with our Cookies Policy and our Terms & Conditions. Where we provide Services under a separate written agreement, and that agreement addresses the handling of data, the terms of that agreement govern the data covered by it.

1. Who we are

Cyber Protection Services LLC is a cybersecurity, governance, risk, and compliance (GRC) company organized as a limited liability company under the laws of the State of Maryland, United States, with its registered office at 1420 Joh Ave, Suite A, Halethorpe, MD 21227, USA. For the personal information we collect through the Website and in providing our Services, CybPro is the controller responsible for that information.

For any questions about this Policy or our privacy practices, contact us at [email protected]. Full contact details are in Section 16.

2. Information we collect

The information we collect depends on how you interact with us. It may include:

Identification and contact data — your name, business email address, telephone number, mailing or business address, job title, and employer or organization.
Account and credential data — if you register for an account or receive access to the TripleCV GRC platform, your username, password, and similar access credentials, and records of your activity within the platform.
Payment and billing data — billing contact and transaction details needed to process payments for paid Services. Card payments are handled by our payment processors; we do not store full payment-card numbers.
Professional and organizational data — information about your organization, role, industry, and environment that is relevant to providing cybersecurity and GRC services to you.
Information you provide in connection with the Services — details you share with us during an inquiry, consultation, or engagement, or that you submit through the Website or the TripleCV platform. Please do not submit classified information, controlled unclassified information (CUI), export-controlled data, or other regulated or highly sensitive information through general Website features; such information should be exchanged only through secure channels we designate under an applicable agreement.
Website usage and device data — information collected automatically when you use the Website, such as your IP address, browser and device type, operating system, referring pages, the pages you view, and dates and times of access. We collect this using cookies and similar technologies, as described in our Cookies Policy.
Communications — the content of, and records relating to, your communications with us, including emails, contact-form and inquiry submissions, newsletter sign-ups, and any comments you post.

We generally do not seek to collect special categories of data (such as data revealing health, race or ethnicity, religious beliefs, or similar sensitive information), and we ask that you not submit such information to us unless we specifically request it for a defined purpose.

3. How we collect your information

We collect personal information in three main ways:

Directly from you — when you contact us or request information or a quote, sign up for our newsletter or events, create an account, use the TripleCV platform, engage us for Services, or otherwise communicate with us.
Automatically — when you use the Website, through cookies and similar technologies, as described in our Cookies Policy.
From third parties and public sources — for example, when your colleague or organization provides your details so we can deliver Services, when we interact with a government or regulatory body in connection with our work, or from publicly available sources such as business or professional networking sites and public registers (including sanctions and watchlists where relevant to our compliance obligations).

4. How and why we use your information

We use personal information to operate our business and provide our Services, including to:

respond to your inquiries, provide quotes, and communicate with you;
establish and administer accounts and provide, maintain, and improve the Website and the Services;
deliver cybersecurity and GRC services, including CMMC readiness and compliance work, under our engagement with you;
process payments and manage billing;
send administrative messages, and — where you have not opted out — newsletters, updates, and information about our Services and events;
protect the security and integrity of our Website, systems, and Services, and detect, prevent, and respond to fraud, abuse, and security incidents;
comply with our legal, regulatory, and contractual obligations and maintain records of our compliance;
and establish, exercise, or defend legal claims.

Legal bases (EEA/UK). Where the EU or UK General Data Protection Regulation applies, we rely on one or more of the following legal bases: performance of a contract with you (or to take steps at your request before entering one); our legitimate interests in operating, securing, and improving our business and Services, balanced against your rights; compliance with a legal obligation; and your consent (for example, for certain marketing communications or non-essential cookies), which you may withdraw at any time. Where we rely on legitimate interests, you may ask us about that balancing.

5. Cookies and similar technologies

We use cookies and similar technologies on the Website to keep it secure and functioning, to remember your preferences, and to understand and improve how it is used. We do not use targeting or advertising cookies. For full details about the cookies we use, the choices you have, and how to manage them, please see our Cookies Policy.

6. How we share your information

We do not sell your personal information. We share it only as needed to run our business and provide the Services, including with:

Service providers and processors — third parties that perform services on our behalf, such as hosting and platform providers, IT and security vendors, payment processors, communications and analytics providers, and professional advisers. They are permitted to use the information only to provide services to us and are bound by confidentiality and data-protection obligations.
Clients and their representatives — where we collect information while providing Services to a client, we may share it with that client and others as needed to deliver those Services.
Authorities and to protect rights — with law-enforcement bodies, regulators, courts, or other authorities where we believe in good faith that disclosure is required by law or regulation, or is necessary to establish, exercise, or defend legal rights, or to protect the safety, rights, or property of any person.
Business transfers — in connection with a merger, acquisition, financing, reorganization, or sale of assets, in which case personal information may be transferred to the parties involved, subject to appropriate confidentiality protections.
With your direction or consent — with other parties when you ask us to share, or otherwise consent to sharing, your information.

7. Third-party websites and services

The Website may contain links to, or integrate, third-party websites and services that we do not control, including embedded content and social-media features. This Policy does not apply to those third parties, and we are not responsible for their content or privacy practices. When you leave our Website or interact with a third-party service, we encourage you to review the privacy policy of each site or service you use.

8. International data transfers

We are based in the United States, and the information we collect is generally processed and stored in the United States. If you access the Website or use the Services from outside the United States, you understand that your information will be transferred to, and processed in, the United States and potentially other countries where we or our service providers operate, which may have data-protection laws that differ from those in your country.

Where we transfer personal information that is protected under the laws of the European Economic Area, the United Kingdom, or Switzerland to a country that has not received an adequacy decision, we put in place an appropriate safeguard recognized under applicable law — for example, the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum, where applicable) — or rely on another lawful transfer mechanism, such as an applicable adequacy framework or your explicit consent. You may contact us at [email protected] for more information about the safeguards we use.

9. How long we keep your information

We keep personal information for as long as we have a relationship with you and thereafter for as long as needed to fulfill the purposes described in this Policy. When the information is no longer needed for those purposes, we retain it for the longest of: any period required by applicable legal, regulatory, tax, or accounting obligations; the period in which legal claims relating to our Services might arise; and any period set out in our records-retention practices. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and applicable legal requirements. When we no longer need information, we securely delete or anonymize it; where that is not immediately feasible, we securely store it and isolate it from further use until deletion is possible.

10. How we protect your information

We maintain administrative, technical, and physical safeguards designed to protect personal information against accidental or unlawful loss, misuse, unauthorized access, disclosure, alteration, and destruction. We limit access to personal information to people who need it to do their jobs, and they are subject to confidentiality obligations. As a cybersecurity and compliance company, we align our internal practices with recognized security frameworks and review and update our controls over time. We also maintain procedures for handling security incidents and will notify you and any applicable regulator of a breach where we are legally required to do so. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

11. Your privacy rights

Depending on where you live and the laws that apply to you, you may have some or all of the following rights regarding your personal information:

Access — to confirm whether we process your information and to obtain a copy of it.
Correction — to have inaccurate or incomplete information corrected.
Deletion — to have your information deleted in certain circumstances.
Portability — to receive certain information in a portable format and, where technically feasible, have it transmitted to another controller.
Objection and restriction — to object to, or ask us to restrict, certain processing, including processing based on our legitimate interests.
Opt out of certain processing — to opt out of the "sale" or "sharing" of personal information and of targeted advertising and certain profiling, as those concepts are defined under U.S. state privacy laws (see Section 12).
Withdraw consent — where we rely on your consent, to withdraw it at any time, without affecting processing already carried out.
Non-discrimination — to not receive discriminatory treatment for exercising your privacy rights.
Appeal — where provided by applicable U.S. state law (including Maryland's), if we decline your request, to appeal that decision.

U.S. state privacy laws. Residents of U.S. states with comprehensive privacy laws — including the California Consumer Privacy Act as amended by the CPRA, the Maryland Online Data Privacy Act (MODPA), and similar laws in other states — may exercise the rights above to the extent those laws apply. We do not sell personal information or use it for cross-context behavioral advertising, and we apply data-minimization principles, collecting and using only the information reasonably necessary for the purposes described in this Policy.

To exercise any right, contact us using the details in Section 16. We will respond within the timeframe required by applicable law. To protect your information, we may need to verify your identity before acting on a request, and you may use an authorized agent where the law permits.

12. Do Not Sell or Share & Global Privacy Control

We do not sell your personal information for money, and we do not "share" it for cross-context behavioral advertising, as those terms are defined under U.S. state privacy laws such as the CPRA and MODPA. We also do not use targeting or advertising cookies.

Some browsers and extensions can send a Global Privacy Control (GPC) signal indicating that you want to opt out of the sale or sharing of your personal information. Where required by applicable law, we treat a recognized GPC signal as a valid opt-out request for the browser or device from which it is sent. You can also use the "Do Not Sell or Share My Personal Information" link in our Website footer, or contact us, to make your preferences known. Because there is no common industry standard for browser "Do Not Track" signals, we do not currently respond to them; see our Cookies Policy for more.

13. Children's privacy

The Website and Services are intended for businesses and professionals and are not directed to children. We do not knowingly collect personal information from children under the age of 16 (or a higher age where required by applicable law). If you believe a child has provided us with personal information, please contact us at [email protected] and we will take appropriate steps to delete it.

14. Information you provide about other people

If you provide us with personal information about another individual — for example, a colleague, client contact, or other third party — you are responsible for ensuring you have the authority to do so and that they have been informed of how their information will be used, including by reference to this Privacy Policy. Please share another person's information with us only when it is appropriate and lawful to do so.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. When we make changes, we will revise the "Last revised" date at the top of this page, and where the changes are material we will take reasonable steps to provide notice (for example, by posting a notice on the Website or notifying you by email). We encourage you to review this Policy periodically so that you stay informed about how we handle your information.

16. How to contact us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or want to make a complaint about how we handle your information, please contact us:

Cyber Protection Services LLC 1420 Joh Ave, Suite A, Halethorpe, MD 21227, USA Privacy matters: [email protected] General inquiries: [email protected] Phone: (888) 429-2377 · (410) 660-2260

If you are not satisfied with our response, you may have the right to lodge a complaint with your local data-protection or consumer-protection authority. In Maryland, this includes the Office of the Maryland Attorney General; in the EEA or UK, your local supervisory authority.