CyberStrong for DFARS NIST SP 800-171
Defense Contractors: Accelerate NIST SP 800-171 Compliance
iStock-537331500-mod.jpg

Privacy and Terms of Use

Notice

 

Privacy Notice

CyberSaint knows that you care about how your information is used and shared. And we care, too. The information we learn from customers helps us implement and continually improve your experience.

This Privacy Notice describes the information that we gather, how we use and disclose such information, and the steps we take to protect such information. By using CyberStrong or purchasing the service, you are accepting the practices described in this Privacy Notice.

We Gather Information to Implement and Improve CyberStrong

To make a better product, we gather the following types of information.

Information You Give Us. When you use our services, you may provide and we may collect some personal data. Such information can include name, email address, mailing address, phone number, and billing account information. This can also include other information, such as geographic area or preferences, when the information is linked to information that identifies a specific individual. You may provide us with personal data in various ways. For example, when you register for an account, use CyberStrong, post data, interact with other users through messaging or other communication mediums, or send us customer service requests.

Information Collected by Users. A user may store or upload information into CyberStrong that identifies a specific person. Cybersaint has no direct relationship with the individuals whose personal data it hosts. CyberStrong users are responsible for providing notice to any third persons stating the purpose for collecting personal data and notifying how the personal data is processed in or through CyberStrong.

Automatic Information. When a client uses CyberStrong, we may automatically record certain information from the user’s device through various types of technology, including but not limited to cookies and web beacons. This may include IP address or other device identification, web browser, device type, web pages or sites visited immediately before or after using the Service, CyberStrong pages or content the user views or interacts with, and the dates and times of the visit, access, or use of the service. We also may collect information regarding a user’s interaction with email messages, such as whether the user opens, clicks on, or forwards a message.

Integrated Services. You may be given the option to connect CyberStrong with your user name and passwords from integrated third party services, such as a Google account, or authorize an integrated service to provide personal data or other information to Cybersaint. By authorizing CyberStrong to connect with an Integrated Service, you authorize Cybersaint to access and store your name, email address, date of birth, gender, city, profile picture, and any other information that the integrated service provides, and to use and disclose it in accordance with this Privacy Notice. Before connecting an integrated service, you should check your privacy settings to see what information the integrated service makes available, and change those settings to match your preferences.

Cookies and Tracking Technologies. We use information collected through cookies and similar technologies to personalize our products—such as remembering a user’s information so that the user will not have to re-enter it during subsequent visits, provide customized content and information, monitor the effectiveness of services and third-party marketing activities, monitor site usage metrics.

How We Use the Information We Gather

We utilize gathered information in the following ways.

Improvements. We use gathered information to understand and analyze user usage trends and preferences. This helps us improve offerings and develop new products, services, features, and functionality.

Operations. We use gathered information to operate, maintain, enhance our products, to provide the services and information requested by users, to respond to comments and questions, and to provide support to users.

Communications. We may use a user’s email address or other information to contact that user for administrative purposes, including but not limited to customer service, intellectual property infringement, right of privacy violations, defamation issues related to data posted by users, or updates on promotions and events related to products and services offered by Cybersaint and third parties we work with. You have the ability to opt-out of these emails at any time by e-mailed 

Does Cybersaint Share the Information It Receives?

Except as described in this Privacy Notice, we will not intentionally disclose personal data that we collect to third parties without consent. We share customer information only as described below and with subsidiaries Cybersaint controls that either are subject to this Privacy Notice or follow practices at least as protective as those described in this Privacy Notice.

Third-Party Service Providers. We work with third party service providers who provide website, application development, hosting, maintenance, and other services for us. They have access to personal information needed to perform their functions, but may not use it for other purposes. These third parties may have access to, or process personal data as part of providing those services for us. We limit the information provided to these service providers to what is reasonably necessary for them to perform their functions, and our contracts require them to maintain the confidentiality of such information.

Business Transfers: As we continue to develop our business, we might sell or buy subsidiaries or business units. In such transactions, customer information generally is one of the transferred business assets but remains subject to the promises made in this pre-existing Privacy Notice, unless the customer consents otherwise.

Law Enforcement, Legal Process, and Compliance: We release account and other personal information when we believe release is required to comply with the law, enforce or apply our conditions of use and other agreements, or protect the rights, property, or safety of Cybersaint and our users. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.

Non Personally Identifiable Information. We may make certain automatically-collected, aggregated, or otherwise non-personally-identifiable information available to third parties for various purposes, including but not limited to compliance with reporting obligations, business or marketing, to assist in understanding user patterns, and to improve content, services, and functionality.

How Secure is Your Personal Information?

Cybersaint uses industry standards to protect the information submitted to us, both during transmission and storage. We maintain appropriate administrative, technical, and physical safeguards to protect personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal data in our possession. This includes firewalls, password protection, optional two-factor authentication, and other access and authentication controls. We use SSL technology to encrypt data during transmission, and we employ application-layer security features to further anonymize personal data.

However, no method of transmission over the Internet or electronic storage is perfectly secure. We cannot guarantee the security of any information you transmit to us or store on our systems, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you believe your personal data has been compromised, please contact us at privacy@cybersaint.io.

We are not responsible for circumvention of any privacy settings or security measures on the Service. Additionally, we cannot control the actions of other users with whom you may choose to share your information. Further, even after information posted is removed, caching and archiving services may have saved that information, and other users or third parties may have copied or stored the information available on the Service. We cannot and do not guarantee that information you post on or transmit will not be viewed by unauthorized persons.

Third-Party Services

Cybersaint products may contain features or links to web sites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies governing privacy and security, even if accessed through our systems. We are not responsible for third party content, privacy policies, or security practices. We encourage you to learn about third parties’ privacy and security policies before providing them with information.

Minors and Children’s Privacy

Our Service is not intended for children, and we do not knowingly collect personal data from children under the age of 18 without obtaining parental consent. If you are under 18 years of age, then please do not use or access CyberStrong at any time or in any manner.  If we learn that personal data has been collected from persons under 18 years of age and without verifiable parental consent, then we will take appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has obtained a Cyberstrong account on the Service, then you may alert us at privacy@cybersaint.com and request that we delete that child’s personal data from our systems.

Data Controller and Data Processor

Cybersaint does not own, control, or direct the use of any data stored or processed by CyberStrong users. Only users are entitled to access, retrieve, and direct the use of such data. Cybersaint is largely unaware of what data is being stored or made available by users and does not directly access such data except as authorized by the client, or as necessary to provide services to the client and its users.

Because Cybersaint does not collect or determine the use of any personal data contained in clients’ data and because Cybersaint does not determine the purposes for which such personal data is collected, the means of collecting such personal data, or the uses of such personal data, Cybersaint is not acting in the capacity of data controller as outlined in European Union Directive 95/46/EC on data privacy or the European Data Protection Regulation, and does not have the associated responsibilities under the law.

Cybersaint should be considered only as a processor on behalf of its clients regarding any client data containing personal information that is subject to the requirements of the European Data Protection Regulation. Except as provided in this Privacy Notice, Cybersaint does not independently cause client data containing personal data to be transferred or otherwise made available to third parties, except to third party subcontractors who may process such data on behalf of Cybersaint in connection with Cybersaint’s provision of services to clients. Such actions are performed or authorized only by the applicable client or user.

The client or user is the data controller under the European Data Protection Regulation for any client data containing personal data, meaning that the client or user controls the manner such personal data is collected and used and determines the purposes and means of the processing of such personal data.

Cybersaint is not responsible for the content of the personal data contained in the client data or other information stored on Cybersaint servers or subcontractor servers.

Access, Correction, Deletion

We respect your privacy rights and provide reasonable access to the personal data that you provide. You may decline to share certain personal data with us, in which case we may not be able to provide to you some features and functionality. If you wish to access or amend any personal data we hold about you, or request that we delete any information about you that we have obtained from an integrated service, you may contact us as at privacy@cybersaint.io. At your request, we will block or delete any reference to you in our databases.

You may update, correct, or delete your user account information and preferences at any time by accessing your account settings page in CyberStrong. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain information you submit for backups, archiving, prevention of fraud and abuse, analytics, or satisfaction of legal obligations.

Opting out from Commercial Communications

If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email.

Changes and Updates to the Privacy Notice

Please revisit this page periodically to be aware of any changes to the Privacy Notice, which we may update periodically. If we modify the Privacy Notice, we will notify you of such changes upon logging into our product and will comply with all applicable laws. Your continued use after the revised Privacy Notice has become effective indicates that you have read, understood, and agreed to the revised version of the Privacy Notice.

How to Contact Us

Please contact us with any questions or comments about this Privacy Notice, your personal data, our use and disclosure practices, or your consent choices by email at info@cybersaint.io