OUR PRIVACY POLICY

Welcome!

Cybersecurity Risk Solutions, LLC (CRS) to be referenced further as “CRS”, also dba as “Secure CyberID” is a cybersecurity firm providing security products and services direct to commercial enterprise companies and small to-mid size businesses, as well as consumers by way of:

  • Affinity Groups & Associations
  • Employee Benefits
  • Direct-to-Consumer
  • Managed Service Providers (MSPs and MSSPs)
  • Channel Partners/Affiliates/Resellers

 

This Policy explains how we collect, use, and share your personal information.

  • We collect very little personal information about you.
  • We do not rent or sell your information to third parties.

By using CRS Sites, you consent to this Policy.

The CRS movement is founded on a simple, but powerful principle: we can do more together than any of us can do alone. We cannot work collectively without gathering, sharing, and analyzing information about our users as we seek new ways to make the CRS Sites more useable, safer, and more beneficial.

We believe that information-gathering and use should go hand-in-hand with transparency. This Privacy Policy explains how CRS collects, uses, and shares information we receive from you through your use of the CRS Sites. It is essential to understand that, by using any of the CRS Sites, you consent to the collection, transfer, processing, storage, disclosure, and use of your information as described in this Privacy Policy. That means that reading this Policy carefully is important.

We believe that you shouldn’t have to provide personal information to participate in the free knowledge movement. You do not have to provide things like your real name, address, or date of birth to sign up for our monthly newsletter, blog or contribute content to the CRS Sites.

We do not sell or rent your nonpublic information, nor do we give it to others to sell you anything. We use it to figure out how to make the CRS Sites more engaging and accessible, to see which ideas work, and to make learning and contributing more fun. Put simply: we use this information to make the CRS Sites better for you.

After all, it’s people like you, the champions of free knowledge, who make it possible for the CRS Sites to not only exist, but also grow and thrive.

Definitions

Because everyone (not just lawyers) should be able to easily understand how and why their information is collected and used, we use common language instead of more formal terms throughout this Policy. To help ensure your understanding of some particular key terms, here is a table of translations:

 

When we say… … we mean:
“the CRS Sites” / “Secure CyberID” / “we” / “us” / “our” The Cybersecurity Risk Solutions, LLC organization that operates the CRS Sites.
“CRS Sites” / “our products and services” CRS websites, products and services (regardless of language), including our main projects, such as Secure CyberID, as well as mobile applications, APIs, emails, and notifications; excluding, however, sites and services listed in the “What This Privacy Policy Doesn’t Cover” section below.
“you” / “your” / “me” You, regardless of whether you are an individual, group, or organization, and regardless of whether you are using the CRS Sites or our services on behalf of yourself or someone else.
“this Policy” / “this Privacy Policy” This document, entitled the “CRS Privacy Policy”.
“contributions” Content you add or changes you make to any CRS Sites.
“personal information” Information you provide us or information we collect from you that could be used to personally identify you. To be clear, while we do not necessarily collect all of the following types of information, we consider at least the following to be “personal information” if it is otherwise nonpublic and can be used to identify you:

(a) your real name, address, phone number, email address, password, identification number on government-issued ID, IP address, user-agent information, credit card number;

(b) when associated with one of the items in subsection (a), any sensitive data such as date of birth, gender, sexual orientation, racial or ethnic origins, marital or familial status, medical conditions or disabilities, political affiliation, and religion; and

(c) any of the items in subsections (a) or (b) when associated with your user account.

“third party” / “third parties” Individuals, entities, websites, services, products, and applications that are not controlled, managed, or operated by CRS. This includes other channel partners, affiliates, resellers, independent organizations or groups who help promote the CRS products and services.

We recognize that only a minority of you are familiar with technical terms like “tracking pixels” and “cookies” used in the Privacy Policy. Whether you are brand new to privacy terminology or you are an expert who just wants a refresher, you might find our Glossary of Key Terms helpful.

 

What This Privacy Policy Does & Doesn’t Cover

Except as explained below, this Privacy Policy applies to our collection and handling of information about you that we receive as a result of your use of any of the CRS Sites. This Policy also applies to information that we receive from our partners or other third parties. To understand more about what this Privacy Policy covers, please see below.

Expand

Examples of What This Privacy Policy Covers

This Privacy Policy, however, does not cover some situations where we may gather or process information. For example, some uses may be covered by separate privacy policies or sites or services run by third parties (such as third-party manufactures).  To understand more about what this Privacy Policy does not cover, please see below.

Use of info

Types of Information We Receive From You, How We Get It, & How We Use It

 

Your Public Contributions

Whatever you post on CRS Sites can be seen and used by everyone.

The CRS Sites were primarily created to sell products and services, as well as help you to stay on top of the latest cyber security threats and how to protect your business and family.  We share your contributions because you have asked us to do so.

When you make a contribution to any CRS Site, including on user or discussion pages, you are creating a permanent, public record of every piece of content added, removed, or altered by you. The page history will show when your contribution or deletion was made, as well as your username (if you are signed in) or your IP address (if you are not signed in). We may use your public contributions, either aggregated with the public contributions of others or individually, to create new features or data-related products for you or to learn more about how the CRS Sites are used.

Unless this Policy says otherwise, you should assume that information that you actively contribute to the CRS Sites, including personal information, is publicly visible and can be found by search engines. Like most things on the Internet, anything you share may be copied and redistributed throughout the Internet by other people. Please do not contribute any information that you are uncomfortable making permanently public, like revealing your real name or location in your contributions.

You should be aware that specific data made public by you or aggregated data that is made public by us can be used by anyone for analysis and to infer information about users, such as which country a user is from, political affiliation, and gender.

 

Account Information & Registration

You do not need to create an account to use any CRS Site.

If you do create an account, you do need to give us your name and email address.

If you do not create an account, your contributions will be publicly attributed to your IP address.

Want to create an account? Great! Don’t want to create an account? No problem!

You are not required to create an account to read, but you do if you plan to contribute to a Site, except under rare circumstances. If you want to create a standard account, in most cases we require only a first name or username, an email address and a password. Your username will be publicly visible, so please be careful about using your real name as your username. Your password is only used to verify that the account is yours. Your IP address is also automatically submitted to us, and we record it temporarily to help prevent abuse. No other personal information is required: no date of birth, no credit card information.

Once created, user accounts cannot be removed entirely (although you can usually hide the information on your user page if you choose to). This is because your public contributions must be associated with their author (you!). So make sure you pick a name that you will be comfortable with for years to come.

To gain a better understanding of the demographics of our users, to localize our services, and to learn how we can improve our services, we may ask you for more demographic information, such as gender or age, about yourself. We will tell you if such information is intended to be public or private, so that you can make an informed decision about whether you want to provide us with that information. Providing such information is always completely optional. If you don’t want to, you don’t have to—it’s as simple as that.

 

Information Related to Your Use of the CRS Sites

We may use common technologies to collect information about how you use CRS Sites.

We use this information to enhance your user experience and to develop new features.

We want to make the CRS Sites better for you by learning more about how you use them. Examples of this might include how often you visit the CRS Sites, what you like, what you find helpful, how you get to the CRS Sites, and whether you would use a helpful feature more if we explained it differently. We also want this Policy and our practices to reflect our community’s values. For this reason, we keep information related to your use of the CRS Sites confidential, except as provided in this Policy.

 

 

Information We Receive Automatically

Like other websites, we receive some information about you automatically when you visit the CRS Sites. This information helps us administer the CRS Sites and enhance your user experience.

Because of how browsers work and similar to other major websites, we receive some information automatically when you visit the CRS Sites. This information includes the type of device you are using (possibly including unique device identification numbers, for some beta versions of our mobile applications), the type and version of your browser, your browser’s language preference, the type and version of your device’s operating system, in some cases the name of your internet service provider or mobile carrier, the website that referred you to the CRS Sites, which pages you request and visit, and the date and time of each request you make to the CRS Sites.

Put simply, we use this information to enhance your experience with CRS Sites. For example, we use this information to administer the sites, provide greater security, and fight vandalism; optimize mobile applications, customize content and set language preferences, test features to see what works, and improve performance; understand how users interact with the CRS Sites, track and study use of various features, gain understanding about the demographics of the different CRS Sites, and analyze trends.

 

 

Information We Collect

We use a variety of commonly-used technologies, like cookies, to understand how you use the CRS Sites, make our services safer and easier to use, and to help create a better and more personalized experience for you.

We actively collect some types of information with a variety of commonly-used technologies. These generally include tracking pixelsJavaScript, and a variety of “locally stored data” technologies, such as cookies and local storage. We realize that some of these technologies do not have the best reputation in town and can be used for less-than-noble purposes. So we want to be as clear as we can about why we use these methods and the type of information we collect with them.

Depending on which technology we use, locally stored data can be anything from text, pictures, and whole articles (as we explain further below) to personal information (like your IP address) and information about your use of the CRS Sites (like your username or the time of your visit).

We use this information to make your experience with the CRS Sites safer and better, to gain a greater understanding of user preferences and their interaction with the CRS Sites, and to generally improve our services. We will never use third-party cookies, unless we get your permission to do so. If you ever come across a third-party data collection tool that has not been authorized by you (such as one that may have been mistakenly placed by another user or administrator), please report it to us at privacy@securecyberid.com

Locally stored data, JavaScript, and tracking pixels help us do things like:

  • Provide you with a personalized experience, such as using cookies to know your language preference, to remember the user preferences you set so we can provide you with the customized look and feel that you want, and to tell you about interesting CRS issues and events in your area.
  • Deliver more relevant content to you faster. For example, we may use local storage to store your most recently read articles directly on your device, so they can be retrieved quickly. Also, we may use cookies to learn about the topics searched so that we can optimize the search results we deliver to you.
  • Understand how you use the CRS Sites, so that we know what works and what is useful. For example, we might use cookies to learn about the list of articles you are following on your watchlist so that we can recommend similar articles that you may be interested in.
  • Understand how you use the CRS Sites across different devices, so that we can make our varied CRS Sites more efficient and effective for you.
  • Make the CRS Sites more convenient to use, such as by using cookies to maintain your session when you log in or to remember your username in the login field.

Want to know even more? You can read more about some of the specific cookies we use, when they expire, and what we use them for in our FAQ.

We believe this data collection helps improve your user experience, but you may remove or disable some or all locally stored data through your browser settings, depending on your browser. You can learn more about some options you have in our FAQ. While locally stored data may not be necessary to use our sites, some features may not function properly if you disable locally stored data.

While the examples above concerning information about you collected through the use of data collection tools are kept confidential in accordance with this Policy, please note that some information about the actions taken by your username is made publicly available through public logs alongside actions taken by other users. For example, a public log may include the date your account was created on a CRS Site along with the dates that other accounts were created on a CRS Site. Information available through public logs will not include personal information about you.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Emails

If you choose to provide your email address, we will keep it confidential, except as provided in this Policy.

We may occasionally send you emails about important information.

You may choose to opt out of certain kinds of notifications.

You have the option of providing an email address at the time of registration or in later interactions with the CRS Sites. If you do so, your email address is kept confidential, except as provided in this Policy. We do not sell, rent, or use your email address to advertise third-party products or services to you.

We use your email address to let you know about things that are happening with the CRS Sites, or CRS, such as telling you important information about your account, letting you know if something is changing about the CRS Sites or policies, and alerting you when there has been a change to an article that you have decided to follow. Please note that if you email us, we may keep your message, email address, and any other information you provide us, so that we can process and respond to your request.

You can choose to limit some of these kinds of notifications, like those alerting you if an article changes. Others, such as those containing critical information that all users need to know to participate successfully in the CRS Sites, you may not be able to opt out of. You can manage what kinds of notifications you receive and how often you receive them by going to your Notifications Preferences. You can learn more about email and notifications and how to change your preferences in our FAQ.

We will never ask for your password by email (but may send you a temporary password via email if you have requested a password reset). If you ever receive such an email, please let us know by sending it to privacy@securecyberid.com, so we can investigate the source of the email.

Direct communications between users (such as messages sent through the “Email this user” feature), to the extent such communications are nonpublic and stored in or in transit through CRS systems, are kept confidential by us, except as provided in this Policy.

 

 

 

Surveys & Feedback

We may ask you to provide us with information through a survey or provide feedback, but you will never be obligated to participate.

Participating in optional surveys or providing feedback helps us make the CRS Sites better. Because every survey and request for feedback may be used for various purposes, we will tell you, at the time we give you the survey or request for feedback, how we plan on using your answers and any personal information you provide. If you don’t feel comfortable with how we plan on using the survey or feedback results, you are not obligated to take the survey or give feedback.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website

 

Location Information

GPS & Other Location Technologies

If you consent, we can use commonly-used location technologies to show you more relevant content.

Some features we offer work better if we know what area you are in. But it’s completely up to you whether or not you want us to use geolocation tools to make some features available to you. If you consent, we can use GPS (and other technologies commonly used to determine location) to show you more relevant content. We keep information obtained by these technologies confidential, except as provided in this Policy. You can learn more by checking out the list of examples of how we use these technologies in our FAQ.

 

Metadata

We may automatically receive location data from your device. For example, if you upload a photo using the CRS mobile app, please be aware that the default setting on your mobile device typically results in the metadata associated with your photo being included in the upload.

Sometimes, we may automatically receive location data from your device. For example, if you want to upload a photo on the CRS mobile app, we may receive metadata, such as the place and time you took the photo, automatically from your device. Please be aware that, unlike location information collected using GPS signals described above, the default setting on your mobile device typically includes the metadata in your photo or video upload to the CRS Sites. If you do not want metadata sent to us and made public at the time of your upload, please change your settings on your device.

 

IP Addresses

When you visit any CRS Site, we automatically receive the IP address of the device you are using to access the Internet, which can be used to infer your geographical location.

Finally, when you visit any CRS Site, we automatically receive the IP address of the device (or your proxy server) you are using to access the Internet, which could be used to infer your geographical location. We keep IP addresses confidential, except as provided in this Policy. For example, if you make a contribution without signing into your account, your IP address used at the time will be publicly and permanently recorded. If you are visiting CRS Sites with your mobile device, we may use your IP address to provide anonymized or aggregated information to service providers regarding the volume of usage in certain areas. We use IP addresses for research and analytics; to better personalize content, notices, and settings for you; to fight spam, identity theft, malware, and other kinds of abuse; and to provide better mobile and other applications.

Sharing

When May We Share Your Information?

We may share your information when you give us specific permission to do so.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

With Your Permission

We may share your information for a particular purpose, if you agree. You can find more information in the list of examples in our FAQ.

 

For Legal Reasons

We will disclose your information in response to an official legal process only if we believe it to be legally valid. We will notify you of such requests when possible.

We may access, preserve, or disclose your personal information if we reasonably believe it necessary to satisfy a valid and legally enforceable warrant, subpoena, court order, law or regulation, or other judicial or administrative order. However, if we believe that a particular request for disclosure of a user’s information is legally invalid or an abuse of the legal system and the affected user does not intend to oppose the disclosure themselves, we will try our best to fight it. We are committed to notifying you via email at least ten (10) calendar days, when possible, before we disclose your personal information in response to a legal demand. However, we may only provide notice if we are not legally restrained from contacting you, there is no credible threat to life or limb that is created or increased by disclosing the request, and you have provided us with an email address.

Nothing in this Privacy Policy is intended to limit any legal objections or defenses you may have to a third party’s request (whether it be civil, criminal, or governmental) to disclose your information. We recommend seeking the advice of legal counsel immediately if such a request is made involving you.

For more information, see our Subpoena FAQ.

 

If the Organization is Transferred (Really Unlikely!)

In the unlikely event that the ownership of CRS changes, we will provide you 30 days’ notice before any personal information is transferred to the new owners or becomes subject to a different privacy policy.

In the extremely unlikely event that ownership of all or substantially all of CRS changes, or we go through a reorganization (such as a merger, consolidation, or acquisition), we will continue to keep your personal information confidential, except as provided in this Policy, and provide notice to you via the CRS Sites or similar mailing list at least thirty (30) calendar days before any personal information is transferred or becomes subject to a different privacy policy.

 

To Protect You, Ourselves & Others

We, or users with certain administrative rights, may disclose information that is reasonably necessary to:

  • enforce or investigate potential violations of CRS or community-based policies;
  • protect our organization, infrastructure, employees, contractors, or the public; or
  • prevent imminent or serious bodily harm or death to a person.

We, or particular users with certain administrative rights as described below, may need to share your personal information if it is reasonably believed to be necessary to enforce or investigate potential violations of our Terms of Use, this Privacy Policy, or any CRS or user community-based policies. We may also need to access and share information to investigate and defend ourselves against legal threats or actions.

CRS Sites are collaborative, with users writing most of the policies and selecting from amongst themselves people to hold certain administrative rights. These rights may include access to limited amounts of otherwise nonpublic information about recent contributions and activity by other users. They use this access to help protect against vandalism and abuse, fight harassment of other users, and generally try to minimize disruptive behavior on the CRS Sites. These various user-selected administrative groups have their own privacy and confidentiality guidelines, but all such groups are supposed to agree to follow our Access to Nonpublic Information Policy. These user-selected administrative groups are accountable to other users through checks and balances: users are selected through a community-driven process and overseen by their peers through a logged history of their actions. However, the legal names of these users are not known to the CRS.

We hope that this never comes up, but we may disclose your personal information if we believe that it’s reasonably necessary to prevent imminent and serious bodily harm or death to a person, or to protect our organization, employees, contractors, users, or the public. We may also disclose your personal information if we reasonably believe it necessary to detect, prevent, or otherwise assess and address potential spam, malware, fraud, abuse, unlawful activity, and security or technical concerns. (Check out the list of examples in our FAQ for more information.)

 

To Our Service Providers

We may disclose personal information to our third-party service providers or manufacturers to help run or improve the CRS Sites and provide services in support of our mission.

As hard as we may try, we can’t do it all. So sometimes we use third-party service providers or contractors who help run or improve the CRS Sites for you and other users. We may give access to your personal information to these providers or contractors as needed to perform their services for us or to use their tools and services. We put requirements, such as confidentiality agreements, in place to help ensure that these service providers treat your information consistently with, and no less protective of your privacy than, the principles of this Policy. (Check out the list of examples in our FAQ.)

 

To Understand & Experiment

We may give volunteer developers and researchers access to systems that contain your information to allow them to protect, develop, and contribute to the CRS Sites.

We may also share non-personal or aggregated information with third parties interested in studying the CRS Sites.

When we share information with third parties for these purposes, we put reasonable technical and contractual protections in place to protect your information consistent with this Policy.

The software that powers the CRS Sites depends on the contributions of software developers, who spend time writing and testing code to help it improve and evolve with our users’ needs. To facilitate their work, we may give some developers limited access to systems that contain your personal information, but only as reasonably necessary for them to develop and contribute to the CRS Sites.

Similarly, we may share non-personal or aggregated information with other interested third parties who wish to study the CRS Sites. Sharing this information helps them understand usage, viewing, and demographics statistics and patterns. They then can share their findings with us and our users so that we can all better understand and improve the CRS Sites.

When we give access to personal information to third-party developers, we put requirements, such as reasonable technical and contractual protections, in place to help ensure that these service providers treat your information consistently with the principles of this Policy and in accordance with our instructions. If these developers later publish their work or findings, we ask that they not disclose your personal information. Please note that, despite the obligations we impose on developers, we cannot guarantee that they will abide by our agreement, nor do we guarantee that we will regularly screen or audit their projects. (You can learn more about re-identification in our FAQ.)

 

Because You Made It Public

Information that you post is public and can been seen and used by everyone.

Any information you post publicly on the CRS Sites is just that – public. For example, if you use your mailing address, that is public, and not protected by this Policy. And if you edit without registering or logging into your account, your IP address will be seen publicly. Please think carefully about your desired level of anonymity before you disclose personal information on your user page or elsewhere.

 

Protection

How Do We Protect Your Data?

We use a variety of physical and technical measures, policies, and procedures to help protect your information from unauthorized access, use, or disclosure.

We strive to protect your information from unauthorized access, use, or disclosure. We use a variety of physical and technical measures, policies, and procedures (such as access control procedures, network firewalls, and physical security) designed to protect our systems and your personal information. Unfortunately, there’s no such thing as completely secure data transmission or storage, so we can’t guarantee that our security will not be breached (by technical measures or through violation of our policies and procedures).

 

How Long Do We Keep Your Data?

We only keep your personal information as long as necessary to maintain, understand, and improve the CRS Sites or to comply with U.S. law.

Once we receive personal information from you, we keep it for the shortest possible time that is consistent with the maintenance, understanding, and improvement of the CRS Sites, and our obligations under applicable U.S. law. Non-personal information may be retained indefinitely. (Check out the list of examples in our FAQ.)

Please remember that certain information is retained and displayed indefinitely, such as your IP address (if you edit while not logged in) and any public contributions to the CRS Sites.

Important info

For the protection of the CRS and other users, if you do not agree with this Privacy Policy, you may not use the CRS Sites.

 

Where is CRS & What Does That Mean for Me?

You are consenting to the use of your information in the U.S. and to the transfer of that information to other countries in connection to providing our services to you and others.

The CRS is an organization based in Middletown, New Jersey, with servers and data centers located in the U.S. If you decide to use CRS Sites, whether from inside or outside of the U.S., you consent to the collection, transfer, storage, processing, disclosure, and other uses of your information in the U.S. as described in this Privacy Policy. You also consent to the transfer of your information by us from the U.S. to other countries, which may have different or less stringent data protection laws than your country, in connection with providing services to you.

 

Our Response to Do Not Track (DNT) signals

We do not allow tracking by third-party websites you have not visited.

We do not share your data with third parties for marketing purposes.

We are strongly committed to not sharing nonpublic information with third parties. In particular, we do not allow tracking by third-party websites you have not visited (including analytics services, advertising networks, and social platforms), nor do we share your information with any third parties for marketing purposes. Under this Policy, we may share your information only under particular situations, which you can learn more about in the “When May We Share Your Information” section of this Privacy Policy.

Because we protect all users in this manner, we do not change our behavior in response to a web browser’s “do not track” signal.

For more information regarding Do Not Track signals and how we handle them, please visit our FAQ.

 

Changes to This Privacy Policy

Substantial changes to this Policy will not be made until after a public comment period of at least 30 days.

Because things naturally change over time and we want to ensure our Privacy Policy accurately reflects our practices and the law, it may be necessary to modify this Privacy Policy from time to time. We reserve the right to do so in the following manner:

  • In the event of substantial changes, we will provide the proposed changes to our users in at least three (3) languages (selected at our discretion) for open comment period lasting at least thirty (30) calendar days. Prior to the start of any comment period, we will provide notice of such changes and the opportunity to comment via the CRS Sites, or a similar mailing list.
  • For minor changes, such as grammatical fixes, administrative or legal changes, or corrections of inaccurate statements, we will post the changes and, when possible, provide at least three (3) calendar days’ prior notice.

We ask that you please review the most up-to-date version of our Privacy Policy. Your continued use of the CRS Sites after this Privacy Policy becomes effective constitutes acceptance of this Privacy Policy on your part. Your continued use of the CRS Sites after any subsequent version of this Privacy Policy becomes effective, following notice as outlined above, constitutes acceptance of that version of the Privacy Policy on your part.

Contact Us

If you have questions or suggestions about this Privacy Policy, or the information collected under this Privacy Policy, please email us at privacy@securecyberid.comor contact us directly.

Thank You!

Thank you for reading our Privacy Policy. We hope you enjoy using the CRS Sites and appreciate your participation.