Cybersecurity Risk Solutions, LLC (CRS) to be referenced further as “CRS”, also dba as “Secure CyberID” is a cybersecurity firm providing security products and services direct to commercial enterprise companies and small to-mid size businesses, as well as consumers by way of:
- Affinity Groups & Associations
- Employee Benefits
- Managed Service Providers (MSPs and MSSPs)
- Channel Partners/Affiliates/Resellers
This Policy explains how we collect, use, and share your personal information.
- We collect very little personal information about you.
- We do not rent or sell your information to third parties.
By using CRS Sites, you consent to this Policy.
The CRS movement is founded on a simple, but powerful principle: we can do more together than any of us can do alone. We cannot work collectively without gathering, sharing, and analyzing information about our users as we seek new ways to make the CRS Sites more useable, safer, and more beneficial.
We believe that you shouldn’t have to provide personal information to participate in the free knowledge movement. You do not have to provide things like your real name, address, or date of birth to sign up for our monthly newsletter, blog or contribute content to the CRS Sites.
We do not sell or rent your nonpublic information, nor do we give it to others to sell you anything. We use it to figure out how to make the CRS Sites more engaging and accessible, to see which ideas work, and to make learning and contributing more fun. Put simply: we use this information to make the CRS Sites better for you.
After all, it’s people like you, the champions of free knowledge, who make it possible for the CRS Sites to not only exist, but also grow and thrive.
Because everyone (not just lawyers) should be able to easily understand how and why their information is collected and used, we use common language instead of more formal terms throughout this Policy. To help ensure your understanding of some particular key terms, here is a table of translations:
|When we say…||… we mean:|
|“the CRS Sites” / “Secure CyberID” / “we” / “us” / “our”||The Cybersecurity Risk Solutions, LLC organization that operates the CRS Sites.|
|“you” / “your” / “me”||You, regardless of whether you are an individual, group, or organization, and regardless of whether you are using the CRS Sites or our services on behalf of yourself or someone else.|
|“contributions”||Content you add or changes you make to any CRS Sites.|
|“personal information”||Information you provide us or information we collect from you that could be used to personally identify you. To be clear, while we do not necessarily collect all of the following types of information, we consider at least the following to be “personal information” if it is otherwise nonpublic and can be used to identify you:
(a) your real name, address, phone number, email address, password, identification number on government-issued ID, IP address, user-agent information, credit card number;
(b) when associated with one of the items in subsection (a), any sensitive data such as date of birth, gender, sexual orientation, racial or ethnic origins, marital or familial status, medical conditions or disabilities, political affiliation, and religion; and
(c) any of the items in subsections (a) or (b) when associated with your user account.
|“third party” / “third parties”||Individuals, entities, websites, services, products, and applications that are not controlled, managed, or operated by CRS. This includes other channel partners, affiliates, resellers, independent organizations or groups who help promote the CRS products and services.|
Use of info
Types of Information We Receive From You, How We Get It, & How We Use It
Your Public Contributions
Whatever you post on CRS Sites can be seen and used by everyone.
The CRS Sites were primarily created to sell products and services, as well as help you to stay on top of the latest cyber security threats and how to protect your business and family. We share your contributions because you have asked us to do so.
When you make a contribution to any CRS Site, including on user or discussion pages, you are creating a permanent, public record of every piece of content added, removed, or altered by you. The page history will show when your contribution or deletion was made, as well as your username (if you are signed in) or your IP address (if you are not signed in). We may use your public contributions, either aggregated with the public contributions of others or individually, to create new features or data-related products for you or to learn more about how the CRS Sites are used.
Unless this Policy says otherwise, you should assume that information that you actively contribute to the CRS Sites, including personal information, is publicly visible and can be found by search engines. Like most things on the Internet, anything you share may be copied and redistributed throughout the Internet by other people. Please do not contribute any information that you are uncomfortable making permanently public, like revealing your real name or location in your contributions.
You should be aware that specific data made public by you or aggregated data that is made public by us can be used by anyone for analysis and to infer information about users, such as which country a user is from, political affiliation, and gender.
Account Information & Registration
You do not need to create an account to use any CRS Site.
If you do create an account, you do need to give us your name and email address.
If you do not create an account, your contributions will be publicly attributed to your IP address.
Want to create an account? Great! Don’t want to create an account? No problem!
You are not required to create an account to read, but you do if you plan to contribute to a Site, except under rare circumstances. If you want to create a standard account, in most cases we require only a first name or username, an email address and a password. Your username will be publicly visible, so please be careful about using your real name as your username. Your password is only used to verify that the account is yours. Your IP address is also automatically submitted to us, and we record it temporarily to help prevent abuse. No other personal information is required: no date of birth, no credit card information.
Once created, user accounts cannot be removed entirely (although you can usually hide the information on your user page if you choose to). This is because your public contributions must be associated with their author (you!). So make sure you pick a name that you will be comfortable with for years to come.
To gain a better understanding of the demographics of our users, to localize our services, and to learn how we can improve our services, we may ask you for more demographic information, such as gender or age, about yourself. We will tell you if such information is intended to be public or private, so that you can make an informed decision about whether you want to provide us with that information. Providing such information is always completely optional. If you don’t want to, you don’t have to—it’s as simple as that.
Information Related to Your Use of the CRS Sites
We may use common technologies to collect information about how you use CRS Sites.
We use this information to enhance your user experience and to develop new features.
We want to make the CRS Sites better for you by learning more about how you use them. Examples of this might include how often you visit the CRS Sites, what you like, what you find helpful, how you get to the CRS Sites, and whether you would use a helpful feature more if we explained it differently. We also want this Policy and our practices to reflect our community’s values. For this reason, we keep information related to your use of the CRS Sites confidential, except as provided in this Policy.
Information We Receive Automatically
Like other websites, we receive some information about you automatically when you visit the CRS Sites. This information helps us administer the CRS Sites and enhance your user experience.
Because of how browsers work and similar to other major websites, we receive some information automatically when you visit the CRS Sites. This information includes the type of device you are using (possibly including unique device identification numbers, for some beta versions of our mobile applications), the type and version of your browser, your browser’s language preference, the type and version of your device’s operating system, in some cases the name of your internet service provider or mobile carrier, the website that referred you to the CRS Sites, which pages you request and visit, and the date and time of each request you make to the CRS Sites.
Put simply, we use this information to enhance your experience with CRS Sites. For example, we use this information to administer the sites, provide greater security, and fight vandalism; optimize mobile applications, customize content and set language preferences, test features to see what works, and improve performance; understand how users interact with the CRS Sites, track and study use of various features, gain understanding about the demographics of the different CRS Sites, and analyze trends.
Information We Collect
We use a variety of commonly-used technologies, like cookies, to understand how you use the CRS Sites, make our services safer and easier to use, and to help create a better and more personalized experience for you.
Depending on which technology we use, locally stored data can be anything from text, pictures, and whole articles (as we explain further below) to personal information (like your IP address) and information about your use of the CRS Sites (like your username or the time of your visit).
We use this information to make your experience with the CRS Sites safer and better, to gain a greater understanding of user preferences and their interaction with the CRS Sites, and to generally improve our services. We will never use third-party cookies, unless we get your permission to do so. If you ever come across a third-party data collection tool that has not been authorized by you (such as one that may have been mistakenly placed by another user or administrator), please report it to us at email@example.com
- Provide you with a personalized experience, such as using cookies to know your language preference, to remember the user preferences you set so we can provide you with the customized look and feel that you want, and to tell you about interesting CRS issues and events in your area.
- Understand how you use the CRS Sites across different devices, so that we can make our varied CRS Sites more efficient and effective for you.
- Make the CRS Sites more convenient to use, such as by using cookies to maintain your session when you log in or to remember your username in the login field.
Want to know even more? You can read more about some of the specific cookies we use, when they expire, and what we use them for in our FAQ.
We believe this data collection helps improve your user experience, but you may remove or disable some or all locally stored data through your browser settings, depending on your browser. You can learn more about some options you have in our FAQ. While locally stored data may not be necessary to use our sites, some features may not function properly if you disable locally stored data.
While the examples above concerning information about you collected through the use of data collection tools are kept confidential in accordance with this Policy, please note that some information about the actions taken by your username is made publicly available through public logs alongside actions taken by other users. For example, a public log may include the date your account was created on a CRS Site along with the dates that other accounts were created on a CRS Site. Information available through public logs will not include personal information about you.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you choose to provide your email address, we will keep it confidential, except as provided in this Policy.
We may occasionally send you emails about important information.
You may choose to opt out of certain kinds of notifications.
You have the option of providing an email address at the time of registration or in later interactions with the CRS Sites. If you do so, your email address is kept confidential, except as provided in this Policy. We do not sell, rent, or use your email address to advertise third-party products or services to you.
We use your email address to let you know about things that are happening with the CRS Sites, or CRS, such as telling you important information about your account, letting you know if something is changing about the CRS Sites or policies, and alerting you when there has been a change to an article that you have decided to follow. Please note that if you email us, we may keep your message, email address, and any other information you provide us, so that we can process and respond to your request.
You can choose to limit some of these kinds of notifications, like those alerting you if an article changes. Others, such as those containing critical information that all users need to know to participate successfully in the CRS Sites, you may not be able to opt out of. You can manage what kinds of notifications you receive and how often you receive them by going to your Notifications Preferences. You can learn more about email and notifications and how to change your preferences in our FAQ.
We will never ask for your password by email (but may send you a temporary password via email if you have requested a password reset). If you ever receive such an email, please let us know by sending it to firstname.lastname@example.org, so we can investigate the source of the email.
Direct communications between users (such as messages sent through the “Email this user” feature), to the extent such communications are nonpublic and stored in or in transit through CRS systems, are kept confidential by us, except as provided in this Policy.
Surveys & Feedback
We may ask you to provide us with information through a survey or provide feedback, but you will never be obligated to participate.
Participating in optional surveys or providing feedback helps us make the CRS Sites better. Because every survey and request for feedback may be used for various purposes, we will tell you, at the time we give you the survey or request for feedback, how we plan on using your answers and any personal information you provide. If you don’t feel comfortable with how we plan on using the survey or feedback results, you are not obligated to take the survey or give feedback.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
GPS & Other Location Technologies
If you consent, we can use commonly-used location technologies to show you more relevant content.
Some features we offer work better if we know what area you are in. But it’s completely up to you whether or not you want us to use geolocation tools to make some features available to you. If you consent, we can use GPS (and other technologies commonly used to determine location) to show you more relevant content. We keep information obtained by these technologies confidential, except as provided in this Policy. You can learn more by checking out the list of examples of how we use these technologies in our FAQ.
We may automatically receive location data from your device. For example, if you upload a photo using the CRS mobile app, please be aware that the default setting on your mobile device typically results in the metadata associated with your photo being included in the upload.
Sometimes, we may automatically receive location data from your device. For example, if you want to upload a photo on the CRS mobile app, we may receive metadata, such as the place and time you took the photo, automatically from your device. Please be aware that, unlike location information collected using GPS signals described above, the default setting on your mobile device typically includes the metadata in your photo or video upload to the CRS Sites. If you do not want metadata sent to us and made public at the time of your upload, please change your settings on your device.
When you visit any CRS Site, we automatically receive the IP address of the device you are using to access the Internet, which can be used to infer your geographical location.
Finally, when you visit any CRS Site, we automatically receive the IP address of the device (or your proxy server) you are using to access the Internet, which could be used to infer your geographical location. We keep IP addresses confidential, except as provided in this Policy. For example, if you make a contribution without signing into your account, your IP address used at the time will be publicly and permanently recorded. If you are visiting CRS Sites with your mobile device, we may use your IP address to provide anonymized or aggregated information to service providers regarding the volume of usage in certain areas. We use IP addresses for research and analytics; to better personalize content, notices, and settings for you; to fight spam, identity theft, malware, and other kinds of abuse; and to provide better mobile and other applications.
When May We Share Your Information?
We may share your information when you give us specific permission to do so.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
With Your Permission
We may share your information for a particular purpose, if you agree. You can find more information in the list of examples in our FAQ.
For Legal Reasons
We will disclose your information in response to an official legal process only if we believe it to be legally valid. We will notify you of such requests when possible.
We may access, preserve, or disclose your personal information if we reasonably believe it necessary to satisfy a valid and legally enforceable warrant, subpoena, court order, law or regulation, or other judicial or administrative order. However, if we believe that a particular request for disclosure of a user’s information is legally invalid or an abuse of the legal system and the affected user does not intend to oppose the disclosure themselves, we will try our best to fight it. We are committed to notifying you via email at least ten (10) calendar days, when possible, before we disclose your personal information in response to a legal demand. However, we may only provide notice if we are not legally restrained from contacting you, there is no credible threat to life or limb that is created or increased by disclosing the request, and you have provided us with an email address.
For more information, see our Subpoena FAQ.
If the Organization is Transferred (Really Unlikely!)
To Protect You, Ourselves & Others
We, or users with certain administrative rights, may disclose information that is reasonably necessary to:
- enforce or investigate potential violations of CRS or community-based policies;
- protect our organization, infrastructure, employees, contractors, or the public; or
- prevent imminent or serious bodily harm or death to a person.
CRS Sites are collaborative, with users writing most of the policies and selecting from amongst themselves people to hold certain administrative rights. These rights may include access to limited amounts of otherwise nonpublic information about recent contributions and activity by other users. They use this access to help protect against vandalism and abuse, fight harassment of other users, and generally try to minimize disruptive behavior on the CRS Sites. These various user-selected administrative groups have their own privacy and confidentiality guidelines, but all such groups are supposed to agree to follow our Access to Nonpublic Information Policy. These user-selected administrative groups are accountable to other users through checks and balances: users are selected through a community-driven process and overseen by their peers through a logged history of their actions. However, the legal names of these users are not known to the CRS.
We hope that this never comes up, but we may disclose your personal information if we believe that it’s reasonably necessary to prevent imminent and serious bodily harm or death to a person, or to protect our organization, employees, contractors, users, or the public. We may also disclose your personal information if we reasonably believe it necessary to detect, prevent, or otherwise assess and address potential spam, malware, fraud, abuse, unlawful activity, and security or technical concerns. (Check out the list of examples in our FAQ for more information.)
To Our Service Providers
We may disclose personal information to our third-party service providers or manufacturers to help run or improve the CRS Sites and provide services in support of our mission.
As hard as we may try, we can’t do it all. So sometimes we use third-party service providers or contractors who help run or improve the CRS Sites for you and other users. We may give access to your personal information to these providers or contractors as needed to perform their services for us or to use their tools and services. We put requirements, such as confidentiality agreements, in place to help ensure that these service providers treat your information consistently with, and no less protective of your privacy than, the principles of this Policy. (Check out the list of examples in our FAQ.)
To Understand & Experiment
We may give volunteer developers and researchers access to systems that contain your information to allow them to protect, develop, and contribute to the CRS Sites.
We may also share non-personal or aggregated information with third parties interested in studying the CRS Sites.
When we share information with third parties for these purposes, we put reasonable technical and contractual protections in place to protect your information consistent with this Policy.
The software that powers the CRS Sites depends on the contributions of software developers, who spend time writing and testing code to help it improve and evolve with our users’ needs. To facilitate their work, we may give some developers limited access to systems that contain your personal information, but only as reasonably necessary for them to develop and contribute to the CRS Sites.
Similarly, we may share non-personal or aggregated information with other interested third parties who wish to study the CRS Sites. Sharing this information helps them understand usage, viewing, and demographics statistics and patterns. They then can share their findings with us and our users so that we can all better understand and improve the CRS Sites.
When we give access to personal information to third-party developers, we put requirements, such as reasonable technical and contractual protections, in place to help ensure that these service providers treat your information consistently with the principles of this Policy and in accordance with our instructions. If these developers later publish their work or findings, we ask that they not disclose your personal information. Please note that, despite the obligations we impose on developers, we cannot guarantee that they will abide by our agreement, nor do we guarantee that we will regularly screen or audit their projects. (You can learn more about re-identification in our FAQ.)
Because You Made It Public
Information that you post is public and can been seen and used by everyone.
Any information you post publicly on the CRS Sites is just that – public. For example, if you use your mailing address, that is public, and not protected by this Policy. And if you edit without registering or logging into your account, your IP address will be seen publicly. Please think carefully about your desired level of anonymity before you disclose personal information on your user page or elsewhere.
How Do We Protect Your Data?
We use a variety of physical and technical measures, policies, and procedures to help protect your information from unauthorized access, use, or disclosure.
We strive to protect your information from unauthorized access, use, or disclosure. We use a variety of physical and technical measures, policies, and procedures (such as access control procedures, network firewalls, and physical security) designed to protect our systems and your personal information. Unfortunately, there’s no such thing as completely secure data transmission or storage, so we can’t guarantee that our security will not be breached (by technical measures or through violation of our policies and procedures).
How Long Do We Keep Your Data?
We only keep your personal information as long as necessary to maintain, understand, and improve the CRS Sites or to comply with U.S. law.
Once we receive personal information from you, we keep it for the shortest possible time that is consistent with the maintenance, understanding, and improvement of the CRS Sites, and our obligations under applicable U.S. law. Non-personal information may be retained indefinitely. (Check out the list of examples in our FAQ.)
Please remember that certain information is retained and displayed indefinitely, such as your IP address (if you edit while not logged in) and any public contributions to the CRS Sites.
Where is CRS & What Does That Mean for Me?
You are consenting to the use of your information in the U.S. and to the transfer of that information to other countries in connection to providing our services to you and others.
Our Response to Do Not Track (DNT) signals
We do not allow tracking by third-party websites you have not visited.
We do not share your data with third parties for marketing purposes.
Because we protect all users in this manner, we do not change our behavior in response to a web browser’s “do not track” signal.
For more information regarding Do Not Track signals and how we handle them, please visit our FAQ.
Substantial changes to this Policy will not be made until after a public comment period of at least 30 days.
- In the event of substantial changes, we will provide the proposed changes to our users in at least three (3) languages (selected at our discretion) for open comment period lasting at least thirty (30) calendar days. Prior to the start of any comment period, we will provide notice of such changes and the opportunity to comment via the CRS Sites, or a similar mailing list.
- For minor changes, such as grammatical fixes, administrative or legal changes, or corrections of inaccurate statements, we will post the changes and, when possible, provide at least three (3) calendar days’ prior notice.