Last updated: March 23, 2026
Account Information: Email address, organization name, and password (securely hashed) when you create an account.
Assessment Data: Your responses to CMMC assessment questions, notes, and compliance scores.
Evidence Files: Documents you upload as evidence for compliance controls.
Usage Data: Pages visited, features used, and session duration for service improvement.
We use your information to: (a) provide and improve the Service; (b) generate compliance reports; (c) send service-related communications; (d) ensure security and prevent fraud. We do NOT sell your data. We do NOT use your compliance data for advertising.
We implement industry-standard security measures including: encryption at rest and in transit (AES-256, TLS 1.3), row-level security in our database, secure authentication with session management, and regular security assessments. All data is hosted on SOC 2 compliant infrastructure (Supabase/AWS).
Your data is stored in the United States on encrypted servers. We retain your data for the duration of your account. Upon account deletion, we remove your data within 30 days, except where retention is required by law.
We use the following third-party services: Supabase (database & authentication), Vercel (hosting), and Stripe (payment processing). Each operates under their own privacy policies and maintains SOC 2 or equivalent compliance.
You have the right to: (a) access your data; (b) export your data; (c) correct inaccurate data; (d) delete your account and data; (e) opt out of non-essential communications. Contact support@cmmcready.pro to exercise these rights.
We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.
The Service is not directed at children under 18. We do not knowingly collect information from children.
We will notify you of material changes via email. Continued use after changes constitutes acceptance.
Privacy questions? Contact us at support@cmmcready.pro.