Back to Home

Privacy Policy

Last updated: December 17, 2024

1. Introduction

CMMC Genie ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CMMC compliance management platform.

2. Information We Collect

2.1 Information You Provide

  • Account information (name, email address)
  • Organization details
  • Project and task data
  • CMMC compliance documentation
  • Team member information

2.2 Information Collected Automatically

  • Usage data and analytics
  • Device information
  • IP address and browser type
  • Cookies and similar technologies

2.3 OAuth and Third-Party Services

When you sign in with Microsoft or Google, we receive:

  • Your email address
  • Your name and profile picture
  • Organization information (for Microsoft accounts)
  • OAuth access tokens for email sending (with your explicit consent)

3. How We Use Your Information

  • To provide and maintain our services
  • To manage your account and organization
  • To facilitate CMMC compliance tracking
  • To send team invitations via your email account (with permission)
  • To communicate with you about service updates
  • To improve our platform and user experience
  • To ensure security and prevent fraud

4. Email Sending Permissions

When you grant us permission to send emails on your behalf:

  • We only send invitation emails when you explicitly request them
  • Emails are sent from your Microsoft or Gmail account
  • You can see all sent invitations in your Sent folder
  • We do not read, modify, or delete any of your existing emails
  • You can revoke this permission at any time through your OAuth provider settings

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your data:

  • Encrypted data transmission (HTTPS/SSL)
  • Secure database storage
  • Regular security audits
  • Access controls and authentication
  • OAuth tokens are encrypted and refreshed automatically

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information:

  • With your organization members and MSP providers (as configured)
  • With service providers who assist in platform operations
  • When required by law or to protect our rights
  • In connection with a business transfer or acquisition

7. Your Rights and Choices

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data
  • Opt-out of marketing communications
  • Revoke OAuth permissions

8. Cookies

We use cookies and similar technologies for authentication, preferences, and analytics. You can control cookies through your browser settings.

9. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for their privacy practices.

10. Children's Privacy

Our services are not intended for users under 18 years of age. We do not knowingly collect information from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or platform notification.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: info@ent-techsolutions.com