AI Governance Toolkit by

RockCyber Logo

Privacy Policy

Last Updated: November 24, 2025

This Privacy Policy ("Privacy Policy") explains how RockCyber, LLC, a Delaware limited liability company ("RockCyber", "Company" or "we" or "us") collects, handles, stores and protects Personal Data, as defined by the Colorado Privacy Act of 2021 ("CPA"), about you when you use our websites linking to this Privacy Policy, including rockcyber.com and the AI Governance Toolkit (each a "Website"), and services accessed through a Website ("Services"). It also provides information about your rights and how you can contact us if you have questions about how we handle your information.

A. Applicability

This Privacy Policy applies to:

  • The information we collect or that you provide when you access a Website;
  • Our practices for collecting, using, maintaining, protecting, and disclosing that information.

Your use of a Website constitutes your acceptance of this Privacy Policy. By using a Service, you consent to the Terms of Use set forth on the Website through which you access that Service.

This Privacy Policy DOES NOT apply to information that:

  • We collect offline through any other Services; or
  • You provide to or is collected by any third party, whether you access any third-party app or website via a Website. Those websites and apps may have their own privacy policies, which we encourage you to read before providing information on or through them.

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, do not use the Website or any Services. This Privacy Policy may change from time to time; we will provide notice of such changes by changing the "Last Updated" date.

B. Age and Residency Restrictions

The Website is offered and available to anyone of legal age to purchase our products or Services. Please do not use this Website if you are not at least 18 years of age. We do not knowingly collect Personal Data from anyone who does not meet our age requirements. If we learn we have collected or received Personal Data from an individual who does not meet our minimum age requirements, we will delete that information.

C. Personal Data We Collect and How We Collect It

We collect information in several ways. The type of information we collect depends on how you are interacting with us and which of the Services you are using.

We collect Personal Data when you provide it directly to us. For example:

  • When you sign up for our newsletter or ask us a question on our Website form, we may ask for contact information including, for example, your name, email address, or phone number ("Contact Data");
  • We collect information about your transaction if you make a purchase through the Website ("Purchase Data") provided that our third party service provider alone will collect and process payment;
  • When you create an account, we collect contact information, name, your company information, and a profile picture if you choose to provide it ("Account Data");
  • We collect Personal Data when you report a problem with our Services or Website. If you contact us, we may keep a record of that correspondence ("Help Data");
  • When you use some of our Services, we may collect contact information from your employees, such as email and phone numbers ("Business Data"). It is your responsibility to notify your employees of the sharing of their contact information with relevant service providers.

If you use certain Company specialty Services, such as pen testing, business continuity, or compliance ("Specialty Services"), we will collect sensitive information about your business and share it with subcontractors to help provide the functions you request. We do not want, and please do not provide us with, any Personal Data relating to your customers. Some Personal Data of customers may be inadvertently collected by Specialty Services providers; please contact us immediately if you believe this is the case and we will delete that Personal Data immediately if we possess it. If the Personal Data is held by the Specialty Service provider, you must contact that provider for Personal Data management and deletion.

We also collect information automatically when you visit our Website:

  • Through our server logs and other technologies that collect system/device and usage information, including without limitation IP address, browser type, device type, time spent on pages, and similar information ("Site Data"); and
  • We may place cookies, web beacons, or other trackers on your browser; see Cookies and Other Technology below for more information.

We may also in rare cases collect information about you from third parties to verify your name and email address for marketing purposes.

D. Our Purpose in Collecting Personal Data

We use your Personal Data for our legitimate interests, including to provide and improve our Services, administer our relationship with you and our business, for marketing, and to exercise our rights and responsibilities by law. In general, we also use the information we collect to:

  • Fulfill any other purpose for which you provide it;
  • Give you transactional notices about your account;
  • Carry out our obligations and enforce our rights arising from any contracts entered into between you and us;
  • Evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all our assets or business, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Data held by us is among the interest or assets transferred; and
  • With your consent, as prescribed by applicable law.

More specifically:

  • We use Contact Data and Help Data to send you email marketing and to respond to your queries on our Website, as applicable. We share this Personal Data with hosting, CRM, email marketing, and SMS service providers;
  • When you make a purchase from the Website, we provide the Purchase Data to third-party payment providers to enable the transaction to take place. We share Purchase Data with our third party CRM service provider. We do not receive, store, or maintain your financial information;
  • We use Account Data to administer, authorize, support, and secure your Account, and to contact you about the Services. We also use Account Data to contact you by email, telephone calls, texts, or other equivalent forms of electronic communication, regarding updates or informative communications related to the functionalities, products, or contracted Services, including the security updates, when necessary or reasonable for their implementation;
  • We internally use Site Data to improve the Website's content and layout, to improve outreach, for our direct marketing, and to determine a general geographic and demographic profile of visitors to the Site;
  • We also use Site Data for system administration, order verification, internal marketing, and system troubleshooting purposes. We share this Personal Data with our third party IT service providers to assist us in fulfilling this purpose;
  • We use Business Data to communicate with your personnel to perform our Services. We may share Business Data with third party service providers who are bound to confidentiality provisions at least as restrictive as those in this Privacy Policy. To manage your Account, including processing any necessary claims to insurance company(s), billing outstanding balances, or issuing refunds if necessary;
  • We use information gathered about you or your business through the Services to provide the Services you request. Not all such information will be Personal Data.

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated or incompatible purposes without first updating this Policy.

E. Cookies and Other Technologies

Cookies are small pieces of information that a website stores on your computer while you are viewing a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (most of which have an expiration date, based on the purpose of the cookie, at which point they self-delete) to provide you with a more personal and interactive experience on our Website. You may remove persistent cookies by following Internet browser help file directions or by using the cookie banner on a Website. We generally use cookies and similar technologies as follows:

  • For "essential" or "functional" purposes, such as to enable various features of the Website like remembering passwords or staying logged in during your session;
  • For social media integration e.g., via third-party social media cookies, when you share information using a social media sharing button or "like" button on our Site, or when you engage with our content on or through a social networking website such as Facebook or Twitter;
  • For analytics purposes, consistent with our legitimate interests in how our Website is used or performs, how users engage with and navigate through the Website, what sites users visit before visiting our Website, how often they visit our Website, and other similar information;
  • Subject to any consent required by law, for the purpose of displaying advertisements via retargeting to those users who have visited our Website, or for advertising to visitors to our Website; and
  • Subject to any consent required by law, for the purpose of analyzing your feedback on our products on other platforms.

We do not perform targeted advertising as such term is defined by the CPA. While we may display advertisements to you on or off the Website, those advertisements are based on your interaction with the Website itself and not on your behavior across websites or applications.

F. Third-Party Information Collection

We share your information with third parties for the following purposes:

  • We may offer Services in conjunction with a partner company for Specialty Services. To provide Specialty Services to you, we share your Personal Data with our partner company to provide those services. If data is being collected and/or maintained by any company other than us, you will be notified prior to the time of such data collection or transfer. If you do not want your data to be shared, you can choose not to allow the transfer by not using a particular Specialty Service. Certain third parties may use automatic information collection technologies to collect information about you or your device. Please see the relevant Specialty Services provider's privacy policy for more information about how your Business Data or other information is used by the applicable partner.
  • We share your email address with third parties that help with our marketing efforts, such as email list administrators.
  • We share Personal Data and anonymized data with third party hosting and analytics companies to host the Website and Services, and to improve our offerings.
  • We share your Personal Data with payment processors for any purchase you make from the Website.
  • We may share your information with third parties in special circumstances, such as when we believe in good faith that the law requires it, pursuant to a corporate transaction, or under circumstances described below.
  • We may disclose account information where we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating our Terms of Use or who may be causing injury or interference with (intentionally or unintentionally) our rights or property, those of other Website users, or anyone else that could be harmed by such activities.

We do not sell your Personal Data to third parties for consideration. We do not share your Personal Data for targeted advertising.

G. Disclosure of Aggregated Information

We may disclose aggregated information about our users and information that does not identify any individual without restriction in any way permitted by applicable law.

H. Your Choices About Collection, Use, and Disclosure of Your Information

We strive to provide you with choices regarding the Personal Data you provide to us. This section describes mechanisms we provide for you to control certain uses and disclosures of your information.

Promotions by the Company. When you sign up for various Services on our Website, you are agreeing to receive transactional and promotional materials from us. We may deliver marketing and communications to you across various platforms such as e-mail and direct mail. Where required by law, we will ask you to explicitly opt in to receive such marketing from us. If we send you marketing communications, it will include instructions on how to opt out of receiving those communications in the future. You can also opt-out by sending us an email at info@rockcyber.com.

Colorado Privacy Act Rights. Under the CPA, Consumers (as defined in the CPA) have the following rights in their Personal Data:

  • If we ever sell Personal Data or process Personal Data for targeted advertising, as defined by the CPA, Consumers have the right to opt out of such sale or advertising.
  • To access, correct inaccuracies in, delete, confirm the processing of, or port in a commonly usable format, Personal Data that we collect and maintain about you.

Exercising your Rights. To exercise your rights under the CPA, please email us at the contact information below. We reserve the right to authenticate your request, retain certain Personal Data to verify your request was completed, or refuse or comply with your request in a modified way as permitted by the CPA. If we refuse or modify your request, we will tell you why and how you may appeal our decision.

I. Data Security and Retention

We take the security of your data seriously and we use appropriate technologies and procedures to protect it according to the risk level and the service provided. We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure.

The safety and security of your Account Data depends on you. If we have given you (or where you have chosen) a password for access any part of the Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted through our Website. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures we provide.

We retain your Personal Data for the period we reasonably believe necessary to fulfill the purpose for which you provided it, usually 1 year from your last interaction with us, whether making a purchase, opening an email, using your account, participating in contests, or similar actions. We will retain other information for longer periods as required by applicable law, such 7 years for information relating to our tax filings.

J. Your Rights

Outside of the CPA, when provided by applicable law, you may have rights to access your Personal Data and ask us to rectify, erase or restrict use of your Personal Data. You may also have rights to object to your Personal Data being used, to ask for the transfer of Personal Data you have made available to use, and to withdraw consent to use your Personal Data. We will honor your rights under applicable data protection laws. If you believe you have rights under applicable law that you would like to exercise, please contact us at the email address below.

K. Contact Information

If you have any questions, comments, complaints, or suggestions in relation to data protection of this Privacy Policy, or any other concerns about the way in which we process data about you, please contact us at:

RockCyber, LLC
Attn: Legal Department
1580 Logan St, Floor 6
Denver, CO 80203
Telephone: 844.729.2370
Email: info@rockcyber.com