Information we collect
We collect information you submit through our lead-capture forms (Get Matched, Request Information, Request a Quote, Contact), newsletter signups, and any other voluntary submissions. Typical fields include name, work email, company name, role, CMMC level required, employee count, current compliance state, DoD contract status, preferred timeline, cloud environment, and free-text notes you provide.
We also collect standard web analytics through Google Analytics 4 and Microsoft Clarity — page views, referring URLs, device and browser information, approximate location derived from IP address, and on-page interaction events such as CTA clicks. We do not collect names or work-email addresses through analytics.
How we use information
Lead-capture submissions are used to match you with CMMC solution providers that fit the level, scope, and timeline you described, and to send our weekly briefing if you opted in. Newsletter signups are used to send the weekly briefing and related editorial communications. Analytics are used to understand audience and improve coverage.
Lead-data sharing
When you submit a "Get Matched," "Request Information," or "Request a Quote" form, the information you submit is shared with one or more matched CMMC solution providers so they can respond to your request. Providers respond to you directly.
This sharing is the service you are requesting — submitting a provider-matching form directs us to share your information with matched providers for the purpose of their response. We may receive referral or lead-routing compensation from providers that receive matched inquiries.
We do not sell personal information to unrelated data brokers or advertising networks. Provider-matching form submissions are shared with matched providers because you submit the form for that purpose. Retention is the shorter of (a) the period reasonably necessary to fulfill the matching and referral, (b) the period required by applicable law, or (c) three years from submission, after which records are deleted or anonymized.
Cookies and similar technologies
We use first-party cookies for site functionality and third-party cookies for analytics (Google Analytics 4) and behavior analysis (Microsoft Clarity). Microsoft Clarity may use session-replay and heatmap technologies that record on-page interactions such as mouse movement, clicks, and scroll depth. We configure analytics and session-replay tools not to intentionally collect form-field content, names, email addresses, CUI, controlled technical data, passwords, or sensitive security information. Users should not enter sensitive information into forms or free-text fields on any website that is not explicitly designated as a secure channel.
You can disable cookies in your browser settings; some site functions (such as form submissions) may be affected. We do not currently use third-party advertising cookies.
Your rights and opt-out
Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal information, and to object to processing or request data portability. Residents of California (CCPA/CPRA), Colorado (CPA), Virginia (VCDPA), Connecticut (CTDPA), and the European Union / EEA (GDPR) have specific statutory rights.
To opt out of analytics tracking, disable cookies in your browser or use your browser's built-in tracking protection. To request access, correction, or deletion of lead-capture data, or to exercise any other applicable right, contact us at partners@thedefensecompliancereport.com.
Children
This site is intended for working professionals and is not directed to children under 16.
Security
We apply commercially reasonable safeguards to lead-capture and newsletter data. No internet transmission is fully secure; submissions are made at your own discretion.
Updates to this policy
We may update this policy from time to time. The effective date and last updated date are shown at the top of this policy.
Contact
Privacy questions can be sent to partners@thedefensecompliancereport.com.