Privacy Policy

forcisos.com is operated by For CISOs LLC ("Company," "we," "us," or "our"), a professional education and credentialing platform for cybersecurity leaders. Our registered contact address is available at info@forcisos.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit forcisos.com, create an account, enroll in programs, or otherwise interact with our services.

We collect information you provide directly to us, including: • Name, email address, and professional title when you register or pre-register • Job title, company, and career level (optional, for personalization) • Payment information processed securely by our payment provider (we never store full card details) • Communications you send us, including support requests and feedback • Cohort enrollment data, module progress, and credential completion records We also collect information automatically when you use our services: • IP address, browser type, operating system, and device identifiers • Pages visited, links clicked, time spent, and navigation patterns • Referring URLs and search terms that led you to our site • Cookie and tracking data as described in our Cookie Policy

We use the information we collect to: • Create and manage your account and provide access to our platform • Process enrollments, payments, and issue credentials upon completion • Send transactional communications including enrollment confirmations, progress updates, and credential notifications • Send marketing communications you have opted in to receive (you may opt out at any time) • Personalize your learning experience based on your role and career stage • Improve and develop our platform, content, and services • Detect, prevent, and respond to fraud, abuse, or security incidents • Comply with legal obligations and enforce our Terms of Service • Conduct analytics to understand how our services are used

For users in the European Union and European Economic Area, we process your personal data under the following legal bases: • Contract performance: processing necessary to deliver services you have enrolled in or agreed to receive • Legitimate interests: security, fraud prevention, service improvement, and business analytics, where these do not override your rights • Consent: for marketing communications and non-essential cookies — you may withdraw consent at any time • Legal obligation: where we are required to process data to comply with applicable law

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information with: • Service providers who operate under data processing agreements and only process data on our behalf (authentication, database hosting, payment processing, email delivery, analytics) • Professional credential verification partners, solely to confirm the authenticity of credentials we have issued, where you have requested or consented to this • Law enforcement or government authorities where required by applicable law, court order, or to protect the rights, safety, or property of our users or the public • A successor entity in the event of a merger, acquisition, or sale of assets, provided the successor agrees to honor this Privacy Policy

We use the following third-party services which may process your data under their own privacy policies: • Clerk (clerk.com) — account authentication and identity management • Supabase (supabase.com) — database and backend infrastructure • Vercel (vercel.com) — hosting and content delivery • Stripe (stripe.com) — payment processing • Substack or equivalent — newsletter and email communications We encourage you to review the privacy policies of these providers. Each operates independently and is responsible for its own data practices.

We retain your personal data for as long as your account is active, and for a reasonable period thereafter to allow for account reactivation, dispute resolution, or legal compliance. Credential records are retained indefinitely to support the permanent verification of credentials we have issued on your behalf — this is a core function of our service. You may request deletion of your account and associated data at any time by contacting info@forcisos.com. Credential records may be retained even after account deletion where we have issued a credential in your name and ongoing verification is a legitimate interest.

Depending on your location, you may have the following rights regarding your personal data: • Access: request a copy of the personal data we hold about you • Correction: request that inaccurate or incomplete data be corrected • Deletion: request deletion of your personal data, subject to our retention obligations • Portability: receive your data in a structured, machine-readable format • Restriction: request that we restrict processing of your data in certain circumstances • Objection: object to processing based on legitimate interests or for direct marketing • Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing • Complaint: lodge a complaint with the supervisory authority in your country of residence To exercise any of these rights, contact us at info@forcisos.com. We will respond within 30 days.

We use cookies and similar tracking technologies to operate our platform, remember your preferences, and analyze usage. You can control cookies through your browser settings. For full details on the cookies we use and how to manage them, please see our Cookie Policy at forcisos.com/legal/cookie-policy.

Our services are intended for working professionals and are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us at info@forcisos.com and we will promptly delete it.

We are based in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States and other countries where our service providers operate. We rely on appropriate safeguards for international transfers, including standard contractual clauses approved by the European Commission where applicable.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These include encryption in transit and at rest, access controls, and regular security assessments. No system is completely secure. If you believe your account has been compromised, please contact us immediately at info@forcisos.com.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have an account) and update the "Last updated" date at the top of this page. Your continued use of our services after a change constitutes your acceptance of the updated policy.

For privacy-related inquiries, requests, or complaints: For CISOs LLC Email: info@forcisos.com Website: forcisos.com