Privacy Policy

1. Introduction

Custodia, LLC ("we," "our," or "us") operates the Custodia CMMC 1 Suite service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

• Name and email address (via Clerk authentication)
• Company information and CMMC compliance data
• Evidence files and documentation you upload
• Payment information (processed securely through third-party processors)
• Communication data when you contact us for support

2.2 Automatically Collected Information

We automatically collect certain information when you use our Service:

• Usage data and analytics (pages visited, features used)
• Device information (browser type, operating system)
• IP address and location data (general geographic area)
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for the following purposes:

• To provide, maintain, and improve our Service
• To process your subscription and manage your account
• To generate compliance documentation and reports
• To send you service-related communications
• To respond to your inquiries and provide customer support
• To detect, prevent, and address technical issues
• To comply with legal obligations

4. Data Storage and Security

We use industry-standard security measures to protect your information:

• Data is encrypted in transit using TLS/SSL
• Data is stored securely in Neon PostgreSQL databases (hosted in the United States)
• Evidence files are stored securely via Vercel Blob storage
• Access controls and authentication via Clerk
• Regular security audits and monitoring

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

5. Third-Party Services

We use the following third-party services that may collect information:

• Clerk: Authentication and user management (see Clerk's Privacy Policy)
• Google Gemini AI: AI-powered policy generation (see Google's Privacy Policy)
• Vercel: Hosting and infrastructure (see Vercel's Privacy Policy)
• Neon: Database hosting (see Neon's Privacy Policy)
• Payment Processors: Secure payment processing (subject to their privacy policies)

6. Your Rights

Under applicable laws, including Pennsylvania state law, you have the right to:

• Access and receive a copy of your personal data
• Correct inaccurate or incomplete information
• Request deletion of your personal data
• Object to processing of your personal data
• Request restriction of processing
• Data portability
• Withdraw consent at any time

To exercise these rights, please contact us at the email address provided below.

7. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When you cancel your account, we will delete or anonymize your data within 30 days, except where we are required to retain it for legal purposes.

8. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us: