Sign in Subscribe

Privacy Policy

Learn how CMMC Operator collects, uses, protects, and limits personal information for its CMMC readiness resources, templates, memberships, and digital downloads.
Share

Last updated: May 19, 2026

This Privacy Policy explains how CMMC Operator collects, uses, shares, and protects information when you visit our website, subscribe to our emails, create a free or paid membership, download resources, purchase digital products, or otherwise interact with CMMC Operator.

CMMC Operator provides compliance readiness resources, templates, and planning tools. We are built around a simple principle: collect only what we need, and do not ask users to submit sensitive compliance evidence or controlled information.

CMMC Operator is an independent publication and resource library. It is not operated by, endorsed by, or affiliated with the U.S. Department of Defense, the Cyber AB, NIST, or any CMMC assessment authority.

This Privacy Policy is not legal advice. If you have questions about your rights or obligations, please consult qualified counsel.

1. Who We Are

CMMC Operator provides CMMC and cybersecurity compliance readiness resources, including articles, templates, workbooks, paid member guides, and software tools.

For privacy questions, contact:

privacy@cmmcoperator.com

2. Information We Collect

We collect information you provide directly, information generated through your use of the site, and limited information from service providers that help us operate the publication and paid resource library.

Information You Provide

We may collect:

  • Name, if you provide it.
  • Email address.
  • Membership account information.
  • Newsletter subscription preferences.
  • Payment and billing status, handled through Stripe.
  • Messages you send to us.
  • Survey or feedback responses.
  • Download or purchase activity.

Membership And Payment Information

If you become a free or paid member, our publishing platform and payment providers may process account, subscription, and billing information.

Payment card details are processed by Stripe. CMMC Operator does not intentionally receive or store your full credit card number.

Website And Technical Information

We may collect limited technical information such as:

  • Browser type.
  • Device type.
  • Referring page.
  • Approximate location derived from IP address.
  • Pages viewed.
  • Email open or click activity, depending on Ghost email settings.
  • Cookies or similar technologies required for membership, login, security, payment, and site functionality.

3. What We Do Not Want You To Submit

Do not submit, upload, email, paste, or include the following in forms, comments, emails, template responses, workbook fields, or membership communications:

  • Controlled Unclassified Information, or CUI.
  • Federal Contract Information, or FCI.
  • Compliance evidence files.
  • System configurations.
  • Network diagrams containing sensitive details.
  • IP addresses.
  • Credentials, passwords, secrets, tokens, or API keys.
  • Log excerpts.
  • Screenshots containing sensitive data.
  • Customer data.
  • Government contract excerpts containing non-public information.
  • Sensitive personal information.

CMMC Operator resources are designed for readiness planning. Use high-level categories, owners, dates, statuses, and non-sensitive planning notes only.

4. How We Use Information

We use information to:

  • Provide the website and publication.
  • Send newsletters and resource updates.
  • Manage free and paid memberships.
  • Deliver digital downloads and paid member resources.
  • Process payments through Stripe.
  • Respond to questions and support requests.
  • Improve content, templates, and user experience.
  • Prevent abuse, fraud, spam, and unauthorized access.
  • Comply with legal obligations.

We do not sell personal information.

If laws such as GDPR or UK GDPR apply to your use of CMMC Operator, we may process personal information based on:

  • Your consent, such as subscribing to emails.
  • Contract necessity, such as providing paid membership access.
  • Legitimate interests, such as improving resources and protecting the site.
  • Legal obligations, such as tax, accounting, or compliance requirements.

6. How We Share Information

We share information only as needed to operate CMMC Operator, provide services, comply with law, or protect rights.

Service providers may include:

  • Ghost or Ghost-related hosting and membership infrastructure.
  • Stripe for payments.
  • Email delivery providers.
  • Analytics or site performance tools, if enabled.
  • File hosting or storage providers for downloadable resources.
  • Professional advisors, such as accountants or legal counsel.

We may also disclose information if required by law, legal process, or to protect CMMC Operator, users, or others from fraud, abuse, or security threats.

7. Cookies And Similar Technologies

The website may use cookies or similar technologies for:

  • Member signup and login.
  • Paid subscription access.
  • Payment checkout.
  • Security.
  • Remembering preferences.
  • Site performance or analytics, if enabled.

You can control cookies through your browser settings. Some features, including login or paid member access, may not work properly if required cookies are blocked.

8. Email Communications

If you subscribe to CMMC Operator emails, we may send:

  • New article notifications.
  • Free resource updates.
  • Paid member updates.
  • Product announcements.
  • Administrative messages about your membership or account.

You can unsubscribe from marketing emails using the unsubscribe link in the email. We may still send transactional or account-related messages when necessary.

9. Data Retention

We retain personal information for as long as needed to:

  • Provide membership access.
  • Deliver resources.
  • Maintain business records.
  • Resolve disputes.
  • Comply with legal obligations.
  • Prevent abuse or fraud.

If you unsubscribe or cancel, we may retain limited records where required for accounting, tax, legal, security, or legitimate business purposes.

10. Security

We use reasonable administrative, technical, and organizational safeguards to protect personal information.

No internet service is perfectly secure. You are responsible for using a strong password, keeping account access private, and avoiding submission of sensitive data that CMMC Operator is not designed to store.

11. Your Privacy Choices And Rights

Depending on your location, you may have rights to:

  • Access personal information.
  • Correct personal information.
  • Delete personal information.
  • Object to or restrict certain processing.
  • Withdraw consent.
  • Request a portable copy of information.
  • Opt out of certain sharing or sale activities, where applicable.

To make a request, contact:

privacy@cmmcoperator.com

We may need to verify your identity before responding.

12. California Privacy Notice

If California privacy laws apply, California residents may have rights to know, access, correct, delete, and opt out of certain uses of personal information.

CMMC Operator does not sell personal information. CMMC Operator also does not intentionally collect sensitive personal information for the purpose of inferring characteristics.

Categories of personal information we may collect include:

  • Identifiers, such as name and email address.
  • Commercial information, such as subscription status or purchase history.
  • Internet or network activity, such as site usage and email engagement.
  • Approximate geolocation derived from technical information.
  • Communications you send to us.

We use these categories for the purposes described in this Privacy Policy.

13. International Users

CMMC Operator is operated from the United States. If you access the site from outside the United States, your information may be processed in the United States or other countries where our service providers operate.

By using CMMC Operator, you understand that privacy laws in those locations may differ from the laws where you live.

14. Children's Privacy

CMMC Operator is intended for business and professional users. It is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

If you believe a child provided personal information to us, contact us and we will take appropriate steps to delete it.

15. Changes To This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new "Last updated" date.

Material changes may also be communicated by email or site notice where appropriate.

16. Contact

Questions or privacy requests:

privacy@cmmcoperator.com

CMMC Operator