Critical Infrastructure Cybersecurity Framework
Institute for Critical Infrastructure Cybersecurity
HomePrivacy Policy

Privacy Policy

Effective Date: February 9, 2026

1. Introduction

The Institute for Critical Infrastructure Cybersecurity (ICIC) operates the CIC-ATT&CK platform (the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

2. Information We Collect

We collect information in the following ways:

2.1 Information You Provide Directly

  • Contact form submissions (name, email, phone, organization, message)
  • Service request forms (job title, sector, organization details, service interests)
  • Newsletter subscriptions (email address)
  • Account information if you create a user profile
  • Communications with our support team

2.2 Automatically Collected Information

  • IP address and device information
  • Browser type and operating system
  • Pages visited and time spent on the Platform
  • Referral source and click patterns
  • Cookies and similar tracking technologies

2.3 Third-Party Information

We may receive information about you from third parties, including analytics providers and publicly available sources, to enhance our understanding of user behavior and improve our services.

3. How We Use Your Information

We use collected information for the following purposes:

  • Processing and responding to your inquiries and service requests
  • Sending you requested information about our services
  • Improving and optimizing the Platform and user experience
  • Conducting research and analytics on Platform usage
  • Detecting and preventing fraud or security incidents
  • Complying with legal obligations and regulatory requirements
  • Sending newsletters and marketing communications (with your consent)
  • Personalizing your experience on the Platform

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information in the following circumstances:

  • With service providers who assist in operating the Platform and delivering services
  • When required by law, court order, or government request
  • To protect our legal rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets
  • With your explicit consent or at your direction

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Secure authentication mechanisms
  • Regular security assessments and vulnerability testing
  • Access controls and role-based permissions
  • Employee training on data protection practices

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your information.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. When information is no longer needed, we securely delete or anonymize it.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

  • Right to access your personal information
  • Right to correct inaccurate information
  • Right to delete your information
  • Right to restrict processing of your information
  • Right to data portability
  • Right to opt-out of marketing communications
  • Right to withdraw consent at any time

To exercise these rights, please contact us at the address provided in the Contact Us section below.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on the Platform. You can control cookie preferences through your browser settings. Disabling cookies may affect the functionality of certain features on the Platform.

9. Third-Party Links

The Platform may contain links to third-party websites. We are not responsible for the privacy practices of external sites. We encourage you to review the privacy policies of any third-party services before providing your information.

10. Children's Privacy

The Platform is not intended for children under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information and terminate the child's account.

11. International Data Transfers

Your information may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws that differ from your home country. By using the Platform, you consent to the transfer of your information to countries outside your country of residence.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on the Platform and updating the "Effective Date" at the top of this document. Your continued use of the Platform after such modifications constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about our privacy practices, please contact us through the contact form on our Contact page or reach out to our support team. We will respond to your inquiry within 30 days.

Last Updated: February 9, 2026
Version: 1.0

By using this website, you agree to our legal documents. Please review our Privacy Policy, Terms of Use, and Accessibility Statement in the footer.