Skip to content
CyberAutopsySHIELD · COMPLIANCE
CMMC Level 2ServicesThe MethodIndustriesResourcesAbout Client PortalBook Contract Risk Audit →
LEGAL

Privacy Policy

EFFECTIVE 2026-01-01 · LAST UPDATED 2026-05-15

CyberAutopsy LLC (“CyberAutopsy,” “we,” “us”) operates this site at cyberautopsy.com. This policy describes what information we collect, how we use it, and how we protect it. We work with Department of Defense contractors who handle Controlled Unclassified Information (CUI); this policy is written with that audience in mind.

Information we collect

We collect the minimum information required to deliver our services. Specifically:

  • Contact submissions: Name, work email, company, CAGE code, role, contract value at risk, and CUI handling status submitted through the Contract Risk Audit form or the gated brief.
  • Calendly bookings: Name, email, calendar slot, and any notes you provide. Calendly is a separate processor with its own terms.
  • Engagement data: Material you provide under engagement, including system documentation and artifacts. This is treated as confidential and, where the engagement involves CUI, is handled inside a CUI-compliant boundary.
  • Server logs: IP address, user agent, and request path, retained no longer than 30 days for diagnostic purposes.

How we use information

  • To respond to inquiries and route them to the appropriate partner.
  • To deliver contracted services and the deliverables described in the engagement letter.
  • To meet our own legal and regulatory obligations.

We do not sell information. We do not share information with third parties for their own marketing. We do not use information for behavioral advertising.

Cookies and analytics

This site uses strictly necessary first-party cookies to maintain session state. We do not use third-party advertising cookies. If analytics are enabled on this site, they are configured for first-party, IP-anonymized collection only.

How we protect information

CyberAutopsy maintains a security posture aligned with NIST SP 800-171. Engagement data classified as CUI is handled inside an authorized CUI boundary maintained by the firm. Public-site data (contact form submissions, lead-magnet email captures) is stored in commercially reasonable, encrypted infrastructure separate from the CUI boundary.

Data retention

  • Contact form submissions: 24 months from last interaction, then deleted on request or by policy.
  • Engagement records: 7 years from engagement close, consistent with federal contractor record-retention norms.
  • Server logs: 30 days.

Your rights

You may request access to or deletion of information we hold about you by emailing intake@cyberautopsy.com. We will respond within 30 days. We honor requests under applicable U.S. state privacy laws (CCPA, CDPA, CPA, CTDPA, UCPA).

Contact

CyberAutopsy LLC · Northern Virginia, United States · intake@cyberautopsy.com