Privacy Policy Last Updated: July 7, 2025 

This National Cybersecurity Alliance Privacy Policy describes the types of information NCA (“NCA,” “we,” or “us”) collects and processes from and about you. This Privacy Policy applies to any information collected on any NCA website that you visit, as well as information collected by us via other methods of interaction with NCA, including personal requests for information (collectively, the “Services”). This Policy does not apply to information collected by third party websites which you accessed via links from the Services. By using the Services, you are consenting to the practices described in this Privacy Policy. If you do not agree to the practices described in this Privacy Policy, please do not access or use the Services. 

1. Information We Collect 

The information we collect may include data you explicitly provide to us, and data we obtain automatically from your interactions with our Services.        

 a. Information You Provide Us 

We may collect or have access to information directly from you when you register to receive our Services, or otherwise communicate or interact with us. The types of information we may collect from you directly may include, but is not limited to, your first name, last name, company name, job title, email address, and user ID and password information that you create in connection with our Services.  The forgoing information may be provided to NCA to facilitate certain transactions you carry out through our Services, and NCA will retain the associated records, including NCA’s fulfillment of goods or services in connection with those transactions.  For any registration fees or tickets for NCA events, or other payment transactions on the Services, NCA will use third-party services for payment processing.  NCA will not store or collect your payment card details.  That information is provided directly to our third-party payment processors whose use of your personal information is governed by their privacy policy.  NCA currently uses Stripe and WooCommerce services as third- party service providers for financial transactions and payment services to NCA, and their privacy policies, respectively, can be viewed at https://stripe.com/privacy and https://automattic.com/privacy/.    

When you subscribe to communications from NCA (newsletters, email alerts, etc.) you can expect we will contact you about ways to get involved in your community regarding online safety; you will receive updates from NCA about free resources and upcoming events; we do not share our contact lists (period); at times we use our lists to inform people of important events in cybersecurity by our partners (industry, non-governmental organizations and government); you can expect to hear from NCA on average a couple of times per month and, in the ramp-up to Cybersecurity Awareness Month (October) and Data Privacy Week (January), more frequently; you can opt out of these communications at any time by utilizing the opt-out or unsubscribe links found in the trailer of email messages, newsletters, and other electronic forms of communication.        

 b. Information We Collect Automatically 

Cookies and Similar Technologies.  When you use the Services, we, or our vendors, may place cookies on your browser or other access device.  Cookies are small text files that are placed on your computer by websites that you visit. We and our vendors may also use technologies similar to cookies to track your interaction with the Services, including web beacons, pixels, tags and Flash objects (together with cookies, “Cookies”).    We may also embed web beacons, tags, and pixels in the emails we send to you to help us understand how you interact with those messages, such as whether and when you opened a message. You may choose to decline cookies, but doing so may affect your ability to access or use certain features of our Services.  For more information on your choices and options, please see Sections 4 (Advertising ) and Section 6 (Your Choices and Rights) below.           

c. How We Use Your Information 

Generally, information you provide to us will be used to provide the Services or to help us deliver a better website experience to you on all our websites and to enhance our business efficiency and effectiveness with you. We may also use your personal information to: 

• Provide you with the Service;  

• Send you information you have requested; 

• Respond to your questions or comments; 

• Otherwise communicate with you; 

• Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection; 

• Notify you about changes to Services; 

• To comply with our legal obligations or as permitted by law; 

• To protect the safety and/or integrity of our users, employees, third parties, members of the public, and/or our Service; 

• To prevent, detect, investigate and respond to fraud, unauthorized access/use of the Service, breaches of terms and policies, or other wrongful behavior; and 

• Administer and troubleshoot the Service. 

We may combine information that we collect from you through the Services with information that we obtain from other sources.  We may also aggregate and/or de-identify information collected through the Services. We may use de-identified or aggregated data for any purpose, including without limitation for research and marketing purposes. 

3. How We Disclose Your Information  

We may disclose your personal information as follows: 

• Personnel & Vendors:  We may disclose your information to NCA officers, employees, contractors, vendors, and other third-party service providers who need access to such information to carry out work or perform services on our behalf, such as those who provide data storage, payment, technology support and services, customer service, analytics, fraud prevention, or legal services. 

• Event Sponsors: We may disclose your information to NCA event sponsors, industry partners, or other attendees when you register to attend an NCA event. 

• Business Transfers: We may disclose your information in connection with, or during negotiations of, any merger, acquisition, sale of assets or any business, other change of control transaction or financing, in which personal information held by NCA is among the assets transferred; between any future parent, subsidiary, and/or affiliated company. 

• Enforcing our Agreements: We may share your information if we believe your actions are inconsistent with our agreements or policies with you. 

• Legal Requirements & Rights: We may need to disclose or provide access to information if NCA has a good faith belief that such action is necessary to (i) comply with the law; (ii) comply with legal processes or governmental requests; (iii) prevent, investigate, detect, or prosecute criminal offenses or attacks on the technical integrity of our websites or our networks; and/or (iv) to protect the rights, property, safety and security of our employees, our website visitors, and/or the public. 

• Consent: We may also share your information as otherwise permitted or required by law or as authorized by you. 

4. Advertising. 

Advertising. The use of tracking technologies by our vendors, technology partners or other third-parties on the Services is not covered by our Privacy Policy. We do not have access or control over these technologies. 

In the US, the opt-out pages offered by the Network Advertising Initiative and the DAA’s AboutAds program also offer a means to opt out of a number of advertising cookies.  Please visit the Network Advertising Initiative (https://thenai.org/opt-out/) and the DAA’s AboutAds program (https://optout.aboutads.info/?c=2&lang=EN) to learn more.  Note that opting out does not mean you will no longer receive online advertising.  It does mean that the company or companies from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.  Opting out through the above methods will cause one or more opt-out cookies to be set on your browser or device, to indicate that you have opted out. Note that opt-outs are browser-specific, so opting out on one browser will not affect a second browser or device that you use. For the same reason, if you buy a new device, change browsers or clear all cookies, you’ll need to perform this opt-out task again. 

Do Not Track. We do not recognize or respond to browser initiated Do Not Track signals, as the Internet industry is currently still working on Do Not Track standards, implementations, and solutions.   

5. Third Party Websites 

NCA may maintain links to other websites or services and other websites may maintain links to the Services. This Privacy Policy applies only to the Services and not to other websites or services accessible from NCA or that you use to access NCA, each of which may have privacy policies materially different from this Privacy Policy. If you visit other websites or use other services, NCA is not responsible for the privacy practices or content of those sites. It is your responsibility to review the privacy policies of non-NCA websites and service to confirm that you understand and agree with them. 

6. Your Choices and Rights 

Marketing emails: at any time, you can tell us to stop sending you promotional communications for our NCA programs, events, or other services by utilizing the opt-out or unsubscribe links found in the trailer of email messages, newsletters and other electronic forms of communication.    

Cookies: Most web browsers are set to accept Cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. The method for disabling Cookies may vary by device and browser but can usually be found in your device or browser preferences or security settings. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of the Services. 

Online Advertising Networks: You may opt out of receiving targeted ads based on the information we collect from you by following the instructions in the “Advertising” section above. 

In addition, you may set preferences with specific third-party services that we utilize on our Services. 

Google Analytics: Our websites use Google Analytics, a web analytics service provided by Google Inc. (“Google”).  Google Analytics uses so-called “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compile reports on website activity and other information relating to website activity and internet use.   For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/.  For more information on the types of cookies utilized by Google Analytics, please visit https://policies.google.com/technologies/cookies?hl=en-US.  You can opt-out of Google’s collection and processing of data generated by your use of the Services by going to https://tools.google.com/dlpage/gaoptout.  Note that Google’s opt-out mechanism is specific to Google activities and does not affect the activities of other ad networks or analytics providers that we may use. 

Google Tag Manager:  Our Services use the Google Tag Manager as part of Google Analytics.  Tags are small code elements on our website that, among other things, are used to measure traffic and behavior, to capture the impact of online advertising and social channels, to use remarketing and targeting groups, and to measure their website to test and optimize. Google Tag Manager causes other tags to be set off, which in turn may collect data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.  Further information about Google Tag Manger can be found at https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.   

Google Ads:  We use the online advertising program Google Ads on our Services, through which we place advertisements on the Google search engine. When you access our websites via a Google ad, Google sets a cookie on your terminal device ("conversion cookie"). In the process, a different conversion cookie is assigned to each Google Ads customer, so that the cookies are not tracked across the websites of different Google Ads customers. The information obtained with the help of the cookie is used to create conversion statistics. This tells us the total number of users who clicked on one of our Google ads. However, we do not receive any information with which users can be personally identified.   You can find Google's privacy policy here:  https://policies.google.com/privacy?hl=en-US. 

Meta Pixel (formerly known as Facebook Pixel):  We use the "visitor action pixels" from Meta on our Services. This allows user behavior to be tracked after they have been redirected to our website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Meta, which is why we are informing you, based on our knowledge of the situation. Meta may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook's Data Usage Policy. You can allow Meta and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. You can object to the collection of your data by Meta pixel, or to the use of your data for the purpose of displaying Facebook ads in your account-settings. You can find Meta's privacy policy here: https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0. 

LinkedIn Insight Tag: The LinkedIn Insight Tag is a piece of lightweight JavaScript code that we have added to our websites to enable in-depth campaign reporting and to help us unlock valuable insights about our website visitors. We use the LinkedIn Insight Tag to track conversions, retarget website visitors, and unlock additional insights about members interacting with our LinkedIn ads. The LinkedIn Insight Tag enables the collection of metadata such as IP address information, timestamp, and events such as page views. All data is encrypted. The LinkedIn browser cookie is stored in a visitor's browser until they delete the cookie or the cookie expires. You can opt out of cookies from LinkedIn on your LinkedIn settings page. ​​You can find LinkedIn's privacy policy here: https://www.linkedin.com/legal/privacy-policy. 

Twitter Pixel: We have also included the remarketing function of the Twitter service on our websites.  With the Twitter remarketing function we can offer you advertising based on your interests on the Twitter platform.  For this purpose, Twitter uses so-called "tags" or pixels.  This tag is used to record visits on our website as well as usage data (e.g. all interactions relating to the advertising displayed such as clicking on links, retweets or likes) in a pseudonymous, non-personal way. If you subsequently visit Twitter, integrated ads are displayed based on your interests. Twitter will then receive information from your browser that our website has been accessed by your device. If you are registered with a Twitter service, Twitter can assign the visit to your account. Even if you are not registered on Twitter or have not logged in, it is possible that the provider may learn and store your IP address and other identifiers. The information generated by the tags about your use of our Services is transferred to a Twitter server in the USA and stored there. For more information on how to disable this feature on Twitter, see https://help.twitter.com/en/safety-and-security/privacy-controls-for-tailored-ads.   HubSpot Analytics:  

HubSpot Analytics is a web analytics service offered by HubSpot, Inc. HubSpot utilizes cookie and usage data collected to track and examine the use of the Services, analyze demographic information, and to prepare reports on user activities and share them with other HubSpot services.  HubSpot may use the data collected to contextualize and personalize the ads of its own advertising network.  For more information on the privacy practices of HubSpot, please visit the HubSpot Privacy Policy web page: https://legal.hubspot.com/privacy-policy.  

7. Notice to Nevada Residents 

Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration to another person. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.   
 
NCA does not sell your personal information to third parties for monetary consideration.  However, as explained in the Section 3 (How We Disclose Your Information ) above, NCA may provide your personal information to event sponsors, industry partners, or other attendees when you register to attend an NCA event or conference, and this may constitute a sale of your personal information under Nevada law.  If you are a Nevada resident and have questions, or and wish to opt-out of having your information shared in this manner, please contact us at info@staysafeonline.org.  

8. Data Retention  

In general, NCA will retain collected information for the length of time needed to fulfill the purposes outlined in this Policy, comply with our legal obligations, resolve disputes, and enforce our agreements, unless a longer retention period is permitted by law.   

9. Data Security 

NCA maintains administrative, technical, and physical safeguards that are designed to protect the security of personal information.  The safeguards include tools and technologies including firewalls, data encryption techniques, passwords and security certificates.   

Please be aware, however, that no data transmission over the Internet can be guaranteed to be 100% secure.  Consequently, we cannot ensure or warrant the security of any information you transmit to us.  Any information that you transfer to us is done at your own risk.  We are not responsible for circumvention of any privacy settings or security measures contained on the Services.  If we learn of a data security system breach, we may attempt to notify you electronically regarding security, privacy, and administrative issues relating to your use of the Services, in accordance with applicable law.   

You play a critical role in protecting your information by maintaining up-to-date computer security protections.  Steps you take to ensure the security of your computer, user IDs, passwords, or other personal identifier authentication mechanisms are key components of the protection of your personal information.  Where we have given you access credentials (including a password) for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.  You agree that you are responsible for any additional verification procedures and security you deem necessary. 

10. Children’s privacy 

Only persons 18 years of age or older may use the Services. We do not knowingly collect personal information from individuals under 13 years of age. If we discover that an individual under 13 has provided us with personal information, we will delete the personal information to the extent required by law. 

11. International transfers 

We are headquartered in the United States and have service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, or country. By accepting the terms of this Privacy Policy, you acknowledge and accept the processing of your personal information on servers located in the United States and in states, provinces or countries outside of your own. 

12. Changes to the Privacy Policy 

We may change this Policy to reflect changes in the law, our information practices, or the features of the Services. At the top of our Policy, we will indicate the date of the most recent update. If we make a material change to the Policy, you will be provided with appropriate notice in accordance with legal requirements. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Policy. 

13. Contact Us 

Please address any questions, concerns or comments you have about this policy to info@staysafeonline.org.