Cyber Risk Analysis Group's Privacy Policy

Effective: May 26, 2023

Introduction

Welcome to the Cyber Risk Analysis Group ("CRAG", "we", "us", or "our"). We respect your privacy and are committed to protecting it through our compliance with this policy. This policy describes:

• The types of information we may collect from you or that you may provide when you visit the website https://www.crag443.com (our "Website") and our practices for collecting, using, maintaining, protecting, and disclosing that information.
• Our commitment to adhering to Service Organization Control 2 (SOC 2) standards, ensuring we meet stringent requirements for managing customer data based on five "trust service principles"—security, availability, processing integrity, confidentiality, and privacy.

This policy applies to information we collect:

• On this Website.
• In email, text, and other electronic messages between you and this Website.

It does not apply to information collected by:

• Us offline or through any other means, including on any other website operated by CRAG or any third party; or
• Any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.

Information We Collect About You and How We Collect It

We collect several types of information from and about users of our Website, including information:

• by which you may be personally identified, such as name, postal address, e-mail address, telephone number, or any other identifier by which you may be contacted online or offline ("personal information");
• that is about you but individually does not identify you; and/or
• about your internet connection, the equipment you use to access our Website and usage details.

We collect this information:

• Directly from you when you provide it to us.
• Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.

How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information:

• To present our Website and its contents to you.
• To provide you with information, products, or services that you request from us.
• To fulfill any other purpose for which you provide it.
• To notify you about changes to our Website or any products or services we offer or provide through it.
• To comply with applicable laws and regulations.
• To fulfill our obligations as required under SOC 2 compliance.

Disclosure of Your Information

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety.

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls.

However, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated on the Website home page. If we make material changes to how we treat our users' personal information, we will notify you through a notice on the Website home page.