We collect information to run our programs and platform. We do not sell your data. You can request a copy, correction, or deletion of your information at any time. Questions? Email [email protected].
This Privacy Policy describes how Digital Defense Foundation ("DDF") and Digital Defense Institute ("DDI") collect, use, store, and protect personal information. DDF is a nonprofit cybersecurity education organization. DDI is DDF's for-profit subsidiary and the operator of Aqonis, our flagship SaaS platform. Both organizations are based in the Kansas City metro area.
By accessing our websites, platforms, or services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use immediately.
01Who This Policy Covers
This policy applies to all individuals who interact with DDF or DDI, including:
- Visitors to our websites (digitaldefensefoundation.org, aqonis.com, and related domains)
- Learners enrolled in DDF cohort programs or using the Aqonis platform
- Applicants for scholarships, vouchers, or subsidized programs
- Corporate partners, enterprise clients, and licensing contacts
- Instructors, contractors, and volunteers affiliated with DDF or DDI
- Newsletter subscribers and event attendees
02Information We Collect
2.1 Information You Provide Directly
- Name, email address, and phone number
- Professional background, current role, and career goals (for program applications)
- Payment and billing information (processed through third-party payment processors — we do not store card numbers)
- Account credentials (username, password) for Aqonis platform access
- Application materials, survey responses, and program feedback
- Communications submitted through contact forms or direct email
2.2 Information Collected Automatically
- IP address, browser type, device type, and operating system
- Pages visited, time on page, and navigation paths
- Cookies and similar tracking technologies (see Section 7)
- Platform usage data: lessons completed, XP earned, assessments taken, login frequency
2.3 Information from Third Parties
- Single sign-on data (if applicable, from Google or other OAuth providers)
- Payment processor confirmations (Stripe or similar)
- Partner referral data if you were directed to our platform by an affiliated organization
03How We Use Your Information
We use the information we collect to:
- Deliver, administer, and improve DDF programs and the Aqonis platform
- Process enrollment applications, payments, and scholarship awards
- Track learner progress and issue completion credentials
- Communicate about program updates, events, and resources
- Provide technical support and respond to inquiries
- Conduct internal analysis to improve curriculum and platform performance
- Comply with legal obligations and enforce our terms of service
- Send marketing and promotional communications (with opt-out available)
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
04Legal Basis for Processing (GDPR / International Users)
If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with applicable data protection law, we process your information under the following legal bases:
- Contract performance — to deliver services you have enrolled in or purchased
- Legitimate interests — to improve our platform, prevent fraud, and operate our organization
- Legal compliance — to meet regulatory, tax, or reporting obligations
- Consent — for marketing communications and optional data processing (withdrawable at any time)
05How We Share Your Information
5.1 Service Providers
We share information with trusted third-party vendors who help us operate our services, including:
- GoHighLevel — CRM and marketing automation
- Zoom — cohort delivery and virtual instruction
- Payment processors (e.g., Stripe) — for billing and subscription management
- Cloud hosting providers — for platform infrastructure
All service providers are contractually required to protect your data and use it only to provide services on our behalf.
5.2 Legal Requirements
We may disclose your information if required by law, subpoena, court order, or government request, or when we believe disclosure is necessary to protect the rights, property, or safety of DDF, DDI, our users, or the public.
5.3 Business Transfers
In the event of a merger, acquisition, or organizational restructuring, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
5.4 DDF / DDI Internal Sharing
DDF and DDI are related entities. Information collected through DDI's platforms (including Aqonis) may be shared with DDF for mission-reporting, grant compliance, and community program purposes. Both entities are bound by this policy.
06Data Retention
We retain your personal information for as long as necessary to fulfill the purposes described in this policy or as required by law:
- Active learner accounts: retained for the duration of enrollment plus 3 years
- Inactive accounts: retained for 2 years, then anonymized or deleted upon request
- Payment records: retained for 7 years (tax and financial compliance)
- Marketing contacts: retained until you opt out or request deletion
You may request deletion of your data at any time (see Section 8).
07Cookies & Tracking Technologies
We use cookies and similar technologies for the purposes described below. You may manage your preferences through your browser settings. Disabling essential cookies will affect platform functionality. We do not currently respond to browser Do Not Track signals.
| Cookie Type | Purpose | Can You Opt Out? |
|---|---|---|
| Essential / Session | Login state, platform navigation, account security | No — required for platform to function |
| Analytics | Usage patterns, lesson completion, feature performance | Yes — via browser settings or cookie preferences |
| Marketing | Campaign tracking, referral attribution | Yes — via opt-out link in any email or browser settings |
08Your Rights & Choices
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal information we hold about you
- Correction: Request that inaccurate or incomplete information be updated
- Deletion: Request that your personal data be deleted, subject to legal retention requirements
- Portability: Request your data in a structured, machine-readable format
- Objection: Object to certain types of processing, including direct marketing
- Opt-out: Unsubscribe from marketing emails at any time using the unsubscribe link in any communication
To exercise any of these rights, contact us at [email protected]. We will respond to verifiable requests within 30 days. We may need to verify your identity before processing your request.
09California Residents — CCPA Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information we collect, use, disclose, and sell
- Right to delete personal information we hold about you (subject to legal exceptions)
- Right to opt out of the sale of personal information — note: we do not sell personal information
- Right to non-discrimination for exercising your CCPA rights
To submit a CCPA request, email [email protected] with the subject line: "California Privacy Request." We will respond within 45 days. You may designate an authorized agent to make a request on your behalf.
10Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:
- Encrypted data transmission (TLS/HTTPS)
- Access controls and role-based permissions
- Secure third-party payment processing (we do not store full payment card data)
- Regular security reviews of our platform and infrastructure
No method of transmission over the internet or electronic storage is 100% secure. While we take commercially reasonable precautions, we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify you as required by applicable law.
11Children's Privacy
Our services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If DDF or DDI programs serve participants under 18 through institutional partnerships (such as workforce development programs or school-based cohorts), we collect only the information necessary to deliver those services, and we require institutional partners to obtain appropriate parental or guardian consent in advance.
If you believe we may have inadvertently collected information from a minor, contact us at [email protected] and we will delete it promptly.
12Third-Party Links
Our websites and platform may contain links to third-party websites or resources. This Privacy Policy does not apply to those external sites. We are not responsible for the privacy practices of third parties and encourage you to review their policies before providing personal information.
13Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or organizational structure. When we make material changes, we will:
- Post the updated policy on our website with a revised effective date
- Notify active platform users via email or in-app notification
Your continued use of our services after the effective date of any update constitutes your acceptance of the revised policy.
14Contact Information
Questions about your data, requests to access or delete your information, or concerns about how we handle it — contact us directly. We respond within 30 days.
Digital Defense Foundation / Digital Defense Institute
Privacy Contact: Jenn Charles, Founder & CEO
Email: [email protected]
Mailing Address: 12022 Blue Valley Parkway, PMB 595, Overland Park, KS 66212