DefenseEye Privacy Policy Last Updated: January 27, 2026

1. Introduction DefenseEye (“we,” “us,” or “our”) operates the CMMCLens platform. We are committed to protecting the privacy of our customers while providing robust CMMC compliance automation. This policy describes how we collect, use, and secure information when you use our services and Microsoft Marketplace offers.

2. Information We Collect

• User Data: Name, business email, and contact details provided during registration or through Microsoft Partner Center.
• Technical Connection Data: To provide CMMCLens services, we collect necessary Azure Tenant IDs, App Registration metadata, and configuration logs. We do not collect or store your Controlled Unclassified Information (CUI).
• Usage Data: IP addresses, browser types, and interaction logs to improve platform performance.

3. How We Use Your Information We use collected data solely to:

• Provision and maintain your CMMCLens subscription.
• Communicate critical security alerts regarding your NIST 800-171 compliance status.
• Process payments through the Microsoft Commercial Marketplace.

4. Data Storage and Sovereignty Given the nature of CMMC compliance, DefenseEye utilizes Azure GCC High for all data processing. We maintain strict data residency protocols to align with defense industry standards.

5. Third-Party Sharing We do not sell your data. We only share information with third parties (like Microsoft) as necessary to fulfill your subscription or when required by law.

6. Security We implement industry-standard administrative, technical, and physical safeguards. As a platform built for CMMC readiness, our own internal controls are mapped to NIST 800-171 standards.

7. Your Rights You may request access to, correction of, or deletion of your personal data by contacting us at: support@defenseeye.ai.

8. Changes to This Policy We will notify users of significant changes via the email associated with your Microsoft account or through a notice on our platform.