Privacy Policy

1. Who we are

Dragonfli Group LLC ("Dragonfli Group," "we," "us," or "our") operates the CMMC Accelerator platform at cmmc.dragonfligroup.com. We help defense contractors assess their cybersecurity readiness for CMMC Level 2 certification. Questions about this policy can be directed to privacy@dragonfligroup.com.

2. What we collect

When you use this platform, we collect:

• ›Account information: Name, email address, and any profile information you provide when creating an account through Clerk.
• ›Organization profile: Company name, industry, employee count, whether you hold DoW contracts, and whether you handle Controlled Unclassified Information (CUI).
• ›Assessment responses: Your answers to cybersecurity readiness questions across the 14 CMMC domains.
• ›Company website (optional): If you provide your company URL, we fetch publicly available content from that page to tailor your assessment questions.
• ›Usage data: Standard server logs, page views, and session information collected automatically.

3. How we use your information

• ›Generate and deliver your CMMC readiness assessment and results
• ›Create AI-assisted compliance documents (SSP, POA&M) based on your responses
• ›Email your assessment results when you request it
• ›Contact you about follow-on services (T1, T2, or T3 engagements)
• ›Improve the platform and assessment quality over time

We do not sell your data to third parties.

4. Third-party services

This platform uses the following third-party services that may receive your data:

• ›Clerk (clerk.com): Authentication and user account management. Your login credentials and account data are stored by Clerk.
• ›Anthropic (anthropic.com): AI language model API used to generate assessment questions and compliance documents. Your organization profile and assessment responses are sent to Anthropic's API to generate these outputs.
• ›Google Firebase / Firestore: Secure cloud database used to store your assessment progress and completed results.
• ›Resend (resend.com): Email delivery service used to send your assessment results when requested.
• ›Cloudflare: CAPTCHA (Turnstile) and infrastructure security.

5. AI-generated content and your data

Your assessment responses are sent to Anthropic's API to generate compliance documents (SSP, POA&M) and assessment questions. We do not use your responses to train AI models. Anthropic's data handling is governed by Anthropic's Privacy Policy.

All AI-generated documents are labeled as drafts and must be reviewed before use in any official context. See our Terms of Service for important limitations on AI-generated content.

6. Data retention

Assessment results are stored in Firestore and associated with your account. You may request deletion of your data at any time by emailing privacy@dragonfligroup.com. We will delete your account data within 30 days of a verified request.

7. Security

We use industry-standard security practices including encrypted connections (HTTPS), authentication via Clerk, and cloud storage via Google Firebase. However, no system is 100% secure. Do not include classified information or actual CUI data in your assessment responses.

8. Your rights

You have the right to:

• ›Access the data we hold about you
• ›Correct inaccurate data
• ›Request deletion of your data
• ›Export your assessment results

To exercise any of these rights, email privacy@dragonfligroup.com.

9. Changes to this policy

We may update this policy as the platform evolves. Material changes will be communicated via email to registered users. Continued use of the platform after changes constitutes acceptance of the updated policy.