Trust & Security
CyberCorrect™ is built to operate in your environment — not ours. You control your data, your infrastructure, and how the system is deployed.
In practice
- No forced cloud
- No hidden data flows
- No dependency on external processing by default
Data handling & privacy
No central data collection
CyberCorrect™ does not require central data collection to function. Privacy Review tools run in your browser; registers, maps, and evidence can stay local or sync only when you opt in.
You decide where data is processed, stored, and retained. The system is designed to operate without exporting sensitive inventory or evidence externally by default.
Why this matters
- • No vendor lock-in through data dependency
- • Reduced regulatory exposure from third-party processing
- • Full auditability of how data is used
Minimal data collection
Only what is necessary for the assessment or register is used. No default harvesting of inventories, registers, or evidence. Export-first artifacts (CSV, JSON, Markdown, PDF).
No resale or monetization
Customer data is never resold or monetized. Your information is used exclusively to generate your outputs.
Separation of environments
Customer environments are logically separated. Clear separation of anonymous scoring vs saved records.
Optional sync
When you opt in, data is used only to generate the outputs you need. By default, no data is collected for this purpose.
Delivery and deployment options
Three ways to engage
Privacy Review tools
Run in-browser; no account required
Privacy Workspace
Structured environment for registers and evidence
Client-hosted deployment
Full system in your infrastructure
You choose where your data resides (as set out in our Privacy Policy and Terms of Service):
- Local-only: All data in your browser (IndexedDB, localStorage) or desktop app.
- Self-managed cloud: Deploy to your own infrastructure (AWS, Azure, GCP).
- ERMITS-managed cloud: Optional encrypted sync; zero-knowledge architecture.
- On-premises: Enterprise deployment in your environment.
Workspace and Privacy Review tools are offered under privacy-preserving conditions: local-first by default, same-origin or client-hosted when shared data is used, and optional sync only when you choose. We do not access your assessment or register data by default.
For detailed information:
Security-by-design & what we won't do
Security and privacy built in, not bolted on
CyberCorrect™ follows security-by-design and privacy-by-design principles. Trust is as much about constraints as features — we avoid common privacy-tool failure modes.
No dark-pattern collection
No hidden telemetry that captures sensitive inventory or register details by default.
No "checkbox compliance"
Outputs are actionable artifacts with evidence and ownership, not just scores.
No vendor lock-in
Everything important can be exported and maintained in your own systems.
Traceability
Obligation mapping across frameworks; evidence tied to controls and owners; change-friendly model for continuous updates.
Framework alignment
Framework alignment
CyberCorrect™ is informed by and aligned with major privacy regulations and program structures. Outputs support defensible compliance and can inform GRC efforts. CyberCorrect does not claim certification or compliance on behalf of customers.
| Framework / regulation | CyberCorrect™ support |
|---|---|
| GDPR | Data mapping, lawful basis, rights workflows, DPIA inputs, records of processing |
| CCPA / CPRA | Data inventory, disclosure and rights support, obligation tracking |
| FERPA / MODPA | Education-focused tools (MODPA Screener, MODPA Review School); student data scope |
| NIST Privacy Framework | Identify, Govern, Control, Communicate, Protect alignment inputs |
| ISO/IEC 27701 | PIMS-oriented mapping and control evidence support |
Outputs & evidence you can defend
Trust is earned through outputs you can defend
CyberCorrect™ generates registers, maps, and evidence designed to support defensible privacy decisions. These deliverables enable privacy leads, legal, and auditors to understand compliance posture with clarity.
Registers & maps
Data inventory, processing activities, vendor lists, data flows, and obligation views.
Remediation roadmaps
Prioritized actions tied to obligations and controls, not generic checklists.
Evidence checklists
Control-to-obligation mapping and evidence tied to owners for audit readiness.
Exportable formats
CSV, JSON, Markdown, PDF — integrate with existing GRC and reporting workflows.
Outputs are designed to support privacy leads, legal, and auditors in making defensible decisions, with clear traceability from data and obligations to evidence.