Privacy Policy for CISSP Guru

This Privacy Policy explains how CISSP Guru collects, uses, stores, discloses, and protects information when you visit the website, start a trial, purchase or manage a subscription, create an account, or use the CISSP Guru study product.

For now, CISSP Guru is described here as a product operated by Evan Lutz / BowTiedCyber. If a specific legal entity is later published in the product, billing records, or footer, that entity will become the operator covered by this policy.

We collect account information such as your email address, password-authentication credentials, subscription status, and account metadata needed to run the product.

We collect billing and transaction information through Stripe, including customer identifiers, subscription identifiers, trial status, invoices, plan changes, payment outcomes, and related billing events. We do not store raw payment card numbers in the CISSP Guru application database.

We collect study and product-usage information such as question attempts, scores, weak areas, bookmarks, CAT runs, lessons viewed, generated explanations, topic progress, and other activity needed to operate the service.

We collect technical information such as IP address, device type, browser type, timestamps, approximate location derived from IP, referral data, and similar log or diagnostics information.

If analytics or advertising tools are enabled, we may also collect or receive cookie, browser, device, and event data through those tools.

If you contact us, we may collect the contents of your message and the account or billing information needed to respond.

We use information to create and manage accounts, authenticate users, operate lessons and study features, process subscriptions, enforce free-trial and plan rules, support upgrades or cancellations, and deliver the CISSP Guru experience.

We use study and performance information to personalize the product, generate weakness drills, readiness views, AI-assisted explanations, and similar functionality tied to your use of the platform.

We use technical and usage information to secure the service, investigate abuse or fraud, monitor reliability, debug incidents, improve the product, and analyze adoption and conversion performance.

We may also use information to comply with legal obligations, resolve disputes, enforce our Terms of Service, and protect the rights, safety, or security of CISSP Guru, our users, and the public.

CISSP Guru uses AI-powered features for certain explanations, diagnosis, and remediation workflows. To provide those features, relevant lesson context, question context, and limited account-linked study context may be sent to AI service providers such as OpenAI.

Do not submit highly sensitive personal information into free-form AI interactions. AI outputs are generated content and should be treated as study support, not legal, professional, medical, or exam-certification advice.

CISSP Guru may use cookies, pixels, local storage, and similar technologies to keep you signed in, remember settings, measure traffic, understand product usage, and evaluate marketing effectiveness.

If enabled, Google Analytics may collect information about website and product usage. If enabled, Meta Pixel may collect browser and event data for measurement, attribution, and advertising performance analysis.

We do not represent that the service currently responds to browser Do Not Track signals. If legally required signals or opt-out mechanisms are implemented later, this policy may be updated accordingly.

We disclose information to service providers and infrastructure partners that help us run CISSP Guru, including providers used for hosting, authentication, database/storage, billing, customer communications, AI functionality, analytics, and advertising measurement.

We may disclose information when reasonably necessary to comply with law, respond to lawful process, enforce agreements, investigate security or fraud issues, or protect rights, safety, and property.

We do not state that CISSP Guru 'sells' personal information for money. However, if analytics or advertising technologies are enabled, some technical identifiers or event data may be disclosed to those providers for measurement, attribution, or audience-related purposes.

We retain account, billing, subscription, and study records for as long as reasonably necessary to provide the service, maintain business and financial records, detect abuse, resolve disputes, enforce agreements, comply with law, and preserve backup integrity.

Deleting an account removes the live account from the active product systems, but certain records may be retained for billing, legal, fraud-prevention, audit, security, and backup reasons for a limited time or as otherwise required.

We use reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, misuse, alteration, or destruction.

No internet service or storage system is perfectly secure, and we cannot guarantee absolute security.

You can manage your subscription through the billing area and Stripe billing portal.

You can delete your account from the account-management area inside the app.

Depending on where you live, you may also have rights to request access to, correction of, deletion of, or additional information about personal information associated with your account.

Until a dedicated privacy-request channel is separately published, the practical way to exercise account-linked requests is through your authenticated account or the contact path tied to your billing records and service notices.

CISSP Guru is intended for adults and professional learners, not children under 13, and we do not knowingly collect personal information from children under 13 through the service.

CISSP Guru and its service providers may process information in the United States and in other jurisdictions where those providers operate. By using the service, you understand that information may be transferred to and processed in jurisdictions that may differ from your own.

We may update this Privacy Policy from time to time. If we make material changes, the updated policy will be posted here with a new effective date. Your continued use of the service after the updated policy becomes effective means you accept the revised policy.