Privacy Policy — Digital Defense Institute Skip to main content
This policy applies to:  Digital Defense Institute LLC   |   For DDF's policy, visit digitaldefensefoundation.org/privacy-policy
Digital Defense Institute LLC

Privacy Policy

Effective: April 10, 2026 Last Updated: April 17, 2026
What this document covers, in plain terms

We collect information to run our training programs and platform. We do not sell your data. You can request a copy, correction, or deletion of your information at any time. Questions? Email [email protected].

This Privacy Policy describes how Digital Defense Institute LLC ("DDI") collects, uses, stores, and protects personal information. DDI is a for-profit cybersecurity training and certification preparation organization operating at digitaldefense.institute. DDI is based in Missouri.

By accessing our websites, platforms, or services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use immediately.

01Who This Policy Covers

This policy applies to all individuals who interact with Digital Defense Institute LLC, including:

  • Visitors to our website (digitaldefense.institute and related domains)
  • Learners enrolled in DDI courses, cohorts, or self-paced programs
  • Purchasers of DDI books, workshops, and advisory sessions
  • Advisory session clients and Calendly booking contacts
  • Corporate partners, enterprise clients, and licensing contacts
  • Newsletter subscribers and email opt-in contacts
  • Individuals who opt in to receive SMS / text messages from DDI

02Information We Collect

2.1 Information You Provide Directly

  • Name, email address, and phone number
  • Professional background, current role, and career goals (for program applications and advisory sessions)
  • Payment and billing information (processed through Stripe — we do not store card numbers)
  • Calendly booking data (name, email, session type, scheduling preferences)
  • Application materials, survey responses, and program feedback
  • Communications submitted through contact forms or direct email

2.2 Information Collected Automatically

  • IP address, browser type, device type, and operating system
  • Pages visited, time on page, and navigation paths
  • Cookies and similar tracking technologies (see Section 7)
  • Platform usage data: lessons completed, assessments taken, login frequency
  • GHL (GoHighLevel) form submission data and automation tags

2.3 Information from Third Parties

  • Payment processor confirmations (Stripe) — for billing and purchase management
  • Calendly scheduling data — for advisory session bookings
  • Partner referral data if you were directed to our platform by an affiliated organization

2.4 SMS / Text Message Communications

If you opt in to receive SMS messages from DDI through a web form on digitaldefense.institute, we collect:

  • Your mobile phone number
  • Your opt-in consent record (date, time, form source, and IP address)
  • Message delivery status (delivered, failed, opted out)
  • Your response history, including HELP and STOP replies
SMS opt-in is always voluntary. You may opt out at any time by replying STOP to any message. Message frequency varies based on the programs and resources you engage with — typically 2–6 messages per month. Msg & data rates may apply.

SMS messages may include:

  • Welcome messages and lead magnet delivery confirmations
  • Webinar and cohort reminders
  • Course access notifications
  • Security+ exam prep tips and study resources
  • Promotional offers for DDI programs, books, and advisory sessions

We do not share your phone number or SMS opt-in data with third parties for their marketing purposes. SMS data is processed through our telecom carrier partner (Twilio) and our CRM (GoHighLevel) — both are contractually bound to use this data only to deliver our messages on our behalf.

For SMS support, reply HELP to any message or use the contact form at digitaldefense.institute/contact.

03How We Use Your Information

We use the information we collect to:

  • Deliver, administer, and improve DDI training programs and digital products
  • Process course enrollments, book purchases, and advisory session bookings
  • Track learner progress and issue completion credentials
  • Communicate about program updates, new products, and resources
  • Provide technical support and respond to inquiries
  • Conduct internal analysis to improve curriculum and platform performance
  • Comply with legal obligations and enforce our terms of service
  • Send marketing and promotional communications (with opt-out available)
  • Deliver SMS / text messages to opted-in recipients (with STOP opt-out available at any time)

We do not sell, rent, or trade your personal information — including phone numbers and SMS opt-in data — to third parties for their own marketing purposes.

04Legal Basis for Processing (GDPR / International Users)

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with applicable data protection law, we process your information under the following legal bases:

  • Contract performance — to deliver services you have enrolled in or purchased
  • Legitimate interests — to improve our platform, prevent fraud, and operate our organization
  • Legal compliance — to meet regulatory, tax, or reporting obligations
  • Consent — for marketing communications, SMS messages, and optional data processing (withdrawable at any time)

05How We Share Your Information

5.1 Service Providers

We share information with trusted third-party vendors who help us operate our services, including:

  • GoHighLevel (GHL) — CRM, marketing automation, and form processing
  • Stripe — payment processing and subscription management
  • Calendly — advisory session scheduling (handle: walkerjenn)
  • Zoom — live session and cohort delivery
  • Twilio — SMS / text message delivery and opt-in consent logging
  • Cloud hosting providers — for platform infrastructure

All service providers are contractually required to protect your data and use it only to provide services on our behalf.

5.2 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government request, or when we believe disclosure is necessary to protect the rights, property, or safety of DDI, our users, or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or organizational restructuring, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

5.4 DDI / DDF Information Sharing

Digital Defense Institute LLC and Digital Defense Foundation are legally separate entities. DDI does not share your personal information with DDF for commercial purposes. Limited information may be shared between entities only when required for mission-reporting, arm's-length referrals, or when you have explicitly opted into a DDF program through DDI's bridge pathway. Any such sharing is governed by a minimum 48-hour separation and separate sender identity requirements.

5.5 SMS Data — No Third-Party Sharing for Marketing

Your mobile phone number and SMS opt-in consent data are never shared, sold, or transferred to third parties for their marketing purposes. This is true of all data we collect, but we call it out specifically here because SMS data requires heightened protection under TCPA and carrier compliance standards.

06Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy or as required by law:

  • Active learner accounts: retained for the duration of enrollment plus 3 years
  • Inactive accounts: retained for 2 years, then anonymized or deleted upon request
  • Payment records: retained for 7 years (tax and financial compliance)
  • Marketing contacts: retained until you opt out or request deletion
  • Advisory session records: retained for 3 years from session date
  • SMS opt-in consent records: retained for 4 years after opt-out, as required by TCPA compliance standards

You may request deletion of your data at any time (see Section 8).

07Cookies & Tracking Technologies

We use cookies and similar technologies for the purposes described below. You may manage your preferences through your browser settings. Disabling essential cookies will affect platform functionality. We do not currently respond to browser Do Not Track signals.

Cookie types, their purposes, and opt-out options
Cookie Type Purpose Can You Opt Out?
Essential / Session Login state, platform navigation, account security No — required for platform to function
Analytics Usage patterns, lesson completion, feature performance Yes — via browser settings or cookie preferences
Marketing Campaign tracking, referral attribution, GHL automation tags Yes — via opt-out link in any email or browser settings

08Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that inaccurate or incomplete information be updated
  • Deletion: Request that your personal data be deleted, subject to legal retention requirements
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to certain types of processing, including direct marketing
  • Email opt-out: Unsubscribe from marketing emails at any time using the unsubscribe link in any communication
  • SMS opt-out: Reply STOP to any text message to immediately unsubscribe from all DDI SMS communications. Reply HELP to any text message for support.

To exercise any of these rights, contact us at [email protected]. We will respond to verifiable requests within 30 days. We may need to verify your identity before processing your request.

09California Residents — CCPA Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to delete personal information we hold about you (subject to legal exceptions)
  • Right to opt out of the sale of personal information — note: we do not sell personal information
  • Right to non-discrimination for exercising your CCPA rights

To submit a CCPA request, email [email protected] with the subject line: "California Privacy Request." We will respond within 45 days. You may designate an authorized agent to make a request on your behalf.

10Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encrypted data transmission (TLS/HTTPS)
  • Access controls and role-based permissions
  • Secure third-party payment processing via Stripe (we do not store full payment card data)
  • Regular security reviews of our platform and infrastructure

No method of transmission over the internet or electronic storage is 100% secure. While we take commercially reasonable precautions, we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

11Children's Privacy

Our services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If DDI programs serve participants under 18 through institutional partnerships, we collect only the information necessary to deliver those services, and we require institutional partners to obtain appropriate parental or guardian consent in advance.

If you believe we may have inadvertently collected information from a minor, contact us at [email protected] and we will delete it promptly.

12Third-Party Links

Our website and platform may contain links to third-party websites or resources. This Privacy Policy does not apply to those external sites. We are not responsible for the privacy practices of third parties and encourage you to review their policies before providing personal information.

13Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or organizational structure. When we make material changes, we will:

  • Post the updated policy on our website with a revised effective date
  • Notify active platform users via email or in-platform notification

Your continued use of our services after the effective date of any update constitutes your acceptance of the revised policy.

14Contact Information

Questions about your data, requests to access or delete your information, or concerns about how we handle it — contact us directly. We respond within 30 days.

Digital Defense Institute LLC
Privacy Contact: Jenn Charles, Founder
Email: [email protected]
Missouri, United States