Privacy Policy

Effective date: May 22, 2026  ·  Last updated: May 22, 2026

Hydromation Inc. ("Hydromation," "we," "us," or "our") operates CMMC Map at cmmcmap.com. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Information We Collect

Account information: When you register, we collect your name, email address, organization name, and password (hashed). We do not store plain-text passwords.

Usage data: We collect information about how you use the platform — controls viewed, documents generated, progress scores, and session activity. This data is used to provide the service and improve it.

Billing information: Payment processing is handled by Stripe. We do not store credit card numbers or bank details. We receive only limited transaction metadata (last 4 digits, billing postal code, subscription status) from Stripe.

User-uploaded content: If you upload documents for the CUI pre-scan feature, those files are temporarily analyzed by AI and are not retained beyond the session scan. We do not store the contents of uploaded documents.

Technical data: We collect standard server logs including IP addresses, browser type, and referring URLs for security and debugging purposes.

2. How We Use Your Information

We do not sell your personal data to third parties. We do not use your data to train AI models.

3. AI Features and Third-Party APIs

CMMC Map offers AI-powered Q&A using the Anthropic Claude API. You may use your own Anthropic API key (BYOK) for this feature. When you submit a question, the query text is sent to Anthropic's API. Your use of the AI feature is also subject to Anthropic's Privacy Policy. We do not share your organization name, contact details, or progress data with Anthropic.

4. Data Storage and Security

Your data is stored in Supabase (PostgreSQL), hosted in the United States. We use row-level security (RLS) to ensure each organization can only access its own data. All data in transit is encrypted via TLS. We follow CMMC-aligned security practices — consistent with what we help our customers achieve.

Important: CMMC Map is not an approved CUI storage system. Do not upload actual Controlled Unclassified Information to the platform.

5. Data Retention

We retain your account data for as long as your subscription is active and for 90 days after cancellation to allow for account recovery. After 90 days, account data is permanently deleted. Server logs are retained for 30 days. You may request immediate deletion at any time (see Section 8).

6. Cookies and Tracking

We use essential session cookies required to keep you logged in. We may use analytics tools (such as Google Analytics) to understand aggregate usage patterns. No advertising or cross-site tracking cookies are used. You can disable non-essential cookies in your browser settings.

7. Sharing of Information

We share data only with the following service providers who process it on our behalf:

We may disclose data if required by law, subpoena, or to protect the rights and safety of Hydromation, our users, or the public.

8. Your Rights

You have the right to:

To exercise any of these rights, contact us at legal@cmmcmap.com. We will respond within 30 days.

9. Children's Privacy

CMMC Map is intended for business use by adults (18+). We do not knowingly collect personal data from anyone under 18. If we learn that a minor has created an account, we will promptly delete the account and associated data.

10. Changes to This Policy

We may update this Privacy Policy as the service evolves. We will notify registered users of material changes by email at least 14 days before they take effect. The effective date at the top of this page reflects the most recent revision.

11. Contact

Privacy questions or requests:

Hydromation Inc.
12015 US-50 Suite 600
Fairfax, VA 22033
legal@cmmcmap.com

© 2026 Hydromation Inc. Terms Privacy info@cmmcmap.com