Privacy Policy
Last updated: February 2026
The short version
- ✅ The free assessment runs entirely in your browser — your answers never reach our servers
- ✅ We do not require your business name for the free assessment
- ✅ We do not sell your data. We never will.
- ✅ You can delete everything with one request
Who we are
CISScore (cisscore.com.au) is a cybersecurity assessment tool that helps small and medium businesses understand and improve their security posture against the CIS Controls v8.1 Implementation Group 1 framework.
Not affiliated with the Center for Internet Security®. CIS Controls® is a registered trademark of CIS.
Free tier — what we collect
Nothing identifiable. Your assessment runs entirely in your browser using localStorage. Your answers, scores, and results never leave your device. We cannot see them.
We collect anonymous, aggregated analytics (page views only) with no personal identifiers.
Paid tier — what we collect
When you purchase the policy bundle, we collect:
- Email address — provided by Stripe upon payment, for receipt and support
- Business profile — name, industry, staff count, location — to personalise your policies
- Assessment answers — sent to our server only to generate your policies, then stored encrypted
- Payment information — processed by Stripe (we never see your card details)
Policy generation
Your assessment answers are sent to a third-party content generation service to produce your policies. That service does not use your inputs for model training. Your data is not retained by that service beyond the request lifecycle.
Data retention
- Generated policies are retained for 90 days after creation, then deleted
- Purchase records retained for 7 years for tax compliance
- Email addresses deleted upon request
Your rights
Under the Australian Privacy Act 1988, you have the right to access, correct, and delete personal information we hold about you.
To exercise these rights, email privacy@cisscore.com.au
Contact
Questions? privacy@cisscore.com.au