CISO Ascent

Privacy policy

Last Updated: December 1, 2025

1. Introduction

CxO Ascent LLC ("CISO Ascent," “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information of our members, attendees, and visitors. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website cisoascent.com (the “Site”), apply for membership, register for our retreats, or otherwise engage with our nationwide community of executives.

This policy is designed to comply with applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), and the Colorado Privacy Act (CPA).

2. Information We Collect

We collect information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, with you (“Personal Information”).

A. Information You Provide to Us 

    • Identity Data: Name, job title, and professional bio.
    • Contact Data: Work email, personal email and phone number.
    • Professional Data: Company name, industry, revenue, and size; your reporting structure and professional interests.
    • Retreat & Logistics Data: Dietary restrictions, emergency contact information, apparel sizes (for gear/swag), and physical activity preferences (relevant to our outdoor retreats).
      • Note: Dietary and health-related data is considered "Sensitive Personal Information" and is collected only with your explicit consent for your safety.
    • Payment Data: Credit card details and billing address.
      • Note: We utilize third-party payment processors and do not store full credit card numbers on our systems.

B. Information Collected Automatically

  • When you visit our Site, we may automatically collect:
    • Technical Data: IP address, browser type, operating system, device identifiers.
    • Usage Data: Pages viewed, time spent on pages, clickstream data, and referring URLs.
    • Cookies & Tracking: We use cookies, pixels, and similar technologies to analyze trends and administer the Site (see Section 8).

3. How We Use Your Information

We use your Personal Information for the following business purposes:

  • Membership & Retreats: To process applications, register you for retreats, manage retreat logistics (lodging, dining, activities), and communicate retreat details.
  • Community Facilitation: To verify your eligibility as a CISO/security executive and facilitate networking among members.
  • Marketing: To send newsletters and invitations to future retreats (you may opt-out at any time).
  • Improvement: To analyze Site usage and improve our services, content, and user experience.
  • Compliance: To comply with legal obligations, enforce our terms, and protect the rights and safety of our community.

4. Sharing and Disclosure of Information

We do not sell your Personal Information in the traditional sense (exchange for money). However, we may share information in ways that could be defined as a “sale” or “sharing” under certain state laws (e.g., sharing attendee lists with retreat partners).

We disclose your information to the following categories of third parties:

  • Service Providers: Trusted third parties who assist us in operating our website, conducting our business, or servicing you (e.g., retreat venues, hotels, email marketing platforms). These parties are contractually obligated to keep your information confidential.
  • Retreat Partners: We occasionally share limited professional information (Name, Title, Company) of retreat attendees with confirmed partners to facilitate professional networking. You have the right to opt-out of this sharing (see Section 6).
  • Legal Requirements: If required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights or safety.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. Any cell numbers provided by members will not be transferred.

5. Your Data Protection Rights

While specific laws vary by state, CISO Ascent extends the following core rights to all U.S. users:

  • Right to Access: Request a copy of the specific personal information we have collected about you.
  • Right to Correction: Request that we correct inaccurate or incomplete personal information.
  • Right to Deletion: Request that we delete your personal information, subject to certain legal exceptions (e.g., tax records).
  • Right to Opt-Out: You may opt-out of marketing emails via the "unsubscribe" link in any email.

6. State-Specific Rights (California, Virginia, Colorado, etc.)

Residents of certain states have enhanced rights under local laws (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA).

For California Residents (CCPA/CPRA):

  • Right to Know: You have the right to request the categories of personal information collected, sources, business purpose, and categories of third parties with whom it is shared.
  • Right to Opt-Out of Sale/Sharing: You have the right to direct us not to sell or share your personal information with third parties (e.g., partners) for cross-context behavioral advertising or other benefits.
    • To exercise this right, email [email protected] with the subject line "Do Not Sell/Share My Info".
  • Right to Limit Use of Sensitive Info: You may limit the use of sensitive data (e.g., dietary/health info) to only what is necessary for the retreat.
  • Non-Discrimination: We will not discriminate against you (e.g., deny services or charge different prices) for exercising your privacy rights.

For Virginia, Colorado, Connecticut, and Utah Residents:

You have rights similar to those above, including the right to access, correct, delete, and opt-out of the processing of personal data for targeted advertising or sale. You also have the right to appeal a refusal to take action on a request.

To exercise any of these rights, please contact us at:

  • Email: [email protected]
  • Mail: CISO Ascent, 5900 Balcones Drive Suite 100, Austin, Texas, 78731

7. Data Security and Retention

  • Security: We implement industry-standard administrative, technical, and physical security measures to protect your data, including SSL encryption, access controls, and secure vendor assessments. However, no transmission over the internet is 100% secure.
  • Retention: We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy (e.g., for the duration of your membership or as required by tax/legal obligations). When data is no longer needed, it is securely deleted or anonymized.

8. Cookies and Tracking Technologies

We use cookies to enhance your experience. You can choose to set your browser to remove or reject cookies.

  • Essential Cookies: Necessary for the Site to function.
  • Analytics Cookies: Help us understand how visitors interact with the Site (e.g., Google Analytics).
  • Global Privacy Control (GPC): We recognize valid GPC signals from your browser as a request to opt-out of the sale/sharing of your personal information.

9. Children’s Privacy

Our services are B2B and directed toward business professionals. We do not knowingly collect personal information from children under the age of 13 (or 16 depending on jurisdiction).

10. International Users

CISO Ascent is based in the United States. If you are accessing our Site from outside the U.S., please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us at [email protected].