Data Protection and Privacy Policy

This “Privacy Policy” describes the privacy practices of Cybercrime Support Network (“CSN”, “we”, “us”, or “our”) in connection with the Cyber Reporting and Information Sharing System available at (the “Site”). This Privacy Policy also describes the rights and choices available to individuals with respect to their information.

Table of Contents

  • Personal Information We May Collect
  • How We Use Your Personal Information
  • How We Share Personal Information
  • Your Choices
  • Third-Party Sites and Services
  • Security Practices
  • Changes to this Privacy Policy
  • How to Contact Us

Personal Information We May Collect

Information you provide to us. We collect personal information you provide to us through the Site. This includes information you may provide when reporting a cyber incident such as first and last names, age range, email and mailing addresses, contact information, certain financial information, and other information relating to the cyber incident you are reporting.

Information we obtain from other third parties. We may receive personal information about you from third-party sources. For example, a business partner may share your contact information with us if you have expressed interest in learning specifically about our services, or the types of products or services we offer. We may obtain your personal information from other third parties, such as publicly available sources and data providers.

Cookies and Other Information Collected by Automated Means. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the Site, including but not limited, your computer or mobile device operating system type and version number, manufacturer and model, device identifier, browser type, IP address, your media access control (MAC) address, the website you visited before browsing to our website, general location information such as city, state or geographic area; information about your use of and actions on the Site, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access; and other personal information. Our service providers and business partners may collect this type of information over time and across third-party websites and mobile applications.

On our webpages, this information is collected using cookies, browser web storage (also known as locally stored objects, or “LSOs”), web beacons, and similar technologies.

A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. Browser web storage, or LSOs, are used for similar purposes as cookies. Browser web storage enables the storage of a larger amount of data than cookies. A “web beacon,” also known as a pixel tag or clear GIF, is typically used to demonstrate that a webpage was accessed or that certain content was viewed, typically to compile statistics about usage of our webpages.

Web browsers may offer users of our website the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly.

How We Use Your Personal Information

We use your personal information for the following purposes:

To operate the Site. We use your personal information to:

  • provide, operate, and improve the Site and services;
  • provide information about our services;
  • communicate with you about the Site, including by sending you, updates, security alerts, and support and administrative messages;
  • provide support and maintenance for the Site;
  • to respond to your requests, questions, and feedback.

For research and development. We analyze use of the Site to improve the Site and services, and to develop new services, including:

  • by studying user demographics;
  • creating summaries for purposes of public reporting; and
  • for statistical analysis (e.g. to identify trends such as high-volume and emerging threats) and testing purposes.

To comply with law. We use your personal information as we believe necessary or appropriate to comply with:

  • applicable laws;
  • lawful requests; and
  • legal process, such as to respond to subpoenas or requests from government authorities or others.

For compliance, fraud prevention, and safety. We may use your personal information and disclose it to:

  • law enforcement;
  • government authorities; and
  • private parties as we believe necessary or appropriate to:
    • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
    • enforce the terms and conditions that govern the Site and our services; and
    • protect, investigate, and deter against fraudulent, harmful, unauthorized, unethical, or illegal activity.

With your consent. In some cases, we may specifically ask for your consent to:

  • collect, use, or share your personal information, such as when required by law.

To create anonymous, aggregated or de-identified data. We may:

  • create anonymous, aggregated, or de-identified data from your personal information and other individuals whose personal information we collect; Once we anonymize, aggregate, or de-identify your personal information, it will not be considered as personal information for purposes of this privacy policy unless later linked to your personal information.
  • make personal information into anonymous, aggregated, or de-identified data by removing information that makes the data no longer personally identifiable to you;
  • may use this anonymous, aggregated, or de-identified data and share it with third parties for lawful purposes, including to analyze and improve the Site and our services, and promote our organization and cybersecurity awareness (e.g. building cybersecurity education and awareness resources).

How We Share Personal Information

We do not share your personal information with third parties without your consent, except in the following circumstances or as described in this Privacy Policy:

Law Enforcement: We may share your personal information with law enforcement agencies, including:

  • Federal agencies, such as the Federal Bureau of Investigation Crime Complaint Center (IC3), Federal Trade Commission (FTC), Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA); and
  • Various non-federal law enforcement agencies, including state, local, tribal, and territorial (SLTT) law enforcement.
  • Law enforcement may use any information disclosed for their own internal purposes and may redisclose the information to other federal, state, local, or international law enforcement or regulatory agencies for possible investigations.

Service Providers: We may share your personal information with:

  • Third party companies, organizations, or individuals that provide services on our behalf or help us operate the Site (such as customer support, hosting, analytics, email delivery, and database management services). These third parties may use your personal information only as directed or authorized by us and are prohibited from using or disclosing your information for any other purpose.

Professional advisors. We may disclose your personal information to professional advisors, such as:

  • lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services they render to us.

For compliance, fraud prevention, and safety. We may share your personal information for:

  • compliance, fraud prevention, and safety purposes.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including:

  • your personal information, in connection with a business transaction (or potential business transaction) such as a divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Your Choices

In this section, we describe the rights and choices available to all users.

Cookies & Browser Web Storage. We may allow service providers and other third parties to use cookies and similar technologies to track your browsing activity over time and across the Site and third-party websites.

  • Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings.
  • Please note that if you set your browser to disable cookies, the websites may not work properly.
  • Similarly, your browser settings may allow you to clear your browser web storage.
  • For additional information on our handling of Cookies and Browser Web Storage, please see CSN’s Cookie Notification page.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit

Third-Party Sites and Services

This Site may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third-party websites, mobile applications or online services, and we are not responsible for their actions. Other websites, mobile applications and services follow different rules regarding the collection, use, and sharing of your personal information. We encourage you to read the privacy policies of the other websites, mobile applications, and online services you use.

Security Practices

We employ reasonable organizational, technical, and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Site. We may, and if required by law will, also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through the Site.

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on the Site (or as otherwise indicated at the time of posting). In all cases, your continued use of the Site after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy. If you do not accept this Privacy Policy, you must discontinue use of the Site immediately.

How to Contact Us

Please direct any questions or comments about this Policy or privacy practices to: You may also write to us via postal mail at:

Cybercrime Support Network
Attn: Privacy Inquiry
2232 S. Main St. #422
Ann Arbor, MI 48103