APT Intelligence Directory
Institute for Critical Infrastructure Cybersecurity
ICIC

Privacy Policy

Last updated: April 2026

Introduction

The Institute for Critical Infrastructure Cybersecurity (ICIC) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our APT Intelligence Directory website and use our services.

Information We Collect

We collect information necessary to fulfill our research mission and communicate with stakeholders. The specific information collected depends on how you interact with our website:

Contact Form Submissions

When you submit a contact form, we collect:

  • Full name
  • Email address
  • Organization name (optional)
  • Inquiry type and message content

Grant Application Submissions

When you apply for grant access to our research, we collect:

  • Full name and contact information
  • Organization details and credentials
  • Intended use of research materials
  • Professional background and qualifications

Automatic Information Collection

When you visit our website, we automatically collect certain information:

  • IP address and browser type
  • Pages visited and time spent on each page
  • Referring website URL
  • Device information (operating system, screen resolution)
  • Cookies and similar tracking technologies

How We Use Information

Information collected is used for the following specific purposes:

  • Responding to Inquiries: Answer questions and provide information about ICIC research and services
  • Processing Grant Applications: Evaluate applications, verify credentials, and provide approved threat intelligence access
  • Improving Website Functionality: Enhance user experience, fix technical issues, and optimize website performance
  • Communication: Send relevant information about ICIC research, publications, and services
  • Legal Compliance: Comply with legal obligations, prevent fraud, and enforce our terms
  • Analytics: Understand how users interact with our Platform to improve content and services

Data Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction:

  • HTTPS encryption for all data transmission
  • Encryption at rest for stored data
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Data processing agreements with third-party processors

While we strive to protect your personal information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but continually work to maintain appropriate safeguards.

Your Rights

You have the following rights regarding your personal information:

  • Right to Access: Request access to the personal information we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete personal information
  • Right to Erasure: Request deletion of your personal information (subject to legal retention requirements)
  • Right to Data Portability: Request transfer of your personal information in a machine-readable format
  • Right to Object: Object to processing of your personal information for certain purposes
  • Right to Withdraw Consent: Where processing is based on consent, withdraw consent at any time

To exercise these rights, please visit our Contact Us page.

Third-Party Sharing

We do not sell, rent, or share personal information with third parties for marketing purposes. We may share information with:

  • Service providers who assist in operating our website and services (subject to confidentiality agreements)
  • Law enforcement or government agencies when required by law
  • Other parties with your explicit consent

Cookies and Tracking

Our website uses cookies and similar tracking technologies to enhance your experience. For detailed information about cookies, please see our Cookie Policy.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Contact form submissions are retained for one year, grant applications for three years, and automatic website data for up to 90 days.

International Data Transfers

Your information may be transferred to, stored in, and processed in the United States or other countries. By using our Platform, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection rules.

Children's Privacy

Our Platform is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete such information and terminate the child's account.

Policy Changes

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Platform following the posting of revised terms means that you accept and agree to the changes.

Contact Information

For questions regarding this Privacy Policy or our privacy practices, please visit our Contact Us page.

© 2026 Institute for Critical Infrastructure Cybersecurity. All rights reserved.