Privacy Policy

k>fivefour (“k>fivefour,” “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and integrity of personal and professional information entrusted to us. This Privacy Policy explains how we collect, use, monitor, retain, share, and protect information obtained through our programs, platforms, applications, training environments, and related services (collectively, the “Services”).

1. Scope and Applicability

k>fivefour operates as a training, certification, and services provider.

Certain privacy laws may apply only in limited circumstances, depending on jurisdiction, relationship, and statutory thresholds.

2. Information We Collect

k>fivefour collects personal and professional information, and usage data necessary to deliver Services, issue certifications, comply with licensing obligations, and meet U.S. Government and regulatory requirements.

2.1 Personal and Professional Information Data Collected

Data Element

Mandatory / Optional

Purpose

First Name

Mandatory

Certificate issuance; identity verification and vetting

Preferred Name

Optional

Display name personalization

Last Name

Mandatory

Certificate issuance; identity verification and vetting

Rank or Title

Optional

Display name personalization

Company / Organization

Optional

Organizational reporting and audit correlation

LinkedIn Profile

Optional

Marketing and professional recognition

Email Address

Mandatory

Account creation, communications, certification and badge issuance

Additional Email Address

Optional

Separation of personal and organizational accounts

Phone Number

Mandatory

Support, identity verification, and vetting

Home Address

Mandatory

Identity verification and vetting

Shipping Address

Optional

Shipment of materials or credentials

 

2.2. Automatic Usage Data Collection and Monitoring

By accessing or using the Services, you acknowledge and consent that k>fivefour may collect data automatically and monitor usage at all times, including but not limited to:

  • Authentication and access logs
  • Usage activity and platform interactions
  • Security telemetry and audit records

Monitoring is conducted for security, operational integrity, compliance, fraud prevention, and audit purposes.

3. Purpose and Legal Basis for Processing

k>fivefour processes information for the following purposes:

  • Delivering training, labs, and educational Services
  • Issuing certificates, credentials, and badges
  • Identity verification and vetting
  • Security monitoring and fraud prevention
  • Compliance with legal, regulatory, export control, and government requirements
  • Operational communications and customer support

Processing is based on contractual necessity, legal obligation, legitimate interests, and user consent where required.

4. Data Retention

User data is retained only as long as necessary to:

  • Deliver services
  • Maintain certification validity
  • Satisfy licensing, accreditation, audit, and legal requirements

Retention periods may vary based on regulatory or contractual obligations, including those applicable to government and export-controlled environments.

5. Data Sharing and Disclosure

5.1 Authorized Sharing

User data may be shared solely with:

  • Certification and credentialing providers
  • Verified service providers supporting operations
  • Compliance, audit, or accreditation entities
  • U.S. Government authorities where legally required

All recipients are required to maintain appropriate confidentiality and security safeguards.

5.2 No Sale of Personal Data

k>fivefour does not sell personal information.

6. User Rights and Requests

Users may request:

  • Correction of inaccurate or optional data
  • Deletion of optional personal data

Mandatory data may be retained where required for:

  • Certification, credentialing, or audit purposes
  • Legal, regulatory, or contractual obligations
  • Security and fraud prevention

Requests are subject to identity verification and applicable legal limitations.

7. Export Control and Sanctions Compliance

k>fivefour complies fully with U.S. export control, re-export, trade compliance, and sanctions laws, including but not limited to:

  • International Traffic in Arms Regulations (ITAR)
  • Export Administration Regulations (EAR)

Certain Services, materials, or data may be restricted based on nationality, location, or end use.

8. Third-Party Components and Services

The Services may incorporate or interface with third-party software or platforms subject to their own licenses and privacy terms. Use of such components does not impose additional obligations on users beyond those stated in this Policy and applicable third-party terms.

9. Data Security

k>fivefour implements administrative, technical, and physical safeguards designed to protect data against unauthorized access, disclosure, alteration, or destruction. Controls are aligned with industry best practices and applicable government standards.

10. GDPR, CCPA, and CPRA Alignment (Limited Applicability)

This section applies only to the extent required by applicable law, based on jurisdiction and statutory thresholds. Nothing herein expands k>fivefour’s obligations beyond those legally required.

10.1 GDPR (EEA / UK)

Where GDPR applies, personal data is processed based on:

  • Performance of a contract
  • Legal obligations
  • Legitimate interests (e.g., security, certification integrity)
  • Consent, where required

Eligible individuals may request access, correction, deletion, restriction, portability, or objection to processing. These rights are not absolute and may be limited where processing is required for security, certification, audit, or legal compliance.

Personal data may be transferred to and processed in the United States or other jurisdictions using legally recognized safeguards where required.

10.2 CCPA and CPRA (California Residents)

Where applicable, California residents may request:

  • Disclosure of categories and purposes of data collected
  • Access to specific personal information
  • Deletion or correction of personal information, subject to legal exceptions

k>fivefour does not sell personal information or share it for cross-context behavioral advertising and does not discriminate against users for exercising applicable rights.

10.3 Service Provider / Processor Role

In many engagements, k>fivefour acts as a service provider or data processor on behalf of enterprise or government customers. In such cases, data rights requests may need to be directed to the contracting organization.

11. Verification and Limitations

To protect user data, k>fivefour may require identity verification before responding to requests. Requests that would compromise security controls, identity vetting, certification integrity, or export compliance may be lawfully restricted or denied.

12. Governing Law and Venue

This Privacy Policy is governed by the laws of the Commonwealth of Virginia, without regard to conflict-of-law principles. Any disputes shall be subject to the exclusive jurisdiction of courts located in Fairfax County, Virginia or the U.S. District Court for the Eastern District of Virginia.

13. Changes to This Policy

k>fivefour may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last Updated” date.

14. Contact Information

Questions, concerns, or privacy-related requests may be submitted to:

 

k>fivefour Support
support@kfivefour.com