Privacy Policy
Last updated: June 13, 2026
Cincra is not a C3PAO. This platform automates CMMC readiness, evidence collection, and audit preparation. It does not issue CMMC certifications and does not bind any C3PAO assessment outcome. Attestations generated here reflect the authoring auditor's professional opinion only.
1. What we collect
Account data (email, name, organization), assessment responses, uploaded evidence files, and audit-log activity required to operate the platform.
2. How we use it
Solely to deliver CMMC readiness automation, generate deliverables you request, and produce tamper-evident audit logs scoped to your organization.
3. Storage and retention
Customer content is stored in U.S.-region infrastructure. Cincra is a pilot environment and is not currently authorized for actual CUI. Do not upload real Controlled Unclassified Information. Account data is retained for the life of the subscription plus 90 days.
4. Sharing
Auditor sub-processors only receive scope you explicitly grant via time-boxed engagement tokens. We never sell personal data.
5. Your rights
Email privacy@cincra.com to access, export, or delete your data.
6. Contact
Cincra · privacy@cincra.com