Navigating CMMC and FedRAMP Together: From Assessment-Ready to Authorized | July 22nd

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Governance
AI Governance
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Privacy Policy

This Privacy Policy was last updated on July 2, 2026

To see the prior version, click here.

Introduction

Schellman Compliance, LLC and its subsidiaries, divisions, affiliates, and related entities ("we," "us," or "Schellman") recognize the importance of protecting the privacy of your personal information and want you to be familiar with how we collect, use, and disclose personal information in connection with our business.

This privacy notice (the "Notice") applies to personal information we process about: (I) visitors to and users of our website, mobile website, mobile apps, software, and other online services, (collectively, the "Service"); (ii) individuals who contact us or whom we contact in connection with our services, including through email, social media, or other channels; and (iii) professionals and business contacts whose information we obtain from publicly available or third-party sources in connection with our marketing and business development activities — regardless of whether such individuals have previously visited our website or engaged with us directly. To the extent you have not interacted with our Service directly, we process your information on the basis of our legitimate interest in identifying and reaching out to professionals at their business contacts who may benefit from Schellman's services, as further described in this Notice.

This Notice does not apply to Schellman's privacy practices with respect to employees and applicants; for that information, please see our Employee and Candidate Privacy Notice.

Your engagement or use of the Service is conditioned on your agreement with this Privacy Notice.  Please read this Notice and our Terms of Use carefully before using our Service or making any transaction, order, or purchase, as they contain important information on who we are and how and why we collect, store, use, and share your personal information. This Notice also explains your rights in relation to your personal information and how to contact us or relevant data protection authorities in the event you have a complaint.

By making any transaction, order, or purchase or by visiting or otherwise using the Service in any manner, you acknowledge and accept without limitation or qualification, that you have read and understood the Notice and Terms of Use and you agree to be bound by them.  This acceptance mechanism applies to your use of the Service; where we process your information under the legitimate interest basis described above without any direct interaction from you, your rights and our obligations are governed by the applicable sections of this Notice rather than by your use of the Service.

This Notice is written in the English language. We do not guarantee the accuracy of any translated versions of this Notice. To the extent any translated versions of this Notice conflict with the English language version, the English language version of this Notice shall control.

If you have any questions or comments about the Notice or our privacy practices, please contact us by email at privacy@schellman.com.

Collection of Personal Information

Information you provide to use 
Schellman will collect personal information from you directly when you interact with our Service, contact us for any reason, use our services, create an account, subscribe to any service including our blog, share reviews, sign up to receive offers or emails from us, join our mailing list, submit resumes or work history, or retain our services.

Information we obtain indirectly
We may receive personal information about you from information provided to us by our customers, as well as third-party affiliates or partners and from marketing companies that provide us with such information as a part of their relationship with us.

We also collect and process certain personal information—specifically, professional names and business contact information (such as job title, employer name, and business email address)—sourced from publicly available professional sources, including company websites, LinkedIn, and business directories. We process this information on the basis of our legitimate interest in identifying and reaching out to professionals and organizations that may benefit from our services. We collect only the minimum information necessary for this purpose and process it only to the extent required to offer our services. If you do not wish for us to process your information in this manner, you may opt out at any time by contacting us at privacy@schellman.com.

We may combine this with information that we already have collected about you. Such collected information could include contact details (such as email address) and previous purchase history or interests.

Information we obtain automatically 
When you use our Service, we collect certain information about you automatically through our use of cookies (more information about our use of cookies follows later in this Notice) and similar technologies such as standard internet log information and usage information, including your IP address, browser type and language, access times, location, usage data, and referring website addresses.

Categories of Personal Information Collected and Purpose for Collection

We collect the following categories of personal information: (1) contact information including your name, email address, street address, city, state, zip code; (2) professional and business contact information, including job title, employer name, and business email address, which may be collected from publicly available professional sources (such as company websites, LinkedIn, and business directories) based on our legitimate interest in offering our services; (3) authentication information, including the username and password that you use to register an account; (4) comments, reviews, suggestions; (5) personal preferences including service preferences, online preferences, and interests; (6) online behavior information including online activity, preferences, and time spent viewing features; and (7) IP address or mobile network information.

Schellman takes commercially reasonable measures to ensure we only collect and process the minimum amount of personal information from you that is necessary to conduct our business, provide you with web-based and mobile applications, communicate with you, provide customer support, verify user identities, provide you with information on our services and content, maintain and improve our website, and comply with legal requirements.

We retain personal information as described in the Retention section below, subject to your rights under applicable law.

Use and Disclosure of Personal Information

Schellman may store and use your personally identifiable information for the following purposes:

  • Product or service fulfillment (including performing services for our customers);
  • Marketing, promotional, and advertising purposes, such as to inform you of products or services available from us;
  • Identifying and reaching out to prospective clients based on legitimate business interest;
  • Internal operations, such as improving your customer experience – this includes auditing current interactions and optimizing user experience;
  • Detecting security incidents, protecting against malicious, deceptive activity, and taking all necessary and appropriate steps to mitigate current and future risk;
  • Debugging and repairing internal information technology as necessary;
  • Undertaking internal research for technological development and demonstration; and
  • To share with trusted third-party service providers to help us perform activities to improve your customer experience with your consent.

Schellman does not trade, rent, or sell your personal information to third parties. We do use cookies and similar technologies that may result in certain identifiers and online activity information (such as IP address, cookie identifiers, and browsing interactions with our website) being made available to third-party advertising and analytics partners for purposes that may constitute "sharing" for cross-context behavioral advertising under applicable law. You can control this sharing through our cookie banner, which allows you to opt out of non-essential cookies, including those used for advertising purposes. We also honor the Global Privacy Control (GPC) and will treat a GPC signal detected from your browser as a valid request to opt out of this sharing for that browser and device.

Schellman does not process personal information for targeted advertising.  We may use automated tools to evaluate business contact information (such as job, company, and engagement with our marketing) to help identify prospective clients who may benefit from our services.   This does not involve automated decision-making that produces legal or similarly significant effects concerning you, and you retain the rights described in this Notice with respect to any such processing.

We may share or disclose your personal information for the following limited purposes:

  • With third party service providers who perform services and functions on our behalf to support our interactions with you. These service providers may assist with technical operation of and administrative and maintenance purposes related to our Service, provide analytics, process orders, transactions and payments, provide customer service, and deliver gifts and other items to you as a gesture of goodwill and appreciation. We may also share non-identifying information, such as aggregate statistics or usage information, with third parties to demonstrate how Schellman is used, spot industry trends, or provide marketing materials for Schellman. Any aggregated information shared in this way will not contain any personal information, and Schellman is not limited in its use of aggregate information that does not permit direct association with any specific individual, such as the number of users of our services and the geographic distribution of our users. Third parties with access to your personal information are prohibited from using your personal information beyond what is necessary to assist or provide services to us, and they are required to maintain the information’s confidentiality and adhere to privacy, security, and legal obligations in a way that is consistent with this Notice and any applicable law.
  • As required by applicable law, statute, rule, regulation or professional standard, or through subpoena, search warrant or other legal process. Schellman cooperates with government and law enforcement officials and private parties to enforce and comply with the law. Accordingly, we may disclose any information about you to government or law enforcement officials or private parties as Schellman, in its sole discretion, believes necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of Schellman, a user of the Service, or a third party, to protect the safety of the public or any person, to take emergency action, or to prevent or stop activity Schellman considers to be or to have the potential to be, illegal, unethical, or legally actionable. In addition, Schellman may disclose information about you to counter or prevent any malicious access or use of the Service or to prevent harm or loss to any user of the Service.
  • For regulatory compliance purposes, to the extent permitted or required by applicable law.
  • When explicitly requested or consented to by you (e.g., to deliver publications or reference materials that you request). If you agree to have your personal information shared with a third party, your personal information will be disclosed to the third party and will be subject to the privacy notice and business practices of that third party. To the extent that we obtain your consent to process your personal information, you may withdraw this consent at any time by emailing us at: privacy@schellman.com.
  • In the event we sell our business or control of our business changes. Schellman may provide your personal information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Schellman’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information maintained by the Service is among the assets transferred. In such a case, unless prohibited by applicable law, your information would remain subject to the privacy notice applicable at the time of such transfer, unless you discontinue use of our Service.

Children’s Privacy: No Users Under Eighteen Years of Age

Schellman’s Services are not targeted for use by children. Schellman will never knowingly request or collect personal information from any child. If you are under eighteen years old, please do not provide your information through our Service. Upon notification that a child has provided us with personal information, we will delete the child’s personal information from our records. If you believe we might have any information from a child, please contact us at privacy@schellman.com.

In addition, if you are a California resident under the age of eighteen, while we do not allow users under the age of eighteen and you should notify us so we may delete your information, specifically, you may request us to remove content or information posted on our websites or stored on our servers by (a) submitting a request in writing to privacy@schellman.com, and (b) clearly identifying the content or information you wish to have removed and providing sufficient information to allow us to locate the content or information to be removed. However, please note that we are not required to erase or otherwise eliminate content or information if (i) other state or federal laws require us or a third party to maintain the content or information; (ii) the content or information was posted, stored, or republished by another user; (iii) the content or information is anonymized so that the minor cannot be individually identified; (iv) the minor does not follow the instructions posted herein on how to request removal of such content or information; or (v) the minor has received compensation or other consideration for providing the content. Further, nothing in this provision shall be construed to limit the authority of a law enforcement agency to obtain such content or information.

Security

The security and confidentiality of your personal information is important to us. If you choose to provide us with your personal information, you understand that we are transferring it to Schellman’s locations and systems in the United States or to the locations and systems of Schellman’s service providers around the world. We follow reasonable commercial standards for organizational, technical, and administrative measures to protect the personal information submitted to us, both during transmission and once it is received, to prevent the loss, misuse, and alteration of the information under its control.

Please be advised, however, that while we take reasonable security measures to protect your personal information, such measures cannot be guaranteed to be secure. We cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your personal information. Thus, Schellman disclaims liability for loss, misuse, and alteration of your information under its control to the maximum extent permitted under law, and by using the Service, you agree to assume any security risk related to personal information.

The security of your account relies on your protection of your user profile information. You are responsible for maintaining the security of your user profile information, including your password and for all activities that occur under your account. You may not share your password with anyone.

We will never ask you to send your password or other sensitive information to us in an email, though we may ask you to enter this type of information to login to your account. Any email or other communication purporting to be from one of our websites requesting your password or asking you to provide sensitive account information via email, should be treated as unauthorized and suspicious and should be reported to us immediately. If you believe someone else has obtained access to your password, please change it immediately.

If you believe any personal information you have submitted to us is unsecure or that someone has accessed your account, or become aware of any other security violations, please notify us immediately at privacy@schellman.com.

Cookies, Pixel Tags, and Other Technologies

We use cookies provided by third-party service providers to assist us in better understanding our website visitors. These cookies generally collect data tied to a user's IP address, such as the length of time a user spends on a page, the pages a user visits, and the websites a user visits before and after visiting the Site. You may block non-necessary cookies using most internet browsers.  In addition, you may elect to block certain cookies via the cookie banner on Schellman’s website.

Linked Sites

The Service may link to third party owned or operated websites including, but not limited to social media websites (each a “Linked Site”), as a convenient method of accessing information that may be useful or of interest to you.  This Privacy Notice and the practices we follow do not apply to these Linked Sites.

When you click on a link to a Linked Site, you will leave our Service and go to that Linked Site, and another entity may collect personal information or anonymous data from you. We have no control over, do not review, and cannot be responsible for, these Linked Sites or their content. The terms of this Notice do not apply to these Linked Sites or their content, or to any collection of your personal information by third parties through the Linked Sites, and Schellman is not responsible for the privacy practices or the content of such Linked Sites. Schellman expressly disclaims any liability that may arise from your use or provision of any of your information whatsoever to Linked Sites. You understand and agree that by clicking on a link to a Linked Site that you have left our Service.

User Contributions

Some features of the Service may now or in the future allow you to provide content, such as written comments or reviews or interactive responses, to be published or displayed on public areas of the Service (“User Contributions”). Be careful about giving out information in public areas of the Service. The information you share in public areas may be viewed by any user of the Service. We cannot control the actions of other users of the Service with whom you may choose to share your User Contributions.

Unsubscribe

If you no longer wish to receive emails from us, you may opt-out of receiving such emails by following the unsubscribe instructions contained in any such email or by contacting us at privacy@schellman.com with the subject “unsubscribe.”

Special Notice for California Residents

Special Notice for Other U.S. State Residents

Your Rights

To the extent required by applicable law in your state, you may have the following rights with respect to personal data we hold about you:

  • Right to Access. You may request to confirm whether we are processing your personal data and to obtain a copy of the personal data we have collected about you, including what it is, how it has been used, and to whom it has been disclosed.
  • Right to Correct. You may request that we correct inaccuracies in the personal data we hold about you, taking into account the nature of the data and the purposes of processing. Not all states confer this right (for example, Iowa and Nevada do not); however, we will endeavor to correct inaccurate information in all cases where it is reasonably possible to do so.
  • Right to Delete. You may request that we delete the personal data we have collected from or about you. We will honor such requests to the extent required by applicable law, unless retention is required to deliver the services you have requested, to comply with a legal, regulatory, or accreditation obligation, or for other lawful purposes.
  • Right to Data Portability. Where required by applicable law, you may request that we provide a copy of your personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller.
  • Right to Opt-Out. You may submit a request to opt out of: (i) the sale of your personal data; (ii) the processing of your personal data for targeted advertising; and (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. We do not sell personal data for monetary consideration. We do use cookies and similar technologies that may result in certain information — such as IP address, cookie identifiers, and browsing activity — being shared with third-party advertising and analytics partners, which may constitute a sale or the processing of personal data for targeted advertising under some states' laws. You can opt out of this through our cookie banner, described in the Cookies section of this Notice. We do not use personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you
  • Right Regarding Sensitive Personal Information. We do not collect, use, or disclose sensitive personal information as that term is defined under applicable state law. However, if you believe that we may have collected sensitive personal information about you, you may withdraw your consent to, or request that we limit, its use or disclosure by contacting us.
  • Right Regarding Automated Decision-Making. We do not currently engage in automated decision-making or profiling that produces legal or similarly significant effects. In states where this right exists (such as Minnesota, which grants an additional right to receive a meaningful explanation of any such decision), we will honor it if our practices change.

State-Specific Processing Obligations

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit.

How to Exercise Your Rights

To submit a request, contact Schellman at privacy@schellman.com or call us toll-free at 1-866-254-0000. You must provide us with enough information to identify you (e.g., your first and last name, email address, and telephone number) and enough specificity on the requested data. We will only use the information we receive to respond to your request. We will not be able to fulfill your request unless we can verify that the person making the request is the person about whom we collected information, or someone authorized to act on such person’s behalf. If your request is submitted by an authorized agent, we will require you to provide signed, written permission for such agent to act on your behalf.

Non-Discrimination

We will not discriminate against you for exercising any of the rights described in this section. We will not deny goods or services to you, charge you different prices or rates, or provide a different level of quality of goods or services as a result of you exercising your privacy rights.

Appeals

If we decline to take action on your request, we will inform you of our decision and the reason for it. Where required by applicable law, you may appeal our decision by contacting us within 30 days of receiving our response, explaining why you believe further action should be taken. If you remain unsatisfied following an appeal, you may contact or file a complaint with your state Attorney General’s office.

Retention

We retain personal data for the period that is necessary for the purposes for which it was collected, as set out in this Notice, or as required by applicable law, professional standards, or accreditation obligations. The appropriate retention period depends on the nature of the data, the purpose for which it was collected, and any legal or regulatory obligations that require us to keep it for a minimum period. When personal data is no longer needed, we securely delete or anonymize it.

Changes to Our Privacy Notice

We reserve the right to change or modify this Privacy Notice or our Service at any time by publishing an updated version here, and any changes are effective upon being posted unless we advise otherwise. 

We encourage you to frequently review this website for the latest information on our privacy practices. Use of information we collect now is subject to the Privacy Notice in effect at the time such information is used. You are bound by any changes to our Privacy Notice once you use the Service after such changes have been posted. Please review the “Last Updated” legend at the top of this page to see when this Privacy Notice was last revised. If you do not accept the terms of our Privacy Notice, we ask that you do not register with us and that you do not use our Service. Please exit the Schellman Service immediately if you do not agree to the terms of this Privacy Notice.

Contact Us

We welcome your questions and comments about privacy. If you would like to reach us, please email us at privacy@schellman.com or call us toll-free at 1-866-254-0000.

Talk to a Practice Leader