A CSFI cyber threat intelligence analyst monitoring systems
CSFI CTI Internship

Privacy Notice

Version 1.0 · Effective 30 January 2026
1Privacy2Application3Review

The Cyber Security Forum Initiative (CSFI) respects your privacy and is committed to protecting personal data in a responsible, transparent, and proportionate manner. This notice explains how CSFI collects, uses, stores, and protects data.

Who we are

CSFI is a non-profit organization headquartered in the United States, focused on cybersecurity education, workforce development, and research. CSFI maintains a limited operational presence in the European Union for paid employees only. Volunteer and internship programs are administered from the United States.

What personal data we collect

CSFI collects only personal data necessary to operate its programs and communications, which may include your name, email address, educational background, resume or CV, application responses, and communications sent to CSFI. CSFI does not collect dates of birth, government issued identification numbers, financial information, or sensitive personal data unless explicitly required and disclosed.

Purpose of collection

Personal data is collected and processed solely for legitimate organizational purposes, including program administration, applicant and participant review, communications, coordination, recordkeeping, and reporting.

Legal basis for processing

Where applicable, CSFI processes personal data based on informed consent, legitimate organizational interest in administering non-profit programs, or legal and regulatory obligations. Application data is processed on the basis of consent; program coordination and recordkeeping on the basis of legitimate interest; and compliance related processing on the basis of legal obligation.

Processing location and international transfers

Personal data is primarily processed and stored in the United States. Wherever personal data originates, CSFI applies appropriate safeguards for international transfers, including Standard Contractual Clauses or equivalent mechanisms.

Data retention

CSFI retains personal data only for as long as necessary: application data for up to 90 days, and program participation records for the duration of the program and up to 5 years thereafter, as necessary for operational, reporting, and compliance purposes. Earlier deletion is available upon request unless retention is required by law.

Access and sharing

Access to personal data is limited to authorized CSFI personnel with a legitimate need to know. CSFI does not sell personal data and does not share it with third parties except where required to operate programs, comply with law, or ensure security. This may include service providers such as cloud storage, email delivery, and program coordination tools. CSFI does not authorize any third party to use personal data beyond the specific purpose for which it was shared.

Your data rights

Depending on your location, you may have the right to request access to your personal data, request correction of inaccurate data, request deletion, withdraw consent where applicable, request data portability, object to processing based on legitimate interests, and lodge a complaint with a relevant supervisory authority. Requests are handled within 30 days.

Security measures

CSFI implements reasonable technical and organizational safeguards, including access controls, limited data access, encryption where feasible, and secure storage practices.

Children's privacy

CSFI activities are intended for adults. Participation is limited to individuals who are 18 years of age or older. CSFI does not knowingly collect personal data from children under 13 or from minors for participation purposes, and will take reasonable steps to delete such data if discovered.

Changes to this notice

CSFI may update this notice periodically to reflect changes in practices or legal requirements. Updates will be posted with a revised date. CSFI does not use automated decision making, including profiling, in the evaluation of applications or participation in its programs.

California residents (CCPA / CPRA)

This section is provided for transparency only. CSFI is a non-profit and is generally exempt from the CCPA and CPRA. CSFI does not sell or share personal information as defined under those laws. California residents may nonetheless request access to or deletion of their personal information, and CSFI will respond to verified requests within a reasonable timeframe.

Contact

For questions, concerns, or requests related to privacy or data protection, contact [email protected].

Continue application