Skip to main content

Privacy Policy

Effective Date: March 2026 · Last Updated: March 2026

Who This Applies To

This Privacy Policy applies to the personal website operated by Ugo Eze ("I," "me," or "my"), located at ugoeze.com (the "Site"). This is a personal, non-commercial website maintained by an individual. It is not operated by a business entity, corporation, or commercial organization.

By visiting the Site or submitting your email address to download the NIST 800-53 Common Controls Catalog (the "Catalog"), you acknowledge that you have read and understood this policy.

What Information I Collect

Information You Provide Directly

The only personal information I collect is your email address, and only when you voluntarily submit it through the download form to receive the Catalog. I do not collect your name, organization, job title, phone number, or any other identifying information unless you contact me directly via email.

If you contact me by email, I will have access to your email address and the contents of your message.

Information Collected Automatically

When you visit the Site, certain information may be collected automatically through privacy-respecting web analytics (Umami), including:

  • Pages visited and time spent on those pages
  • Referring URL (the page you came from)
  • Browser type and screen size
  • Country of origin

Umami is a privacy-focused, self-hosted analytics tool. It does not use cookies, does not collect personal data, and does not track individual visitors. All analytics data is aggregated.

How I Use Your Information

Your email address is used exclusively for the following purposes:

  1. To deliver the Catalog. When you submit your email address, an automated email is sent containing a download link for the NIST 800-53 Common Controls Catalog.
  2. To notify you of updates. If you remain subscribed, I may send occasional emails when new versions of the Catalog are released or when significant updates to framework mappings are made.

I do not use your email address for advertising, promotional campaigns, sponsored content, or any purpose unrelated to the Catalog.

Legal Basis for Processing (GDPR)

If you are located in the European Union or United Kingdom, I process your email address on the legal basis of consent — specifically, the affirmative act of submitting your email address through the form on the Site, accompanied by clear notice of how it will be used. You may withdraw this consent at any time by unsubscribing or contacting me directly.

How Your Information Is Stored and Processed

Email collection and delivery is handled through Kit (kit.com), an email marketing platform. Under applicable data protection law (including GDPR), I am the data controller and Kit is the data processor.

When you submit your email address, it is transmitted to and stored on Kit's servers. Kit's own privacy policy governs their security and data handling practices and is available at kit.com/privacy.

I do not maintain a separate email database outside of Kit.

Data Retention

I retain your email address for as long as you remain subscribed. If you unsubscribe, Kit will process the removal and your email address will no longer be used for communications. If you request deletion of your data, I will action that request promptly — typically within 10 business days.

Data Breach Notification

In the event of a data breach affecting your personal information, I will:

  • Notify affected subscribers as promptly as is reasonably practicable
  • For EU/UK users: notify the relevant supervisory authority within 72 hours where required by GDPR
  • Provide information about what occurred, what data was affected, and what steps are being taken

Cookies

This Site does not use cookies. Analytics are provided by Umami, which is cookieless and privacy-respecting.

Who I Share Your Information With

I do not sell, rent, trade, or otherwise transfer your email address to third parties, except:

  • Kit (email platform): Your email address is stored and processed by Kit to deliver the Catalog and update notifications.
  • Legal requirements: I may disclose your information if required by law, subpoena, or other legal process.

No other sharing occurs. I do not sell personal data.

Your Rights and Choices

  • Unsubscribe at any time. Every email includes an unsubscribe link.
  • Request deletion. Contact me at info@ugoeze.com to request deletion. I will process requests within 10 business days.
  • Access your information. Contact me to find out what information I hold about you.
  • Correction. If you believe your information is inaccurate, contact me and I will correct it.

California Residents

Under CalOPPA, I disclose how I respond to "Do Not Track" signals: I do not track users across third-party websites. Under CCPA/CPRA, I voluntarily extend the rights to know, request deletion, and confirm that I do not sell personal data to all California residents.

EU and UK Residents

Under GDPR and UK GDPR, you have the right to access, rectification, erasure, restriction, portability, and to withdraw consent at any time. Contact me at info@ugoeze.com. I will respond within 45 days.

Children's Privacy

The Site is not directed at children under the age of 13. I do not knowingly collect personal information from children under 13.

Changes to This Policy

I may update this Privacy Policy from time to time. When I do, I will update the "Last Updated" date at the top of this page. Continued use of the Site after changes are posted constitutes acceptance of the updated policy.

Contact

For any questions about this Privacy Policy or to exercise any of your rights:

info@ugoeze.com