Privacy Policy
The Modern CTO Circle
Technology · People · Finance · Future
Effective date: May 1, 2026
Last updated: May 1, 2026
This Privacy Policy explains how The Modern CTO Circle ("TMCC," "we," "us," or "our") collects, uses, shares, and protects personal information in connection with The Modern CTO Circle, including its website, member platform, communications, and related services (collectively, the "Service").
We treat the privacy of senior technology leaders with the seriousness it deserves. This policy describes our practices in plain terms and sets out the rights available to you under applicable laws, including the EU and UK General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA").
01. Who We Are
TMCC operates The Modern CTO Circle, a selective community for senior technology executives. For the purposes of GDPR, TMCC is the "controller" of the personal data described in this policy. For the purposes of the CCPA/CPRA, TMCC is the "business" that determines the purposes and means of processing your personal information.
Contact details for privacy matters are provided at the end of this policy.
02. Information We Collect
Information you provide
When you register, subscribe to a paid tier, attend an event, or otherwise interact with us, we collect information you choose to provide, including:
- Identity and contact data — name, email address, professional title, employer, and country;
- Profile data — seniority, areas of expertise, interests, and any biographical information you submit;
- Account credentials — hashed passwords and authentication identifiers;
- Billing data — limited payment metadata required to manage paid memberships (full card details are handled directly by our payment processor and are not stored on our systems);
- Communications — messages, survey responses, event registrations, and member contributions to community discussions; and
- Preferences — newsletter and notification choices, content topic preferences, and language settings.
Information collected automatically
When you use the Service, we and our processors automatically collect:
- Device and connection data — IP address, browser type, operating system, device identifiers, and approximate location derived from IP;
- Usage data — pages and content viewed, links followed, session duration, referring URLs, and timestamps;
- Cookies and similar technologies — see Section 7 for the categories we use and how to manage them; and
- Server logs — records used for security monitoring, abuse prevention, and platform reliability.
Information from third parties
We may receive limited information about you from publicly available professional sources, from members who refer or nominate you, and from our service providers (for example, confirmation of payment status from our payments processor or delivery status from our email provider).
Sensitive information
We do not seek and ask you not to submit sensitive personal information (such as racial or ethnic origin, political opinions, religious beliefs, health, or biometric data) through the Service. If you choose to include such information in a member contribution, you acknowledge that you have made it visible voluntarily.
03. How We Use Information
We use personal information for the following purposes:
- Operating the Service — creating and maintaining your account, providing access to content and members-only areas, and delivering the features you request;
- Membership administration — reviewing applications, managing tier upgrades and renewals, and sending account, billing, and security notices;
- Editorial and community communications — sending newsletters, briefings, event invitations, and other communications consistent with your preferences;
- Personalization — tailoring content recommendations and surfacing relevant discussions based on your stated interests;
- Analytics and improvement — understanding how the Service is used so we can improve content quality, navigation, and reliability;
- Security and abuse prevention — detecting, investigating, and responding to fraud, unauthorized access, and violations of our Terms of Service;
- Legal and compliance — meeting our obligations under applicable law, responding to lawful requests, and enforcing our agreements; and
- Aggregated insights — producing de-identified or aggregated statistics that do not identify you and that we may publish or share.
Use of member contributions to improve the Service
We may use member contributions and other content from the Service to improve the platform, including to develop, train, and evaluate machine learning and artificial intelligence features that power search, recommendations, content personalization, and similar capabilities offered as part of the Service.
Where we use member contributions for these purposes, we do so in de-identified form — that is, with direct identifiers (such as your name, email address, and account ID) removed — so that the resulting models are trained on the substance of the discussion rather than on the identity of any individual member.
We do not:
- Share member contributions with third parties for the purpose of training their generative AI or machine learning models;
- License member contributions as training data; or
- Use member contributions to train models intended for use outside the Service.
04. Legal Bases for Processing
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following legal bases under the GDPR:
- Performance of a contract — providing the Service to you, administering your membership, and processing payments for paid tiers;
- Legitimate interests — operating, securing, and improving the Service, communicating with members about relevant editorial content, preventing fraud and abuse, and maintaining the integrity of the community, where these interests are not overridden by your rights;
- Consent — sending optional marketing communications, setting non-essential cookies, and any other processing for which we ask your consent (you may withdraw consent at any time without affecting prior lawful processing); and
- Compliance with legal obligations — meeting tax, accounting, and regulatory requirements, and responding to lawful requests from authorities.
05. How We Share Information
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.
We share personal information only as follows:
Service providers (processors)
We rely on a small set of vetted providers to operate the Service. They process personal data only on our instructions, under written agreements that include confidentiality and security obligations:
| PROVIDER | PURPOSE | REGION |
|---|---|---|
| Hosting provider | Website and platform hosting; delivery of pages and assets via global edge network. | United States; global edge |
| Authentication and database | User authentication, member account database, and content storage. | United States / EU (region-dependent) |
| Payments processor | Payment processing for paid membership tiers, billing, and tax handling. We do not store full card numbers. | United States; global |
| Email provider | Transactional and editorial email delivery (account, billing, newsletters, event communications). | United States / EU |
| Analytics provider | Website and platform analytics to understand engagement and improve content. | United States / EU |
This list is current as of the effective date and may be updated from time to time. The categories of providers — hosting, authentication and database, payments, email delivery, and analytics — will remain consistent.
Other members
Limited profile information you choose to make visible (such as your name, employer, and stated areas of expertise) may be shown to other members within the platform. Member contributions to community discussions are visible to other members under the confidentiality obligations described in our Terms of Service.
Legal, safety, and corporate transactions
We may disclose personal information when we believe in good faith that disclosure is necessary to comply with applicable law, respond to a valid legal request, enforce our Terms of Service, protect the rights, property, or safety of TMCC, our members, or others, or in connection with a merger, acquisition, financing, or sale of assets (in which case the recipient will be bound to honor commitments at least as protective as those in this policy).
06. International Transfers
TMCC operates from the United States, and our service providers may process personal data in the United States, the European Union, the United Kingdom, and other jurisdictions. Where personal data is transferred from the EEA, the United Kingdom, or Switzerland to a country that has not been recognized as providing an adequate level of protection, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (and the UK Addendum or Swiss equivalents where applicable), together with supplementary measures where needed.
You may request a copy of the safeguards in place for a specific transfer by contacting us at legal@modernctocircle.com.
07. Cookies and Similar Technologies
We use cookies and similar technologies (such as local storage and pixels in our emails) to operate the Service, remember your preferences, and understand engagement. The categories below describe how we use them:
| CATEGORY | PURPOSE | BASIS |
|---|---|---|
| Strictly necessary | Authentication, session management, security, and core platform functionality. | Required (no consent needed) |
| Preferences | Remembering settings such as language or display preferences. | Consent (where required) |
| Analytics | Aggregate usage measurement and content performance. | Consent (where required) |
| Marketing | Measuring the effectiveness of campaigns and outreach. We do not run third-party advertising on the Service. | Consent |
Where required by law, we will ask for your consent before setting non-essential cookies through a consent banner, and you may change your choices at any time through the cookie preferences control on the Service. You can also manage cookies through your browser settings; blocking strictly necessary cookies may prevent the Service from working properly.
08. Data Retention
We keep personal information only for as long as necessary to fulfill the purposes for which it was collected, including to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.
- Account and profile data — retained while your membership is active and for a reasonable period afterward to support reactivation, fraud prevention, and recordkeeping;
- Billing and tax records — retained for the period required by applicable tax and accounting law (typically up to seven years);
- Communications and member contributions — retained while relevant to community continuity, with options to remove or anonymize on request;
- Server logs and security data — retained for a limited period sufficient to investigate incidents and maintain platform integrity; and
- Marketing data — retained until you unsubscribe or withdraw consent, plus a short period to honor your suppression preferences.
Where retention is no longer required, we delete or de-identify personal information.
09. Your Rights
Rights available to all members
Regardless of where you live, you may:
- Access and review your account information through your member profile;
- Correct inaccurate information;
- Close your account and request deletion of your personal information, subject to limited exceptions described below; and
- Manage email and notification preferences through unsubscribe links and your account settings.
Rights under the GDPR (EEA, UK, Switzerland)
If you are located in the EEA, the United Kingdom, or Switzerland, you have the following additional rights, subject to certain conditions and exemptions:
- Right of access — to obtain confirmation of whether we process your personal data and a copy of that data;
- Right to rectification — to have inaccurate or incomplete data corrected;
- Right to erasure — to have your data deleted in defined circumstances;
- Right to restriction — to limit how we process your data;
- Right to data portability — to receive your data in a structured, commonly used, machine-readable format;
- Right to object — to object to processing based on legitimate interests, including direct marketing; and
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
You also have the right to lodge a complaint with your local data protection authority. We would, however, appreciate the opportunity to address your concerns first.
Rights under the CCPA/CPRA (California)
If you are a California resident, you have the right to:
- Know what categories of personal information we collect and the purposes for collection;
- Access the specific pieces of personal information we hold about you;
- Request deletion of your personal information, subject to legal exceptions;
- Correct inaccurate personal information;
- Opt out of the "sale" or "sharing" of personal information — we do not sell or share personal information as those terms are defined under the CCPA/CPRA, including for cross-context behavioral advertising;
- Limit the use of sensitive personal information — we do not use sensitive personal information for purposes that would trigger this right; and
- Be free from discrimination for exercising any of these rights.
You may designate an authorized agent to exercise these rights on your behalf. We will verify requests by matching information you provide against information in our records and may ask for additional verification proportionate to the sensitivity of the request.
How to exercise your rights
You can exercise most rights directly through your account settings. For other requests, contact us at legal@modernctocircle.com. We will respond within the timeframes required by applicable law (generally one month under the GDPR and forty-five days under the CCPA/CPRA, with a single extension where permitted).
10. Security
We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, restricted access controls, secure credential storage, monitoring, and provider due diligence. No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you and the relevant authorities as required by law.
11. Children
The Service is intended for senior technology executives and is not directed to children. We do not knowingly collect personal information from anyone under the age of 18. If you believe a child has provided us with personal information, please contact us so we can delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be posted on the Service with a revised "Last updated" date. If changes are material, we will provide additional notice (for example, by email or a prominent notice on the Service). Your continued use of the Service after the effective date of an update constitutes acceptance of the revised policy.
Contact
Privacy contact
The Modern CTO Circle
Email: legal@modernctocircle.com
Technology · People · Finance · Future