Global Counter-Terrorism Institute® (GCTI)

Comprehensive Public-Facing Privacy Policy and Jurisdictional Compliance Framework

Effective Date: January 2025
Last Updated: January 2025

1. Introduction

The Global Counter-Terrorism Institute® (“GCTI”, “we”, “us”) is an international research, training, and operational-support organization committed to counter-terrorism, global security analysis, humanitarian protection, and cyber resilience. This Privacy Policy explains how we collect, use, share, and protect information in connection with our platforms, including the Dynamic Threat Mitigation (DTM™) Model, the DTM-AEGIS Framework, the GCTI Secure Intelligence Hub, and AI-driven analytic tools.

GCTI aligns its practices with key privacy and security regulations and frameworks, including the EU GDPR, UK GDPR, CCPA/CPRA, PIPEDA, LGPD, the Australian Privacy Principles, Singapore PDPA, and relevant U.S. federal security standards such as NIST and ISO/IEC 27001/27701, to the extent applicable.

2. Scope of This Policy

This Policy applies to individuals and institutions interacting with GCTI systems and services, including visitors to GCTI websites, users of the Secure Intelligence Hub, trainees, research partners, and organizations receiving GCTI analyses or reports. It also applies to data processed by the DTM-AEGIS verticals (e.g., Mars, Minerva, Vulcan, Neptune, Mercury, Apollo, Jupiter, Diana, and Janus) and any GCTI-operated digital infrastructure.

3. Information We Collect

3.1 Personal Identification Information

We may collect personal identification information such as names, professional titles, organizational affiliations, contact details (e.g., email, phone), and authentication credentials when you register for access, enroll in training, contact us, or participate in research or partnership activities.

3.2 Technical and Security Metadata

When you use our platforms, we may collect technical information including IP address, device identifiers, browser type, operating system, access timestamps, and security logs for cybersecurity, fraud prevention, and operational monitoring purposes.

3.3 Sensitive Security-Related Data

In support of our mission, we may process sensitive security-related data such as aggregated or pseudonymized information about conflict zones, terrorism incidents, cyber threats, financial crime patterns, or humanitarian disruptions. Whenever possible, this data is anonymized or aggregated and used to generate risk scores, forecasts, and mitigation recommendations.

3.4 Data from External Sources

GCTI may integrate data from vetted external sources, such as humanitarian datasets, reputable research databases, open-source intelligence feeds, and satellite-derived indicators, in accordance with applicable licenses and data-sharing agreements.

4. How We Use Information

To operate analytic models such as the DTM™ Model and DTM-AEGIS verticals.
To provide secure access to GCTI platforms and maintain cyber and physical security.
To conduct research, generate reports, and publish insights in anonymized or aggregated form.
To manage training, certification, and partnership activities.
To comply with legal, regulatory, and ethical obligations.

5. Legal Bases for Processing

Depending on your jurisdiction, GCTI may rely on various legal bases for processing, including consent, contractual necessity, legitimate interests (e.g., security, research), substantial public interest, and research grounds, as permitted under laws like GDPR and LGPD. We apply safeguards such as data minimization, access controls, and ethical review.

6. Data Sharing and Transfers

GCTI does not sell personal data. We may share information with vetted institutional partners, service providers, or authorities where legally required or strictly necessary to protect life, security, or public interest. International transfers are managed using recognized mechanisms (e.g., Standard Contractual Clauses, UK addendum) and appropriate technical and contractual safeguards.

7. Data Security

We implement layered security measures, including encryption in transit and at rest, role-based access controls, multi-factor authentication, zero-trust network principles, security monitoring, and staff training. These safeguards are guided by frameworks such as NIST and ISO/IEC 27001/27701.

8. Data Retention

GCTI retains information only for as long as necessary to fulfill the purposes described in this Policy or as required by law or research ethics. When data is no longer required, it is securely deleted, anonymized, or aggregated.

9. Your Rights

Depending on applicable law, you may have rights such as access, rectification, erasure, restriction, objection, data portability, and withdrawal of consent. To exercise these rights, please contact us using the details below. We may need to verify your identity and may not be able to fulfill certain requests where legal obligations require continued processing.

10. Children’s Privacy

GCTI services are not directed at children, and we do not knowingly collect personal data from individuals under the age of 16. If we become aware of such collection, we will take steps to delete that data.

11. Updates to This Policy

We may update this Privacy Policy periodically to reflect legal, technical, or operational changes. When we make material changes, we will update the “Last Updated” date and, where appropriate, provide additional notice.

12. Contact Information

Global Counter-Terrorism Institute® (GCTI)
850 S 5th Street
Central Point, Oregon, USA 97502
Helpdesk: helpdesk@globalctinstitute.org
General Inquiries: info@globalctinstitute.org
Admissions: admissions@globalctinstitute.org