Privacy Policy

Information We Collect

Personal Information

We may collect the following types of personal information when you interact with our services:

• Contact Information: Name, email address, phone number, business address, and job title
• Account Information: Username, password, account preferences, and security settings
• Business Information: Company name, industry, organization size, and business requirements
• Payment Information: Billing address, payment method details, and transaction history (processed securely through third-party providers)
• Communication Data: Records of your communications with us, including support tickets, emails, and chat logs
• Profile Information: Professional background, role responsibilities, and compliance requirements
• Verification Data: Information required for identity verification and account security
• Preferences: Language settings, notification preferences, and customization choices

Technical Information

We automatically collect certain technical information when you use our platform:

• Usage Data: Information about how you use our platform, features accessed, time spent, and interaction patterns
• Device Information: IP address, browser type and version, operating system, device identifiers, and hardware specifications
• Log Data: Server logs, error reports, performance metrics, and system diagnostics
• Cookies and Tracking: Information collected through cookies, web beacons, and similar tracking technologies
• Location Data: General geographic location based on IP address (not precise location)
• Network Information: Connection type, ISP information, and network performance data
• Security Data: Authentication logs, security events, and threat detection information
• Performance Metrics: Platform performance data, load times, and user experience metrics
• Integration Data: Information from third-party integrations and API connections

Workflow and Compliance Data

When you use our compliance auditing services, we process:

• Workflow Information: AI-generated workflows, process definitions, and automation scripts submitted for analysis
• Audit Results: Compliance scan results, vulnerability reports, risk assessments, and remediation recommendations
• Configuration Data: Settings and preferences for compliance policies, security rules, and governance frameworks
• Metadata: File properties, creation dates, modification history, and version information
• Compliance Reports: Generated reports, certifications, trust badges, and compliance documentation
• Policy Data: Custom compliance policies, regulatory requirements, and organizational standards
• Risk Assessments: Security risk evaluations, threat analysis, and vulnerability classifications

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

Service Providers and Partners

We may share information with trusted third-party service providers who assist us in operating our platform:

• Cloud Infrastructure: Hosting providers, content delivery networks, and data storage services
• Payment Processing: Secure payment processors and billing service providers
• Customer Support: Help desk platforms, communication tools, and support ticket systems
• Analytics and Monitoring: Website analytics, performance monitoring, and user experience tools
• Security Services: Threat detection, fraud prevention, and cybersecurity monitoring services
• Communication Services: Email delivery, SMS services, and notification platforms
• Integration Partners: Third-party applications and services that integrate with our platform

Legal Requirements and Protection

We may disclose your information when required by law or to protect our rights and users:

• Legal Process: In response to court orders, subpoenas, search warrants, or other legal proceedings
• Government Requests: To comply with government or regulatory agency requests and investigations
• Rights Protection: To protect our rights, property, safety, or the rights and safety of our users
• Fraud Investigation: To investigate suspected fraud, security breaches, or violations of our terms
• Emergency Situations: To address emergencies that threaten the physical safety of any person
• Regulatory Compliance: To meet regulatory reporting requirements and compliance obligations

Business Transfers

In the event of a merger, acquisition, sale of assets, or other business transaction, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

Consent-Based Sharing

We may share your information with third parties when you have given us explicit consent to do so, such as when you authorize integrations with other platforms or services.

Your Privacy Rights and Choices

Depending on your location and applicable privacy laws, you may have the following rights regarding your personal information:

Data Subject Rights

• Right of Access: Request access to your personal information we hold and receive a copy of your data
• Right to Rectification: Request correction of inaccurate, incomplete, or outdated personal information
• Right to Erasure: Request deletion of your personal information (subject to legal and business requirements)
• Right to Data Portability: Request a copy of your information in a structured, machine-readable format
• Right to Restriction: Request restriction of processing under certain circumstances
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
• Right to Withdraw Consent: Withdraw consent where processing is based on your consent
• Right to Lodge Complaints: File complaints with relevant data protection authorities

How to Exercise Your Rights

To exercise these rights, please contact us at [email protected] with your request. We will respond within the timeframe required by applicable law, typically within 30 days.

When submitting a request, please provide sufficient information to verify your identity and specify the right you wish to exercise. We may request additional information to confirm your identity and protect your privacy.

Marketing Communications

You can opt out of marketing communications at any time by:

• Clicking the unsubscribe link in our emails
• Updating your preferences in your account settings
• Contacting us directly at [email protected]

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and other countries where we or our service providers operate.

Transfer Safeguards

When we transfer your information internationally, we ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries with adequacy decisions from relevant authorities
• Standard Contractual Clauses: EU-approved standard contractual clauses for data transfers
• Binding Corporate Rules: Internal policies ensuring consistent data protection standards
• Certification Programs: Participation in recognized privacy certification programs
• Additional Safeguards: Technical and organizational measures to protect transferred data

Cross-Border Data Processing

We may process your data in multiple jurisdictions to provide our services effectively. All processing locations maintain equivalent levels of data protection through contractual obligations and technical safeguards.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you through our platform, email, or other appropriate means
• Obtain your consent for material changes where required by law
• Provide clear information about the nature of the changes

We encourage you to review this Privacy Policy periodically to stay informed about our privacy practices and your rights.