Privacy Policy

We collect information that you provide directly to us, including:

• Account Information: Name, email address, phone number, job title, and company information
• Compliance Data: Evidence submissions, audit documentation, assessment results, and compliance records
• Usage Information: How you interact with our platform, including login times, features used, and system preferences
• Technical Data: IP addresses, browser type, device information, and cookies for platform functionality

We use your information to:

• Provide and maintain our compliance management services
• Process and store your compliance documentation securely
• Facilitate audits and assessments by authorized auditors
• Generate compliance reports and analytics
• Communicate with you about your account and compliance status
• Improve our platform and develop new features
• Ensure platform security and prevent unauthorized access

We do not sell, trade, or rent your personal information. We may share your information only in these limited circumstances:

• Authorized Auditors: Assigned auditors may access your compliance data to perform their audit functions
• Service Providers: Trusted third-party providers who assist in platform operations (under strict confidentiality agreements)
• Legal Requirements: When required by law, court order, or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with continued privacy protection)

We implement comprehensive security measures to protect your information:

• Encryption: All data is encrypted in transit and at rest using industry-standard protocols
• Access Controls: Role-based access controls ensure only authorized personnel can access your data
• Regular Audits: We conduct regular security audits and vulnerability assessments
• Backup Systems: Secure backup systems ensure data availability and recovery
• Compliance: Our security practices align with ISO27001 and other international standards

We retain your information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal and regulatory requirements
• Support compliance audits and certifications
• Resolve disputes and enforce our agreements

Upon account termination, we will securely delete or anonymize your personal information in accordance with our data retention policies and applicable laws.

You have the following rights regarding your personal information:

• Access: Request access to your personal information we hold
• Correction: Update or correct inaccurate personal information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Data Portability: Request a copy of your data in a portable format
• Opt-out: Unsubscribe from non-essential communications

To exercise these rights, please contact us using the information provided below.

We use cookies and similar technologies to:

• Maintain your login session and platform preferences
• Analyze platform usage and improve user experience
• Provide security features and prevent fraud

You can control cookie settings through your browser preferences. Note that disabling cookies may affect platform functionality.

Your information may be transferred to and processed in countries other than your own. We ensure adequate protection through:

• Standard contractual clauses approved by relevant authorities
• Adequacy decisions by data protection authorities
• Other lawful transfer mechanisms as available

Our platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our platform
• Sending email notifications to registered users
• Providing prominent notice within the platform interface

Your continued use of the platform after changes become effective constitutes acceptance of the updated policy.