Your data is yours.
Plain-language summary of our privacy practices below. Full policy linked at the bottom — written in the same plain English.
What we collect
Account information you give us (name, work email, role, company), platform usage data (which features you use, technical telemetry), and the GRC and vendor data you upload — policies, controls, evidence, vendor records, assessments. Customer data is yours; we process it on your behalf.
How we use it
To deliver and improve the platform, support your team, send you important account notifications, prevent abuse, and meet legal obligations. We do not train AI models on your data, share customer data across tenants, or sell personal information.
Who we share with
Only the sub-processors required to deliver the service — listed in full in our Trust Center (AWS, MongoDB Atlas, Anthropic via Bedrock, OpenAI fallback). We notify customers in advance of any change. We do not sell data to anyone.
How we protect it
Tenant isolation enforced server-side, TLS 1.2+ in transit, AES-256 at rest, AuditLog on every mutation, AUDITOR role read-only at the data layer. The same controls we sell to customers protect your data.
Your rights
Access, correct, export, or delete your personal data on request. EU and UK residents can exercise GDPR rights; California residents can exercise CCPA/CPRA rights. Email [email protected] and we'll respond within statutory timeframes.
Retention
Customer data is retained for the life of your subscription and 30 days post-termination for export. Audit-significant records are soft-deleted (not hard-deleted) so the audit trail stays intact for compliance integrity. Marketing contact data is retained until you ask us to delete it.
We update this policy as the platform grows.
Material changes are communicated by email and platform notification before they take effect. Minor wording changes are tracked at the bottom of the full policy.
Want the full legal text?
The full Privacy Policy covers every clause in detail. Or email privacy with any specific question.