Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Last updated: December 19, 2025

Information We Collect

Account Information

When you create an account, we collect your name, email address, and organization details. If using Azure AD, we may receive additional profile information as permitted by your organization.

Usage Data

We collect information about how you use our platform, including risk assessments, audit logs, and feature usage to improve our services and ensure security.

Technical Information

We automatically collect IP addresses, browser type, device information, and access logs for security monitoring and system optimization.

How We Use Your Information

  • Provide and maintain our risk management platform
  • Process and store your risk assessments and organizational data
  • Send important notifications about your account and security
  • Improve our services through analytics and usage patterns
  • Comply with legal obligations and security requirements

Data Security & Protection

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Database connections are secured and regularly monitored.

Access Controls

We implement strict access controls with multi-factor authentication, role-based permissions, and regular security audits to protect your data.

Data Isolation

Your organization's data is logically isolated from other tenants using secure multi-tenancy architecture with tenant-specific access controls.

Data Sharing & Third Parties

We do not sell, rent, or share your personal information with third parties except in the following limited circumstances:

  • Service Providers: Trusted partners who help us operate our platform (hosting, email, analytics)
  • Legal Requirements: When required by law, regulation, or valid legal process
  • Security: To protect against fraud, security threats, or illegal activities

Your Rights & Choices

You have the following rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in a machine-readable format
  • Objection: Object to certain processing activities

Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us:

Email: privacy@yourcompany.com

Address: 123 Business Ave, Suite 100, City, State 12345

Questions About Privacy?

Our team is here to help you understand how we protect your data.