Privacy Policy

1. Information We Collect

• Account information: name, email address, company name, and phone number when you create an account or contact us.
• Usage data: how you interact with our platform, including pages visited, features used, and session duration.
• Device information: browser type, operating system, IP address, and device identifiers for security and analytics purposes.
• GRC data: governance, risk, compliance, and related data you enter into the platform, which remains your property at all times.

2. How We Use Your Information

• To provide, maintain, and improve the GRC Simplified platform and services.
• To communicate with you about your account, updates, and support requests.
• To send marketing communications (with your consent) about new features and offers.
• To analyze usage patterns and improve platform performance and user experience.
• To comply with legal obligations and protect our rights and the rights of our users.

3. Data Security

We implement industry-standard security measures to protect your data. This includes encryption at rest (AES-256) and in transit (TLS 1.3), Row-Level Security for multi-tenant data isolation, regular security audits, and daily encrypted backups. Our infrastructure is hosted on enterprise-grade cloud providers with SOC 2 Type II compliance.

4. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required by law to retain certain information. GRC data entered into the platform is retained according to your subscription terms and can be exported at any time.

5. Third-Party Services

We use select third-party services for analytics, payment processing, and infrastructure hosting. These providers are bound by data processing agreements and are required to handle your data in accordance with this privacy policy and applicable data protection laws.

6. Cookies and Tracking

• Essential cookies: required for the platform to function properly (authentication, session management).
• Analytics cookies: help us understand how users interact with our platform (can be declined).
• Marketing cookies: used to deliver relevant advertising (only with your explicit consent).
• You can manage your cookie preferences at any time through your browser settings or our cookie consent banner.

7. Your Rights

• Right to access: request a copy of the personal data we hold about you.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion of your personal data (subject to legal retention requirements).
• Right to data portability: receive your data in a structured, machine-readable format.
• Right to object: object to processing of your personal data for marketing purposes.
• Right to restrict processing: request limitation of how we process your data.

8. International Data Transfers

Your data may be processed in countries outside your country of residence. We ensure appropriate safeguards are in place, including standard contractual clauses and data processing agreements, to protect your data in accordance with applicable data protection laws.

9. Children's Privacy

GRC Simplified is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email or through a notice on our platform. Your continued use of GRC Simplified after such changes constitutes acceptance of the updated policy.