Privacy Policy

We collect information you provide directly and information generated when you use the Service.

• Account information: email address, name (if provided), and organization/tenant identifiers.
• Authentication data: session cookies and security tokens required to keep you signed in.
• Service data: audits, reports, findings, uploaded files (if enabled), and related metadata you or your organization submit.
• Usage and diagnostics: log events, feature usage, timestamps, IP address (typically in logs), device/browser signals, and performance metrics needed to operate and secure the Service.

We use information to:

• Provide, maintain, and improve the Service
• Authenticate users and enforce access controls
• Create audits, analytics, and reports requested by users
• Detect abuse, fraud, and security incidents
• Operate support, troubleshooting, and incident response
• Comply with legal obligations where applicable

We use cookies (or similar storage mechanisms) primarily for authentication and security. These may include:

• Session cookies to keep you signed in
• Security cookies to prevent abuse and protect accounts

Some client portal experiences may use local storage to remember a portal token for convenience. You can clear your browser storage to remove these values.

The Service may provide “client portal” links or tokens that grant read-only access to specific audit information. These links may be time-limited, usage-limited, and revocable by the account owner.

If you receive a client portal link, do not share it. Anyone with the link (or token) may be able to access the portal within its configured limits.

We do not sell personal information. We may share information in limited cases:

• With your organization: administrators and authorized users may access data within the tenant.
• Service providers: vendors that help operate the Service (hosting, logging, analytics, email delivery, payments). They are limited to using data to provide their services to us.
• Legal and safety: when required by law or to protect the rights, safety, and security of users, the Service, or others.
• Business changes: in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction.

We retain information for as long as needed to provide the Service and for legitimate business purposes such as security, auditing, compliance, and dispute resolution.

Tenant administrators may be able to delete certain data via the Service. Some data may remain in backups for a limited period.

We use reasonable safeguards designed to protect information from unauthorized access, loss, misuse, and alteration. However, no system is perfectly secure, and we cannot guarantee absolute security.

If you access the Service from outside the country where the Service is hosted, your information may be processed and stored in that hosting region. By using the Service, you consent to such processing where permitted by law.

Depending on your location, you may have rights to access, correct, delete, or restrict certain processing of your information. Tenant administrators control most Service data.

If you want to exercise a privacy request, contact your account administrator or support through your organization’s Service owner.

The Service is not intended for use by children. If you believe a child has provided personal information, contact the account owner to request removal.

We may update this Privacy Policy from time to time. Changes will be posted here with an updated “Last updated” date. Continued use of the Service after changes means you accept the updated policy.

For questions about privacy, contact support through your account administrator or the Service owner.