Complianta — Privacy Policy

1. Scope of This Policy

• Our Services, including compliance and security offerings
• Our public website (e.g., www.complianta.com)
• Communications such as email, support, and marketing

It does not apply to third-party services that may integrate with Complianta. These are governed by their own policies.

2. Information We Collect

• a. Service Data: Information uploaded by customers to use our platform, such as security control data, audit evidence, and user configuration files.
• b. Account and Contact Information: Including full name, work email, company name, and billing information (if applicable).
• c. Usage & Device Information: IP address, browser, device type, pages visited, timestamps, actions, log files, and diagnostics.
• d. Cookies & Tracking Technologies: Our site uses cookies to enhance user experience and analyze usage trends. Users can manage cookies via browser settings or our cookie banner.
• e. Third-Party Integrations: If you enable integrations (e.g., AWS, GCP, Drata), we may receive metadata (e.g., username, API token permissions) for configuration and analysis purposes.
• f. Other Information: Such as communications with support, survey responses, and webinar or event registrations.

3. How We Use Information

• Provide, maintain, and improve the Services
• Authenticate and authorize access
• Respond to support requests
• Manage billing and accounts
• Monitor system performance and detect fraud
• Comply with legal obligations

Aggregated or de-identified data may be used for analytics and industry benchmarking.

4. Data Sharing and Disclosure

We do not sell personal information. We may share information with:

• Subprocessors and service providers under confidentiality agreements (e.g., hosting, analytics, CRM)
• Third-party integration partners, as authorized by the customer
• Government authorities, only as legally required
• Affiliates, for internal business operations
• In connection with a business transfer, such as a merger or acquisition

5. Data Retention

• Customer data: Retained per the contract (MSA) or 365 days after account closure
• Job applicant data: Up to 3 years
• Marketing/contact inquiries: Retained as long as reasonably necessary

6. Data Security

• Encryption (in transit and at rest)
• Least-privilege access controls
• Regular audits and penetration testing

Despite safeguards, no system is 100% secure. If you suspect a data incident, contact us immediately.

7. Your Rights

Depending on your jurisdiction (e.g., California, EEA, UK), you may have the right to:

• Access your data
• Correct inaccurate information
• Request deletion
• Opt out of marketing communications

To exercise these rights, contact us at legal@complianta.com.

8. International Data Transfers

Complianta is based in the U.S. and may transfer data globally. We use Standard Contractual Clauses (SCCs) and other lawful mechanisms to protect data transfers from the EEA, UK, and Switzerland.

9. Children's Privacy

Our Services are not intended for children under 16. If we become aware of data collected from such individuals, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy. The latest version will always be posted on our site. If material changes occur, we will notify users via email or in-app messaging.

11. Contact Us

Complianta LLC
[Your Registered Business Address]
Email: legal@complianta.com

If you have questions or complaints about our privacy practices, we encourage you to contact us directly.

This Privacy Policy is designed to meet regulatory requirements under GDPR, CCPA, and applicable U.S. privacy laws.