Privacy Policy

• Account information: name, email address, company name, phone number, and job title
• Usage data: pages visited, features used, session duration, and IP address
• Compliance data: frameworks selected, controls uploaded, and documents stored (all encrypted at rest)
• Payment information: processed securely by Stripe. We do not store card numbers or sensitive payment details
• Communications: emails, support tickets, and live chat transcripts when you contact us

• Provide, operate, and continuously improve the ComplianceHub platform
• Send transactional emails including invitations, deadline reminders, and compliance alerts
• Respond to support requests and live chat inquiries promptly
• Analyze usage patterns to improve platform features and user experience
• Comply with legal obligations and enforce our Terms of Service
• Send product updates and announcements (you may opt out at any time)

• Service providers: AWS (hosting), Stripe (payments), Resend (email), Sentry (error monitoring), all operating under data processing agreements with us
• Legal requirements: we may disclose information if required by law, court order, or government authority
• Business transfers: in the event of a merger or acquisition, your data may transfer to the new entity with equivalent protections

We never sell your personal information to third parties. Period.

• Account data retained for the duration of your subscription plus 90 days after termination
• Compliance documents retained per your organization's configured settings
• Audit logs retained for 12 months
• You may request deletion at any time by contacting support@ComplianceHub.com

• Right to access: request a copy of all personal data we hold about you
• Right to correction: update or correct inaccurate information in your account
• Right to deletion: request removal of your personal data ("right to be forgotten")
• Right to portability: receive your data in a machine-readable format (JSON or CSV)
• Right to opt out: unsubscribe from marketing communications at any time
• Do Not Sell: we do not sell personal information. California residents may submit a Do Not Sell request to support@ComplianceHub.com
• GDPR users: contact our Data Protection Officer at privacy@ComplianceHub.com

• Essential cookies: required for authentication and session management. These cannot be disabled
• Analytics cookies: used to understand how users interact with our platform (opt-out available in your account settings)
• You can manage cookies through your browser settings at any time

• All data encrypted at rest using AES-256 and in transit using TLS 1.3
• Access controls strictly limit employee access to personal data on a need-to-know basis
• Regular security audits and vulnerability assessments performed by independent third parties
• See our Security page for full technical details and our security posture

ComplianceHub is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@ComplianceHub.com and we will delete it promptly.

We will notify all registered users of material changes to this Privacy Policy via email at least 30 days before they take effect. Minor or non-material changes may be made at any time. The "Last updated" date at the top of this page will always reflect the most recent revision.

• Privacy questions: privacy@ComplianceHub.com
• Data deletion requests: support@ComplianceHub.com
• Mailing address: ComplianceHub, 23706 Birtcher Dr., Lake Forest, CA 92630