Privacy Policy

1. Introduction

At GRCompliance, Inc. ("we," "us," or "our"), our mission is to build the world's most trusted GRC platform. Security and privacy are at the core of everything we do. This Privacy Policy explains how we collect, use, and share information about you when you use our website and platform.

2. Information We Collect

• Contact Information: We collect your name, company name, and email address when you request vetted access or join our waitlist.
• Professional Context: During our discovery phase, we may collect information about your technical stack, current compliance frameworks (ISO 27001, SOC 2, etc.), and security goals.
• Technical Data: We automatically collect standard browser data, IP addresses, and interaction logs to maintain security and improve our vetting engine.

3. How We Use Information

We use the collected information to:

• Vet potential clients to ensure a high-trust environment.
• Provision private, isolated instances for approved partners.
• Automate compliance evidence collection as per your specified frameworks.
• Communicate important security updates and service changes.

4. Data Security & Isolation

Unlike multi-tenant platforms that share infrastructure, GRCompliance provides architecturally isolated instances. Your data is encrypted at rest and in transit using industry-standard protocols. We conduct regular internal audits and external penetration testing to ensure the integrity of our systems.

5. Third-Party Services

We utilize vetted subprocessors to provide our services, including cloud infrastructure providers and AI processing engines. All subprocessors are required to meet or exceed our stringent security standards.

6. Your Rights

Depending on your jurisdiction (e.g., GDPR, CCPA), you may have the right to access, correct, or delete your personal data. To exercise these rights, please contact us at privacy@grcompliance.com.