Back to Home

Privacy Policy

Last updated: January 21, 2025

At SysCompliance, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our audit management platform and related services.

1. Information We Collect

1.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

  • Create an account: Name, email address, phone number, job title, company information
  • Use our services: Audit data, compliance records, user-generated content, feedback
  • Contact us: Contact form submissions, support requests, communication preferences
  • Subscribe to services: Billing information, payment details (processed securely through third-party providers)

1.2 Information Automatically Collected

When you access our platform, we automatically collect certain information:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent, click patterns, session information
  • Location Data: General geographic location based on IP address
  • Log Data: Server logs, error reports, performance metrics

1.3 Audit and Compliance Data

As an audit management platform, we process:

  • Audit plans, programs, and schedules
  • Checklist templates and completed checklists
  • Non-conformity reports and corrective actions
  • Observation records and improvement opportunities
  • Department and process information
  • User roles and permissions data

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Provision

  • Provide, operate, and maintain our audit management platform
  • Process and manage your audit data and compliance records
  • Enable collaboration features and user management
  • Generate reports and analytics for your organization

2.2 Account Management

  • Create and manage user accounts
  • Authenticate users and maintain security
  • Process payments and manage subscriptions
  • Provide customer support and technical assistance

2.3 Communication

  • Send service-related notifications and updates
  • Respond to inquiries and support requests
  • Provide important security and legal notices
  • Send marketing communications (with your consent)

2.4 Improvement and Analytics

  • Analyze usage patterns to improve our services
  • Monitor system performance and security
  • Develop new features and functionality
  • Conduct research and analytics

3. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

3.1 With Your Consent

We may share your information when you have given us explicit consent to do so.

3.2 Service Providers

We may share information with trusted third-party service providers who assist us in:

  • Cloud hosting and data storage (AWS, Google Cloud)
  • Payment processing (Stripe, PayPal)
  • Email delivery and communication services
  • Analytics and monitoring tools
  • Customer support platforms

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal process (court orders, subpoenas)
  • Government investigations or regulatory requests
  • Protection of our rights, property, or safety
  • Prevention of fraud or illegal activities

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Security

We implement comprehensive security measures to protect your information:

4.1 Encryption

  • Data in Transit: All data transmission uses TLS 1.3 encryption
  • Data at Rest: Sensitive data is encrypted using AES-256 encryption
  • Database Encryption: Personal data fields are encrypted at the database level
  • Backup Encryption: All backups are encrypted and securely stored

4.2 Access Controls

  • Multi-factor authentication for administrative access
  • Role-based access control within the platform
  • Regular access reviews and permission audits
  • Secure API authentication and authorization

4.3 Infrastructure Security

  • Secure cloud hosting with enterprise-grade security
  • Regular security assessments and penetration testing
  • Intrusion detection and monitoring systems
  • Automated security updates and patch management

4.4 Organizational Security

  • Employee security training and background checks
  • Incident response procedures and protocols
  • Data breach notification procedures
  • Regular security policy reviews and updates

5. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

5.1 Account Data

  • Active Accounts: Retained while your account is active
  • Closed Accounts: Deleted within 90 days of account closure
  • Backup Data: Removed from backups within 12 months

5.2 Audit Data

  • Compliance Records: Retained according to applicable regulations (typically 3-7 years)
  • Audit Trails: Maintained for regulatory compliance requirements
  • Historical Data: May be anonymized for analytical purposes

5.3 Legal and Regulatory

  • Information subject to legal holds is retained until the hold is lifted
  • Financial records retained according to tax and accounting requirements
  • Security logs retained for fraud prevention and investigation

6. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure adequate protection through:

6.1 Adequacy Decisions

We transfer data to countries with adequacy decisions from the European Commission where applicable.

6.2 Standard Contractual Clauses

For transfers to countries without adequacy decisions, we use Standard Contractual Clauses approved by the European Commission.

6.3 Data Processing Addendum

Our service providers are bound by data processing agreements that include appropriate safeguards and security measures.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

  • Right to Access: Request a copy of your personal information
  • Data Portability: Receive your data in a structured, machine-readable format
  • Account Dashboard: Access and download your data through your account settings

7.2 Correction and Deletion

  • Right to Rectification: Correct inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal information
  • Account Deletion: Delete your account and associated data

7.3 Processing Controls

  • Right to Restrict: Limit how we process your information
  • Right to Object: Object to processing based on legitimate interests
  • Marketing Opt-out: Unsubscribe from marketing communications

7.4 Exercising Your Rights

To exercise these rights, contact us using the contact form on our website. We will respond within 30 days and may require identity verification.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

8.1 Types of Cookies

  • Essential Cookies: Required for platform functionality and security
  • Performance Cookies: Help us analyze usage and improve performance
  • Functional Cookies: Remember your preferences and settings
  • Referral Cookies: Track affiliate referrals and partnerships

8.2 Cookie Management

You can control cookies through your browser settings. Note that disabling essential cookies may affect platform functionality.

8.3 Third-Party Tracking

We may use third-party analytics services (Google Analytics, etc.) that use cookies to collect usage information.

9. Third-Party Services

Our platform integrates with third-party services that have their own privacy policies:

9.1 Payment Processors

  • Stripe: Processes payments securely with PCI DSS compliance
  • PayPal: Alternative payment processing option

9.2 Cloud Services

  • Amazon Web Services (AWS): Cloud hosting and storage
  • Google Cloud Platform: Additional cloud services and analytics

9.3 Communication Services

  • Email Providers: Transactional and marketing email delivery
  • Support Platforms: Customer support and helpdesk services

10. Children's Privacy

Our services are designed for business use and are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

11. Regulatory Compliance

We comply with applicable privacy laws and regulations:

11.1 GDPR Compliance

  • Lawful basis for processing personal data
  • Data Protection Impact Assessments (DPIAs)
  • Data Protection Officer (DPO) appointment
  • Privacy by Design and by Default principles

11.2 Other Regulations

  • CCPA: California Consumer Privacy Act compliance
  • PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)
  • ISO 27001: Information security management standards
  • SOC 2: Security and availability controls

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you via email or platform notification
  • Provide a summary of key changes
  • Allow time for review before changes take effect

Your continued use of our services after the effective date constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us using the contact form on our website.

Our Commitment

At SysCompliance, protecting your privacy is not just a legal obligation—it's fundamental to building trust with our customers. We are committed to transparency, security, and giving you control over your personal information.