Privacy Policy

At CompliTru, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud security and compliance platform. Please read this policy carefully. By using our Service, you consent to the data practices described in this policy.

1. Information We Collect

We collect information in several ways:

• Account Information: Name, email address, company name, and password when you register
• Cloud Account Data: Cloud resource metadata, configuration data, and security findings from your connected AWS, Azure, or GCP accounts
• Usage Data: Information about how you interact with our Service, including pages visited and features used
• Device Information: IP address, browser type, operating system, and device identifiers
• Payment Information: Billing details processed through our secure payment provider (we do not store full credit card numbers)

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our security scanning and compliance monitoring services
• Process transactions and send related information including confirmations and invoices
• Send technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and customer service requests
• Analyze usage patterns to improve user experience and develop new features
• Detect, prevent, and address technical issues and security threats

3. Cloud Data Handling

When you connect your cloud accounts, we access resource metadata and configuration data necessary to perform security scans and compliance checks. We employ a hybrid storage architecture: aggregated counts and summaries are stored in our database, while detailed findings containing resource identifiers are encrypted and stored in your own cloud storage (S3 or Azure Blob Storage). This ensures your sensitive data remains within your control. We do not access, store, or process the contents of your data stored in cloud services (such as S3 object contents or database records).

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With third-party vendors who perform services on our behalf (payment processing, email delivery, analytics)
• Legal Requirements: When required by law, court order, or governmental authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you have given us explicit permission to share

5. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS 1.3) and at rest (AES-256), secure credential storage, access controls, and regular security audits. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your account information for as long as your account is active or as needed to provide you services. Scan results and findings are retained for 90 days by default, though you can configure different retention periods. If you delete your account, we will delete your personal data within 30 days, except where retention is required for legal or legitimate business purposes.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request a machine-readable copy of your data
• Opt-out: Unsubscribe from marketing communications at any time

To exercise these rights, contact us at privacy@complitru.com.

8. Cookies and Tracking

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier. We use session cookies for authentication, preference cookies for settings, and analytics cookies to understand usage patterns. You can instruct your browser to refuse all cookies, but some features of our Service may not function properly without them.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country of residence. If you are located outside the United States and choose to provide information to us, please note that we transfer data to the United States and process it there. We implement appropriate safeguards for international transfers, including Standard Contractual Clauses where applicable.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide more prominent notice, such as an email notification. You are advised to review this Privacy Policy periodically for any changes.