RiskGuard Pro

Privacy Policy

Last updated: May 24, 2026

1. Introduction

RiskGuard Pro ("Company," "we," "us") operates the RiskGuard Pro platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and complying with applicable data protection laws, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and username
  • Email address
  • Company/organization name
  • Encrypted password (hashed, never stored in plaintext)

2.2 Customer Data

Risk assessments, control attestations, KRI metrics, and any other data you input into the platform. This data belongs to you. We process it only to provide the Service.

2.3 Usage Data

We automatically collect certain technical data including IP address, browser type, pages visited, and timestamps. This data is used for security monitoring and service improvement.

2.4 Payment Information

Payment processing is handled entirely by PayPal. We do not store credit card numbers, CVV codes, or full payment details on our servers.

3. How We Use Your Information

  • Provide the Service — Processing your risk data and rendering your dashboard
  • Account management — Authentication, authorization, and workspace provisioning
  • Billing — Processing subscription payments via PayPal
  • Communication — Sending account-related emails (password resets, billing receipts)
  • Security — Detecting and preventing unauthorized access
  • Improvement — Analyzing aggregated, anonymized usage patterns to improve the platform

4. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information or Customer Data. We may share information only in these circumstances:

  • Service providers — Third-party services that help us operate (PayPal for payments, AWS for hosting)
  • Legal requirements — When required by law, subpoena, or court order
  • Business transfers — In connection with a merger, acquisition, or sale of assets
  • With your consent — When you explicitly authorize us to share information

5. Data Security

We implement industry-standard security measures including:

  • TLS 1.3 encryption for all data in transit
  • Encrypted database storage for sensitive fields
  • Multi-tenant data isolation at the application level
  • Role-based access controls
  • Regular security vulnerability assessments
  • Secure password hashing (PBKDF2 with SHA256)

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon account deletion, we will delete or anonymize your Customer Data within 30 days, except where retention is required by law.

7. Your Rights

CCPA (California Residents)

  • Right to know what personal information we collect and how it is used
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising your rights

GDPR (EU/EEA Residents)

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to data portability
  • Right to restrict or object to processing

To exercise any of these rights, please contact us.

8. Cookies

We use essential cookies for session management and authentication. We do not use third-party advertising or tracking cookies.

9. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect.

11. Contact Us

For privacy-related questions or data subject access requests, please contact us.