Privacy Policy
Last updated: May 24, 2026
GDPR CompliantCCPA CompliantSOC 2 Ready
1. Who We Are
AuditTrue LLC (referred to as "AuditTrue," "we," "us," or "our") provides an AI governance and compliance platform. This Privacy Policy explains how we collect, use, process, store, and protect your personal data when you use our website, platform, or services. AuditTrue is the data controller for personal data collected through our website and marketing activities, and acts as a data processor for customer data submitted to the platform.
2. Information We Collect
2.1 Information You Provide
When you interact with us, you may provide: name, email address, company name, job title, phone number, billing information (processed by our payment processor — we do not store full payment card details), account credentials, and any information you include in communications or support requests.
2.2 Information Collected Automatically
We automatically collect: IP address, browser type and version, operating system, referring URLs, pages visited, time and date of access, session duration, and device identifiers. We use cookies and similar tracking technologies as described in Section 7.
2.3 Information Processed on Behalf of Customers
When you use our Platform to govern your AI systems, we process AI model metadata, deployment configurations, inference logs, and compliance-related data that you submit. This data is processed solely on your instruction and remains your property. We do not use customer data to train or improve our proprietary AI models.
3. Legal Bases for Processing (EEA Users)
For users in the European Economic Area, we process personal data under the following legal bases:
| Processing Purpose | Legal Basis |
|---|---|
| Providing Platform services | Performance of contract (Article 6(1)(b)) |
| Communication & support | Performance of contract / Legitimate interests |
| Analytics & service improvement | Legitimate interests (Article 6(1)(f)) |
| Marketing (with consent) | Consent (Article 6(1)(a)) |
| Legal compliance | Legal obligation (Article 6(1)(c)) |
4. How We Use Your Information
We use your information to: (a) provide, maintain, and improve the Platform; (b) process transactions and manage subscriptions; (c) communicate with you about your account, service updates, and security notices; (d) respond to inquiries and support requests; (e) detect, prevent, and address technical issues, fraud, and security threats; (f) comply with legal obligations; and (g) with your consent, send marketing communications about our services.
5. Data Sharing & Disclosure
We do not sell your personal information. We may share data with:
- Service providers: Cloud hosting (Hostinger/Cloudflare), payment processing (Stripe), analytics, and communication tools — all bound by data processing agreements consistent with this policy
- Compliance obligations: When required by law, court order, or regulatory request
- Business transfers: In connection with a merger, acquisition, or sale of assets
We require all third-party service providers to implement security measures consistent with industry standards and to process data only for the purposes specified by us.
6. Data Processing Agreement (DPA)
Customers subject to the GDPR or other data protection laws may require a Data Processing Agreement. A DPA is available upon request and is incorporated into these Terms. To request a signed DPA, contact [email protected]. The DPA covers: processing instructions, data security measures, sub-processor lists, data breach notification procedures, cross-border transfer mechanisms (Standard Contractual Clauses), and data deletion procedures.
7. Cookies & Tracking
We use essential cookies for platform functionality and security. We use analytics cookies (with consent where required) to understand Platform usage and improve our service. You can control cookie preferences through your browser settings. Third-party cookies from services we use (analytics, payment processing) are governed by their respective privacy policies.
8. Data Retention
We retain your personal information for as long as your account is active or as needed to provide services. Governance audit logs and compliance records are retained in accordance with regulatory requirements — typically 3 to 7 years depending on the applicable jurisdiction and regulation. Upon account termination, customer data is securely deleted within 60 days unless legal obligations require longer retention.
9. Data Subject Rights
Depending on your jurisdiction, you may have the right to: (a) access, correct, or delete your personal data; (b) restrict or object to processing; (c) data portability; (d) withdraw consent at any time (without affecting lawful processing based on consent before withdrawal); (e) lodge a complaint with your data protection authority. EEA users may contact their local Data Protection Authority. To exercise these rights, contact [email protected]. We respond to all legitimate requests within 30 days.
10. International Data Transfers
AuditTrue is based in the United States. If you are located outside the US, your data may be transferred to and processed in the US. For EEA users, we ensure adequate protections through Standard Contractual Clauses (SCCs) approved by the European Commission, as part of our DPA. We also comply with the UK International Data Transfer Agreement for UK users.
11. Security
We implement industry-standard technical and organizational security measures including: encryption at rest (AES-256) and in transit (TLS 1.3); role-based access controls with multi-factor authentication; regular security audits and penetration testing; incident response procedures; employee training on data protection. Our security program aligns with SOC 2 and ISO/IEC 27001 standards.
12. CCPA Notice (California Residents)
California residents have the right to: request disclosure of personal information collected, used, or disclosed in the past 12 months; request deletion of personal information; opt out of the sale of personal information (we do not sell personal information); and not be discriminated against for exercising these rights. To exercise your CCPA rights, contact [email protected].
13. Children's Privacy
The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information promptly.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to account holders and through a notice on our website at least 30 days before they take effect. We encourage you to review this policy periodically.
15. Contact
Data Protection Officer: [email protected]
Privacy Inquiries: [email protected]
DPA Requests: [email protected]
Postal: AuditTrue LLC, [Registered Address, Wilmington, DE 19801, United States]