Privacy Policy

Privacy Policy

Effective Date: October 24, 2025

AssureGrid, Inc. (“AssureGrid,” “we,” “us,” or “our”) provides AI-assisted audit automation products and related services (“Services”). This Privacy Policy explains how we collect, use, disclose, and protect Personal Data (information that identifies or can reasonably be linked to an identifiable person) when you visit our websites, use the Services, interact with us, or otherwise engage where this Policy is posted. If you have a separate written agreement with AssureGrid (e.g., a Master Subscription Agreement or Data Processing Agreement), that agreement will govern to the extent it conflicts with this Policy.

Who this Policy covers

We gather information about you directly and automatically through your use of our Site.

  • Website visitors (e.g., browsing assuregrid.ai, attending webinars, downloading content)
  • Customers and Authorized Users (end users, administrators)
  • Prospects and business contacts
  • Job applicants
  • Third parties who interact with us (e.g., vendors, partners)

This Policy does not apply to Customer Content we process on behalf of our customers as a processor/service provider - e.g., audit evidence, logs, workpapers, and documents ingested into AssureGrid by a customer. For that data, we process strictly under our contract and the customer’s instructions

Types of Personal Data we collect

You provide directly

  • Account & profile: name, email, phone, role, authentication data.
  • Customer support: messages, tickets, call recordings (where permitted by law and disclosed).
  • Marketing interactions: preferences, survey responses, demo forms.
  • Recruiting: resume/CV, cover letter, employment history, references.

Automatically collected

  • Usage & diagnostics: feature usage, timestamps, performance events, crash logs.
  • Device & network: IP address, user agent, OS/browser type, language, referrer/UTM, coarse location, cookies, pixels, local storage.
  • Website analytics: page views, session duration, navigation paths.

From third parties

  • Your employer/organization (when provisioning your account)
  • Service providers/partners (CRM enrichment, analytics, threat intelligence)
  • Public sources (professional profiles, publications)

We do not collect sensitive Personal Data unless you voluntarily provide it or a specific feature requires it (and then only with notice or consent as required).

How we use Personal Data

We process Personal Data for:

  • Providing and securing the Services (account creation, authentication, access control, availability, incident response, fraud and abuse prevention).
  • Operating, maintaining, and improving the Services (feature development, quality, usability, debugging, service analytics).
  • Customer support (responding to requests, troubleshooting, training).
  • Business operations (billing, accounting, audits, legal compliance, risk management).
  • Communications and marketing (service notices, product updates, event invites, surveys; you can opt out of marketing at any time).
  • Recruiting & hiring (evaluate candidates, schedule interviews, comply with law).
  • Safety, security, and compliance (detect/prevent security incidents, enforce terms, respond to lawful requests).

Where GDPR/UK GDPR/Swiss laws apply, we rely on: contract necessity, legitimate interests (e.g., product security and improvement balanced against your rights), legal obligations, and consent (where required).

Our AI/ML and model-training commitments

  • We do not use Customer Content (e.g., evidence, workpapers, logs, documents you upload) to train foundation models or to build generalized AI systems without your written agreement.
  • We may use aggregated or de-identified telemetry to improve reliability and safety (e.g., performance metrics, error codes), and we will not attempt to re-identify such data.
  • Where we offer optional features that analyze content for your organization’s benefit (e.g., extraction, summarization), we act under your instructions and data remains scoped to your tenant unless you opt in to a clearly disclosed cross-customer program.
  • We honor our public commitments around data usage; using customer data contrary to stated commitments can be an unfair or deceptive practice under U.S. law.

Cookies, analytics, and Global Privacy Control (GPC)

We and our providers use cookies, pixels, and similar technologies to remember settings, authenticate sessions, analyze usage, and (on public web pages) tailor content. Where required, we’ll request consent. You can manage preferences in our cookie banner and your browser.

Global Privacy Control (GPC). In jurisdictions where it’s legally required, if your browser sends a valid GPC signal, we will treat it as a request to opt out of “sale”/“sharing” (as defined under applicable state laws) for that browser.

When we disclose Personal Data

We disclose Personal Data only as described:

  • Service providers / processors: hosting, storage, analytics, communications, customer support, threat detection, payment processing, recruiting.
  • Enterprise customers: to your organization (e.g., usage reports, admin controls).
  • Affiliates: within an AssureGrid corporate group for the purposes in this Policy.
  • Business transfers: merger, acquisition, financing, or sale of assets.
  • Legal & safety: comply with law, enforce terms, protect rights, respond to lawful requests.
  • With your direction or consent: integrations you enable, beta programs, references.

We do not sell Personal Data for money. On public web properties we may engage in activities that are deemed a “sale” or “sharing” under some state laws. You can opt out via our cookie controls or GPC as noted above.

Data retention

We retain Personal Data for as long as needed to provide the Services and for legitimate business or legal purposes (e.g., to comply with retention laws, resolve disputes, maintain security logs). Customer Content retention follows your organization’s settings and our contract; we delete or return Customer Content upon termination or as otherwise agreed.

Security

We implement administrative, technical, and physical safeguards designed to protect Personal Data, taking into account the sensitivity of the data and the current state of technology (e.g., encryption in transit, access controls, logging, vulnerability management, and employee training). No system is 100% secure; we maintain incident response procedures and will notify you of breaches as required by law.

International data transfers

We may process and store data in the United States and other countries. Where required, we use appropriate transfer mechanisms such as Standard Contractual Clauses (SCCs) or other lawful instruments, and supplement with risk assessments and safeguards. If we later participate in a recognized data-transfer framework, we will update this Policy accordingly.

Your privacy rights

Depending on where you live, you may have the rights to access, correct, delete, limit, port, object to, or opt out of certain processing (including targeted advertising, “sale”/“sharing,” and some types of profiling). You also may have the right to appeal a decision on your request.

How to submit a request: Email privacy@assuregrid.ai (or use the “Privacy Request” link in our footer). Please state your jurisdiction and the right you wish to exercise. We will verify your identity (and, for enterprise accounts, may route through your administrator). You may authorize an agent to submit requests where permitted by law, and we offer an appeals process for denials (we’ll provide reasons and instructions).

Browser-level opt-outs: Enable Global Privacy Control (GPC) in your browser; we will process it where legally required.

Children’s privacy

Our Services are not directed to children under 16, and we do not knowingly collect Personal Data from them. If you believe a child has provided Personal Data to us, contact privacy@assuregrid.ai and we will take appropriate steps.

Customer Content & processor role

For Customer Content (e.g., audit evidence, logs, screenshots, emails, exports) we act as a processor/service provider under applicable laws and our contract/DPA. Your organization controls access, retention, deletion, and integrations. We will: process only on documented instructions; maintain appropriate security measures; assist with data-subject requests that your organization receives; and flow down obligations to sub-processors and provide notice of material changes.

Do Not Track & Global Privacy Control

We do not respond to Do Not Track (DNT) signals (standards vary and are not widely adopted). We do honor Global Privacy Control (GPC) where required by law.

Changes to this Policy

We may update this Policy to reflect changes to our practices, technologies, or legal requirements. If updates materially affect your rights, we will provide prominent notice (e.g., email to account owners or in-product banners) and note the new effective date.

Contact Us

AssureGrid, Inc.
Email: privacy@assuregrid.ai
Mailing:

EU/UK inquiries: If you are in the EEA/UK and believe GDPR/UK GDPR applies to your Personal Data processed by us as a controller, you may contact us at the above address. We will identify our EU/UK representative in your region if/when applicable.