Last updated October 15, 2025
CompEcho Privacy Policy
This Privacy Policy describes the privacy practices of CompEcho and its affiliates ("CompEcho", "we", "our" or "us") with respect to the personal information we collect from users of our websites, applications and other sites or services that we own, operate or maintain that link to this Privacy Policy (collectively, the "Services" or "Service").
This Privacy Policy does not apply to any personal information customers provide in connection with their use of the Services, subject to the data processing terms set forth in the customer agreement. The types of information we collect and use depends on how you interact with and use the Services.
Please read this Privacy Policy carefully. Should you have any questions about our information and disclosure practices, please contact us as set forth below.
1. Information We Collect
Account Information
When you create an account, we collect basic information such as your name, email address, company name, and contact details. This information is necessary to provide you with access to our platform and communicate with you about your account.
Compliance Data
CompEcho processes compliance-related data that you upload or that is collected through our integrations. This may include configuration data, audit logs, security policies, and other evidence required for compliance frameworks. This information remains under your control at all times.
Usage Analytics
We collect anonymous usage analytics to understand how our platform is used and to improve our services. This includes page views, feature usage, and performance metrics, but does not include any personally identifiable information.
2. How We Use Your Information
Service Delivery
To provide, maintain, and improve CompEcho's compliance automation features.
Communication
To send you important account updates, security notifications, and product announcements.
Support
To provide, maintain, and improve CompEcho's compliance automation features.
Security
To protect our platform and users from fraud, abuse, and security threats.
Compliance
To meet our own legal and regulatory obligations.
3. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:
With Your Consent
When you explicitly authorise us to share information.
Service Providers
With trusted third-party services that help us operate our platform (allowed by strict confidentiality agreements).
Legal Requirements
When required by law, court order, or to protect our rights and user safety.
Business Transfers
In the event of a merger, acquisition, or sale of assets (with advance notice).
4. Data Security
We implement industry-leading security measures to protect your information:
- End-to-end encryption for data in transit and at rest
- Regular security audits and penetration testing
- SOC 2 Type II and ISO 27001 compliance
- Multi-factor authentication and access controls
- Regular employee security training
- Secure data centres with physical security controls
5. Your Rights and Choices
You have the following rights regarding your personal information:
Access
Request a copy of the personal information we hold about you.
Correction
Update or correct inaccurate personal information.
Deletion
Request deletion of your personal information (subject to legal requirements).
Portability
Request your data in a portable format.
Objection
Object to certain processing of your personal information.
Restriction
Request that we limit how we process your information.
To exercise these rights, contact us at privacy@compecho.com or through your account settings.
6. Data Retention
We retain your information only as long as necessary to provide our services and comply with legal obligations:
Account Data
Retained while your account is active and for 7 years after closure for legal compliance.
Compliance Data
Retained according to your organisation's retention policies.
Usage Analytics
Anonymised data may be retained indefinitely for product improvement.
Support Data
Retained for 3 years to provide ongoing support.
7. International Data Transfers
CompEcho operates globally and may transfer your information to countries outside your jurisdiction. We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by regulatory authorities
- Data residency options for customers with specific requirements
- Compliance with applicable data protection laws in all jurisdictions
8. Updates to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by email or through our platform. The "Last updated" date at the top of this policy indicates when it was last revised.
9. Contact Us
If you have any questions about this privacy policy or our data practices, please contact us at privacy@compecho.com or our Data Protection Officer at dpo@compecho.com.