Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect basic information such as your name, email address, company name, and contact details. This information is necessary to provide you with access to our platform and communicate with you about your account.

Compliance Data

CompEcho processes compliance-related data that you upload or that is collected through our integrations. This may include configuration files, audit logs, security policies, and other evidence required for compliance frameworks. This data remains under your control at all times.

Usage Analytics

We collect anonymous usage analytics to understand how our platform is used and to improve our services. This includes page views, feature usage, and performance metrics, but does not include any personally identifiable information.

2. How We Use Your Information

• Service Delivery: To provide, maintain, and improve CompEcho's compliance automation features
• Communication: To send you important account updates, security notifications, and product announcements
• Support: To respond to your questions, provide technical support, and resolve issues
• Security: To protect our platform and users from fraud, abuse, and security threats
• Compliance: To meet our own legal and regulatory obligations

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• With Your Consent: When you explicitly authorize us to share information
• Service Providers: With trusted third-party services that help us operate our platform (all bound by strict confidentiality agreements)
• Legal Requirements: When required by law, court order, or to protect our rights and users' safety
• Business Transfers: In the event of a merger, acquisition, or sale of assets (with advance notice)

4. Data Security

We implement industry-leading security measures to protect your information:

• End-to-end encryption for data in transit and at rest
• Regular security audits and penetration testing
• SOC 2 Type II and ISO 27001 compliance
• Multi-factor authentication and access controls
• Regular employee security training
• Secure data centers with physical security controls

5. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate personal information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Portability: Request your data in a portable format
• Objection: Object to certain processing of your personal information
• Restriction: Request that we limit how we process your information

To exercise these rights, contact us at privacy@compecho.com or through your account settings.

6. Data Retention

We retain your information only as long as necessary to provide our services and comply with legal obligations:

• Account Data: Retained while your account is active and for 7 years after closure for legal compliance
• Compliance Data: Retained according to your organization's retention policies
• Usage Analytics: Anonymized data may be retained indefinitely for product improvement
• Support Data: Retained for 3 years to provide ongoing support

7. International Data Transfers

CompEcho operates globally and may transfer your information to countries outside your jurisdiction. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by regulatory authorities
• Data residency options for customers with specific requirements
• Compliance with applicable data protection laws in all jurisdictions

8. Updates to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by email or through our platform. The "Last updated" date at the top of this policy indicates when it was last revised.

9. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us: