Privacy Policy

We gather information about you directly and automatically through your use of our Site.

• Website visitors (e.g., browsing assuregrid.ai, attending webinars, downloading content)
• Customers and Authorized Users (end users, administrators)
• Prospects and business contacts
• Job applicants
• Third parties who interact with us (e.g., vendors, partners)

This Policy does not apply to Customer Content we process on behalf of our customers as a processor/service provider - e.g., audit evidence, logs, workpapers, and documents ingested into AssureGrid by a customer. For that data, we process strictly under our contract and the customer’s instructions

We do not collect sensitive Personal Data unless you voluntarily provide it or a specific feature requires it (and then only with notice or consent as required).

How we use Personal Data

• Providing and securing the Services (account creation, authentication, access control, availability, incident response, fraud and abuse prevention).
• Operating, maintaining, and improving the Services (feature development, quality, usability, debugging, service analytics).
• Customer support (responding to requests, troubleshooting, training).
• Business operations (billing, accounting, audits, legal compliance, risk management).
• Communications and marketing (service notices, product updates, event invites, surveys; you can opt out of marketing at any time).
• Recruiting & hiring (evaluate candidates, schedule interviews, comply with law).
• Safety, security, and compliance (detect/prevent security incidents, enforce terms, respond to lawful requests).

Where GDPR/UK GDPR/Swiss laws apply, we rely on: contract necessity, legitimate interests (e.g., product security and improvement balanced against your rights), legal obligations, and consent (where required).

• We do not use Customer Content (e.g., evidence, workpapers, logs, documents you upload) to train foundation models or to build generalized AI systems without your written agreement.
• We may use aggregated or de-identified telemetry to improve reliability and safety (e.g., performance metrics, error codes), and we will not attempt to re-identify such data.
• Where we offer optional features that analyze content for your organization’s benefit (e.g., extraction, summarization), we act under your instructions and data remains scoped to your tenant unless you opt in to a clearly disclosed cross-customer program.
• We honor our public commitments around data usage; using customer data contrary to stated commitments can be an unfair or deceptive practice under U.S. law.

We and our providers use cookies, pixels, and similar technologies to remember settings, authenticate sessions, analyze usage, and (on public web pages) tailor content. Where required, we’ll request consent. You can manage preferences in our cookie banner and your browser.

Global Privacy Control (GPC). In jurisdictions where it’s legally required, if your browser sends a valid GPC signal, we will treat it as a request to opt out of “sale”/“sharing” (as defined under applicable state laws) for that browser.

We disclose Personal Data only as described:

• Service providers / processors: Hosting, storage, analytics, communications, customer support, threat detection, payment processing, recruiting.
• Enterprise Customers: To your organization (e.g., usage reports, admin controls).
• Affiliates: Within an AssureGrid corporate group for the purposes in this Policy.
• Business transfers: Merger, acquisition, financing, or sale of assets.
• Legal & safety: Comply with law, enforce terms, protect rights, respond to lawful requests (we attempt to notify affected customers unless prohibited).
• With your direction or consent: Integrations you enable, beta programs, references.

We do not sell Personal Data for money. On public web properties we may engage in activities that are deemed a “sale” or “sharing” under some state laws (e.g., third-party advertising/analytics cookies). You can opt out via our cookie controls or GPC as noted above.

We retain Personal Data for as long as needed to provide the Services and for legitimate business or legal purposes (e.g., to comply with retention laws, resolve disputes, maintain security logs). Customer Content retention follows your organization’s settings and our contract; we delete or return Customer Content upon termination or as otherwise agreed.

We implement administrative, technical, and physical safeguards designed to protect Personal Data, taking into account the sensitivity of the data and the current state of technology (e.g., encryption in transit, access controls, logging, vulnerability management, and employee training). No system is 100% secure; we maintain incident response procedures and will notify you of breaches as required by law.

We may process and store data in the United States and other countries. Where required, we use appropriate transfer mechanisms such as Standard Contractual Clauses (SCCs) or other lawful instruments, and supplement with risk assessments and safeguards. If we later participate in a recognized data-transfer framework, we will update this Policy accordingly.

Depending on where you live, you may have the rights to access, correct, delete, limit, port, object to, or opt out of certain processing (including targeted advertising, “sale”/“sharing,” and some types of profiling). You also may have the right to appeal a decision on your request.

How to submit a request: Email privacy@assuregrid.ai (or use the “Privacy Request” link in our footer). Please state your jurisdiction and the right you wish to exercise. We will verify your identity (and, for enterprise accounts, may route through your administrator). You may authorize an agent to submit requests where permitted by law, and we offer an appeals process for denials (we’ll provide reasons and instructions).

Browser-level opt-outs: Enable Global Privacy Control (GPC) in your browser; we will process it where legally required.

Our Services are not directed to children under 16, and we do not knowingly collect Personal Data from them. If you believe a child has provided Personal Data to us, contact privacy@assuregrid.ai and we will take appropriate steps.

For Customer Content (e.g., audit evidence, logs, screenshots, emails, exports) we act as a processor/service provider under applicable laws and our contract/DPA. Your organization controls access, retention, deletion, and integrations. We will: process only on documented instructions; maintain appropriate security measures; assist with data-subject requests that your organization receives; and flow down obligations to sub-processors and provide notice of material changes.

We do not respond to Do Not Track (DNT) signals (standards vary and are not widely adopted). We do honor Global Privacy Control (GPC) where required by law.

We may update this Policy to reflect changes to our practices, technologies, or legal requirements. If updates materially affect your rights, we will provide prominent notice (e.g., email to account owners or in-product banners) and note the new effective date.

AssureGrid, Inc.