GraphLetter Logo
Graphletter

Privacy Policy

Last updated: January 2024

1. Information We Collect

Personal Information

We collect personal information you provide directly to us, such as when you create an account, use our services, or contact us. This may include your name, email address, company information, and other contact details.

Usage Data

We automatically collect information about how you use our platform, including your interactions with features, pages visited, time spent on the platform, and other usage patterns.

Compliance Data

We collect and process compliance-related information you upload or enter into our platform, including evidence documents, assessment data, and framework mappings.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our compliance management services
  • Process compliance assessments and generate reports
  • Communicate with you about your account and our services
  • Ensure platform security and prevent fraud
  • Comply with legal obligations and regulatory requirements
  • Analyze usage patterns to enhance user experience
3. Information Sharing and Disclosure

Service Providers

We may share information with third-party service providers who perform services on our behalf, such as hosting, data analysis, and customer support.

Legal Compliance

We may disclose information if required by law or in response to valid legal requests from government authorities.

Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication mechanisms
  • Employee training on data protection practices
  • Incident response procedures
5. Data Retention

We retain personal information for as long as necessary to provide our services and fulfill the purposes outlined in this privacy policy. Compliance data may be retained for longer periods as required by applicable regulations or legitimate business purposes.

6. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access to your personal information
  • Correction of inaccurate or incomplete data
  • Deletion of your personal information
  • Restriction of processing
  • Data portability
  • Objection to processing based on legitimate interests

To exercise these rights, please contact us at privacy@graphletter.com.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last updated" date.

9. Contact Us

If you have questions about this privacy policy or our data practices, please contact us:

Email: privacy@graphletter.com

Address: 1 Southwark Bridge, London SE1 9HL, United Kingdom

Phone: +44 20 7123 4567