GDPR GDPR Statement

The General Data Protection Regulation (GDPR) is a European Union regulation that protects the rights of data subjects in the European Economic Area (EEA), with respect to the processing of their as such term is defined in the GDPR. 


The website and platform are designed to meet the principles of the GDPR. Here are some of the actions we’ve taken to ensure our compliance with GDPR:

  • We limit the personal data we collect;
  • We have established a legal basis for the processing of that data;
  • We only retain personal data for a limited time period, after which, the data is deleted

What Personal Data is Collected and How it is Collected

Please see the Privacy policy, which describes the categories of information we process, the purposes for which we process personal data, and how we collect that personal data. 

How Long is Personal Data Retained

If you provide information to us to request a demo, we will keep that information for up to twelve months after your last communication with us.

We will keep personal information provided by customers for up to three months after the end of our business relationship and subject to our SaaS agreement.  All payment information will be deleted three months after processing, unless we are required by law to keep it longer. 

If you contact us directly using the contact information provided on the website, we will retain your contact information for a period of up to three months after we respond to your inquiry. After that, the communications will be deleted from our system, unless we are required by law to retain it longer.

Children’s Privacy

The website and platform were not developed or intended for individuals that are deemed to be children under applicable data protection or privacy laws, and we do not knowingly collect information from children.

If you are a user of the website or platform located in the EEA, we rely on legitimate interest as the legal basis for processing the personal data we collect via the website and platform.

Controller and Processor

Depending on which features you choose to use,,a Public Benefit Corporation is both Controller and Processor of personal data covered by the Privacy Policy for purposes of European data protection legislation.

If you choose to use the Vendor Risk Monitoring, Policy Change Detection, Vendor Lawsuit Alerts, Privacy Law Alerts, and Ask the Privacy Expert feature, is a Controller when the GDPR applies. 

If you choose to use the Consent Management or Subject Rights Management features, is Processor when the GDPR applies.’s Data Processing Addendum can be found.’s Data Processing Addendum applies only when required under the GDPR and does not apply to Customers who are currently in a trial evaluation period or who are using a free tier of service


In connection with the operation of our website, may engage third parties (each a “Subprocessor”) to process your personal data. As a condition of permitting a Subprocessor to process your personal data, will enter into a written agreement with each Subprocessor containing data protection obligations at least as protective as the technical and organizational measures has put into place to protect your personal data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access.