Legal
Privacy Policy
Last updated: July 7, 2026 · Maintained by SecureWise AI
1. Introduction
SecureWise AI ("SecureWise", "we", "us") provides a governance, risk, and compliance (GRC) platform that helps organizations manage controls, evidence, audits, and regulatory frameworks. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our website, applications, and services (collectively, the "Services"). This page is maintained by SecureWise AI to answer common privacy questions about the Services and is not an independent certification.
2. Data We Collect
- Account data: name, work email, organization, role, and authentication identifiers.
- Workspace content: controls, policies, risks, evidence files, audit findings, questionnaire responses, and other content you upload.
- Usage data: pages viewed, features used, timestamps, IP address, browser, device, and diagnostic logs.
- Communications: support messages, demo requests, and correspondence with our team.
- Cookies & similar tech: strictly necessary cookies for authentication and session management; optional analytics cookies where enabled.
3. How We Use Data
- Provide, operate, secure, and improve the Services.
- Authenticate users and enforce multi-tenant isolation.
- Run AI-assisted compliance workflows (e.g., gap analysis, control mapping, assistant responses) grounded in your workspace data.
- Communicate about your account, product updates, and security notices.
- Meet legal, regulatory, tax, audit, and contractual obligations.
- Detect, investigate, and prevent fraud, abuse, and security incidents.
4. Legal Bases (GDPR / UK GDPR)
Where applicable, we process personal data under one or more of the following legal bases: performance of a contract, legitimate interests (e.g., security and product improvement), compliance with a legal obligation, and consent (where required, such as for optional analytics or marketing).
5. Sharing & Subprocessors
We do not sell personal data. We share data only with vetted subprocessors who help us operate the Services under contractual data protection commitments, including:
- Cloud infrastructure and database hosting providers.
- Authentication, storage, and email delivery providers.
- AI model providers used to power in-product AI features on your workspace data.
- Analytics, error monitoring, and customer support tooling.
6. International Transfers
Personal data may be processed in countries other than where you reside. Where required, we rely on Standard Contractual Clauses, the UK IDTA, or equivalent transfer mechanisms to ensure an adequate level of protection.
7. Retention
We retain personal data only for as long as necessary to provide the Services, meet legal, tax, audit, or accounting obligations, or resolve disputes. Workspace content is retained for the life of your subscription and deleted within 30 days after termination, unless a longer retention period is required by law.
8. Security
We implement administrative, technical, and organizational safeguards including encryption in transit (TLS 1.2+), encryption at rest, tenant isolation via row-level security, least-privilege access controls, audit logging, and continuous monitoring. See our Security page for more detail. No system can guarantee absolute security.
9. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent. To exercise these rights, contact privacy@securewise.io. You also have the right to lodge a complaint with your local supervisory authority.
10. Children
The Services are not directed to children under 16, and we do not knowingly collect personal data from children.
11. Changes
We may update this Policy from time to time. Material changes will be communicated via the Services or by email. Continued use of the Services after an update constitutes acceptance of the revised Policy.
12. Contact
Data Controller: SecureWise AI · privacy@securewise.io · Contact us
