Legal

Privacy Policy

Last updated: July 7, 2026 · Maintained by SecureWise AI

1. Introduction

SecureWise AI ("SecureWise", "we", "us") provides a governance, risk, and compliance (GRC) platform that helps organizations manage controls, evidence, audits, and regulatory frameworks. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our website, applications, and services (collectively, the "Services"). This page is maintained by SecureWise AI to answer common privacy questions about the Services and is not an independent certification.

2. Data We Collect

  • Account data: name, work email, organization, role, and authentication identifiers.
  • Workspace content: controls, policies, risks, evidence files, audit findings, questionnaire responses, and other content you upload.
  • Usage data: pages viewed, features used, timestamps, IP address, browser, device, and diagnostic logs.
  • Communications: support messages, demo requests, and correspondence with our team.
  • Cookies & similar tech: strictly necessary cookies for authentication and session management; optional analytics cookies where enabled.

3. How We Use Data

  • Provide, operate, secure, and improve the Services.
  • Authenticate users and enforce multi-tenant isolation.
  • Run AI-assisted compliance workflows (e.g., gap analysis, control mapping, assistant responses) grounded in your workspace data.
  • Communicate about your account, product updates, and security notices.
  • Meet legal, regulatory, tax, audit, and contractual obligations.
  • Detect, investigate, and prevent fraud, abuse, and security incidents.

4. Legal Bases (GDPR / UK GDPR)

Where applicable, we process personal data under one or more of the following legal bases: performance of a contract, legitimate interests (e.g., security and product improvement), compliance with a legal obligation, and consent (where required, such as for optional analytics or marketing).

5. Sharing & Subprocessors

We do not sell personal data. We share data only with vetted subprocessors who help us operate the Services under contractual data protection commitments, including:
  • Cloud infrastructure and database hosting providers.
  • Authentication, storage, and email delivery providers.
  • AI model providers used to power in-product AI features on your workspace data.
  • Analytics, error monitoring, and customer support tooling.
A current list of subprocessors is available upon request at privacy@securewise.io.

6. International Transfers

Personal data may be processed in countries other than where you reside. Where required, we rely on Standard Contractual Clauses, the UK IDTA, or equivalent transfer mechanisms to ensure an adequate level of protection.

7. Retention

We retain personal data only for as long as necessary to provide the Services, meet legal, tax, audit, or accounting obligations, or resolve disputes. Workspace content is retained for the life of your subscription and deleted within 30 days after termination, unless a longer retention period is required by law.

8. Security

We implement administrative, technical, and organizational safeguards including encryption in transit (TLS 1.2+), encryption at rest, tenant isolation via row-level security, least-privilege access controls, audit logging, and continuous monitoring. See our Security page for more detail. No system can guarantee absolute security.

9. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent. To exercise these rights, contact privacy@securewise.io. You also have the right to lodge a complaint with your local supervisory authority.

10. Children

The Services are not directed to children under 16, and we do not knowingly collect personal data from children.

11. Changes

We may update this Policy from time to time. Material changes will be communicated via the Services or by email. Continued use of the Services after an update constitutes acceptance of the revised Policy.

12. Contact

Data Controller: SecureWise AI · privacy@securewise.io · Contact us