1. Information We Collect

1.1 Information You Provide to Us

We collect information that you voluntarily provide when using our services, including:

• Account Information: Name, email address, username, password, and company details when you create an account
• Profile Information: Job title, department, contact information, and professional details
• Vendor Assessment Data: Information you submit about vendors, risk assessments, compliance documentation, and related business data
• Communications: Messages, feedback, and correspondence you send to us

1.2 Information Collected Automatically

When you access our platform, we automatically collect certain information, including:

• Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns
• Device Information: IP address, browser type, operating system, device identifiers, and network information
• Log Data: Access times, error logs, and system activity for security and operational purposes
• Cookies and Similar Technologies: Session identifiers and preferences to enhance your experience

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our vendor risk assessment platform
• Account Management: To create and manage your account, authenticate users, and provide customer support
• Security: To detect, prevent, and address security threats, fraud, and unauthorized access
• Communication: To send you service updates, security alerts, and administrative messages
• Analytics: To understand how users interact with our platform and improve functionality
• Compliance: To comply with legal obligations and enforce our terms of service
• Business Operations: To facilitate vendor assessments, risk management workflows, and reporting

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Within Your Organization

Information is shared with authorized users within your organization based on role-based access controls to facilitate collaboration on vendor assessments.

3.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating our platform, including:

• Cloud hosting and infrastructure providers (e.g., Amazon Web Services)
• Email delivery services for transactional communications
• Analytics and monitoring services for platform performance
• Security and fraud prevention services

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Respond to law enforcement requests

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

4. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption: Data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption
• Access Controls: Role-based access controls and multi-factor authentication options
• Password Security: Passwords are hashed using bcrypt with strong cryptographic algorithms
• Rate Limiting: Protection against brute-force attacks and unauthorized access attempts
• Audit Logging: Comprehensive logging of security-relevant events for monitoring and incident response
• Regular Security Assessments: Ongoing security reviews and vulnerability testing

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal, regulatory, or contractual obligations
• Resolve disputes and enforce our agreements
• Support business operations and analytics

When information is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal obligations
• Portability: Request a copy of your data in a structured, machine-readable format
• Objection: Object to certain processing activities
• Restriction: Request restriction of processing in certain circumstances

To exercise these rights, please contact us using the information provided below. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and keep you logged in
• Remember your preferences and settings
• Analyze platform usage and performance
• Enhance security and prevent fraud

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our platform.

8. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on our platform with a new "Last Updated" date
• Sending you an email notification if you have an active account
• Displaying a prominent notice on the platform

Your continued use of our services after changes become effective constitutes acceptance of the updated Privacy Policy.

12. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt-out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

13. European Privacy Rights

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR), including those outlined in Section 6 above. Our legal basis for processing your information includes:

• Contract Performance: Processing necessary to provide our services
• Legitimate Interests: Processing for security, analytics, and business operations
• Legal Compliance: Processing required by law
• Consent: Where you have provided explicit consent