Privacy Policy

To help explain things as clearly as possible in this Privacy Policy, every time any of these terms are referenced, they are strictly defined as:

• "Personal Information" means any information that identifies, relates to, describes, or is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
• "Service" refers to the Riskinmind software as a service platform.
• "User," "you," and "your" refers to the individual or entity accessing or using the Service.
• "Company" refers to Riskinmind.

We collect information that you provide directly to us, including:

• Account information (name, email address, password)
• Profile information (company name, job title, contact details)
• Usage data and analytics
• Communication preferences
• Payment information (processed securely through third-party providers)

We also automatically collect certain information when you use our Service, including IP address, browser type, operating system, and usage patterns.

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process transactions and send related information
• Send technical notices, updates, and support messages
• Respond to your comments and questions
• Communicate with you about products, services, and events
• Monitor and analyze trends, usage, and activities
• Detect, investigate, and prevent fraudulent transactions

For individuals located in the European Economic Area (EEA), the United Kingdom, or Switzerland, our processing of your personal information is based on the following legal grounds under the General Data Protection Regulation (GDPR):

• Contract performance (Article 6(1)(b)) – where processing is necessary to provide the Service, manage your account, and fulfill our contractual obligations to you.
• Consent (Article 6(1)(a)) – for example, when you opt in to receive marketing communications or allow us to use certain cookies and tracking technologies.
• Legitimate interests (Article 6(1)(f)) – such as improving the Service, preventing fraud and abuse, and securing our systems, provided that these interests are not overridden by your fundamental rights and freedoms.
• Legal obligations (Article 6(1)(c)) – where we are required to process data to comply with applicable laws, regulations, or court orders.

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except in the following circumstances:

• With service providers who assist in operating our Service
• To comply with legal obligations
• To protect our rights and safety
• In connection with a business transfer or merger

We use a number of trusted third-party service providers to help us operate and improve the Service. These providers act as data processors on our behalf and are bound by contractual obligations to protect your personal information in accordance with applicable data protection laws.

The types of processors we use include, for example:

• Analytics and performance tools (such as Google services, including Google Tag Manager, and Microsoft Clarity) to help us understand how the Service is used and to improve performance.
• Marketing and customer relationship tools (such as HubSpot) to manage communications, track product interest, and support customer engagement where you have consented to such processing.
• Cloud hosting and infrastructure providers that securely host our application, databases, and related services.
• Payment processors that securely process payment information on our behalf.
• Document storage and communication providers that enable us to store files and send transactional communications.

Where required, we enter into written Data Processing Agreements (DPAs) or equivalent contractual safeguards with these providers to ensure appropriate protection of your personal information, including for international data transfers.

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, including for the purposes of satisfying any legal, accounting, or reporting requirements. In general:

• Account and profile data is retained for the life of your account and for a limited period thereafter where required for legal or regulatory purposes.
• Marketing preferences and consents are retained until you withdraw your consent or object to such processing.
• Analytics and usage data is retained for a period that allows us to analyze usage trends and improve the Service, after which it is aggregated or anonymized.
• Contact and support communications are retained for a period necessary to respond to your request and maintain appropriate records of our interactions.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your information has been stored in backup archives), then we will securely store your information and isolate it from any further processing until deletion is possible.

Depending on your location and applicable law (including, for individuals in the EEA, UK, and Switzerland, the GDPR), you have the right to:

• Access the personal information we hold about you and obtain a copy of it.
• Request correction of inaccurate or incomplete personal information.
• Request deletion of your personal information in certain circumstances (the “right to be forgotten”).
• Object to or request restriction of the processing of your personal information in certain circumstances.
• Request data portability, where technically feasible, for information you have provided to us with your consent or for the performance of a contract.
• Withdraw your consent at any time where we rely on consent to process your personal information (this will not affect the lawfulness of processing before withdrawal).
• Opt out of marketing communications at any time by using the “unsubscribe” link in our emails or by contacting us.
• Lodge a complaint with your local data protection or supervisory authority if you believe we have infringed your data protection rights.

You can exercise many of these rights directly through your account settings within the Service (where available). You may also contact us at hello@riskinmind.ai with your request. We may need to verify your identity before responding and will respond within the timeframes required by applicable law.

We use cookies and similar tracking technologies to enhance your experience on our Service. You can control cookie settings through your browser preferences.

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Your information may be transferred to and processed in countries other than your own. In particular, your information may be processed in countries where our infrastructure, service providers, or partners are located, which may have data protection laws that are different from those in your country.

Where we transfer personal information from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection by the relevant authorities, we implement appropriate safeguards, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission or other relevant authorities.
• Contracts that include robust data protection obligations on our service providers.
• Technical and organizational measures designed to protect your personal information.

You may contact us if you would like more information about the specific safeguards applied to the export of your personal information.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

If you have any questions about this Privacy Policy, please contact us at: