Privacy Policy

Last updated: July 15, 2026

Privacy Policy

Effective Date: July 15, 2026 Last Updated: July 15, 2026

Welcome to ComplianceHQ.

This Privacy Policy explains how ComplianceHQ ("ComplianceHQ", "we", "our", or "us") collects, uses, stores, shares, transfers, and protects personal information when you access or use Enterprise ComplianceOS, our websites, products, services, applications, APIs, integrations, AI-powered features, events, communications, and related offerings.

At ComplianceHQ, we believe privacy, security, transparency, and trust are fundamental principles of modern governance and compliance. We are committed to handling personal information responsibly and in accordance with applicable data protection and privacy laws.

By accessing or using Enterprise ComplianceOS or any ComplianceHQ services, you acknowledge that you have read and understood this Privacy Policy.


1. About ComplianceHQ

ComplianceHQ is the provider of Enterprise ComplianceOS, an AI-powered Enterprise Governance, Risk & Compliance (eGRC) platform designed to help organizations manage compliance obligations, audits, risks, policies, controls, evidence, regulatory requirements, and governance processes.

Website: https://compliancehq.in

Contact Email: info@compliancehq.in


2. Scope of this Privacy Policy

This Privacy Policy applies to:

  • Enterprise ComplianceOS
  • ComplianceHQ websites
  • Customer portals
  • Mobile applications
  • APIs and integrations
  • AI-powered services
  • Product demonstrations
  • Marketing activities
  • Events and webinars
  • Customer support services
  • Partner programs

This Privacy Policy does not apply to third-party services, websites, products, or platforms that are not owned or controlled by ComplianceHQ.


3. Our Role in Data Processing

Depending on the nature of the relationship, ComplianceHQ may act as either:

Data Controller / Data Fiduciary

ComplianceHQ acts as a controller or data fiduciary when processing information related to:

  • Website visitors
  • Prospective customers
  • Marketing subscribers
  • Event attendees
  • Business contacts
  • Partners
  • Vendors
  • Job applicants

In these situations, ComplianceHQ determines how and why personal information is processed.


Data Processor / Service Provider

When organizations use Enterprise ComplianceOS, ComplianceHQ generally acts as a processor or service provider on behalf of the customer.

In these cases:

  • The customer controls the data.
  • The customer determines the purpose of processing.
  • The customer decides what information is uploaded into the Platform.
  • ComplianceHQ processes information only to provide the services requested by the customer.

4. Information We Collect

Account Information

We may collect:

  • Name
  • Business email address
  • Phone number
  • Job title
  • Department
  • Organization name
  • Profile information
  • Authentication credentials

Organization Information

We may collect:

  • Company details
  • Industry information
  • Business address
  • Regulatory classifications
  • Subscription details
  • Billing information

Platform Data

Customers may upload or generate information including:

  • Policies
  • Procedures
  • Audit reports
  • Risk registers
  • Compliance records
  • Controls
  • Evidence
  • Corrective actions
  • Vendor assessments
  • Incident records
  • Governance records
  • Regulatory documentation
  • Reports
  • Training records

Technical Information

We may automatically collect:

  • IP addresses
  • Browser information
  • Device information
  • Operating system details
  • Session information
  • Usage analytics
  • Performance metrics
  • Security logs

User Activity Information

We may collect information regarding:

  • Login events
  • Authentication activity
  • Searches
  • Workflow actions
  • Dashboard activity
  • Feature usage
  • Notifications
  • Administrative actions

AI Interaction Data

When users interact with AI-powered features, we may process:

  • User prompts
  • Uploaded documents
  • Questions submitted to AI systems
  • AI-generated outputs
  • Regulatory analysis requests
  • Risk assessment requests
  • Policy review requests
  • Audit support requests

Integration Data

Where enabled by customers, ComplianceHQ may receive information from integrated systems including:

  • Microsoft 365
  • Google Workspace
  • Slack
  • Microsoft Teams
  • AWS
  • Azure
  • Google Cloud
  • GitHub
  • GitLab
  • Bitbucket
  • Jira
  • ServiceNow
  • SAP
  • Oracle
  • Tally
  • Zoho Books
  • QuickBooks
  • Other approved integrations

5. How We Use Information

We use information to:

Provide Services

  • Deliver Platform functionality
  • Manage user accounts
  • Enable compliance workflows
  • Support integrations
  • Generate reports
  • Provide customer support

Improve the Platform

  • Enhance user experience
  • Improve performance
  • Develop new features
  • Improve AI capabilities
  • Analyze product usage

Security and Protection

  • Prevent fraud
  • Detect suspicious activity
  • Investigate incidents
  • Monitor system security
  • Protect customer environments

Communications

  • Send service notifications
  • Respond to inquiries
  • Provide support updates
  • Share product announcements
  • Deliver security notifications

Legal and Regulatory Compliance

  • Meet legal obligations
  • Respond to lawful requests
  • Protect rights and interests
  • Enforce agreements

6. AI Services and Intelligent Processing

Enterprise ComplianceOS includes AI-powered capabilities designed to assist organizations with governance, risk, compliance, audit, privacy, and regulatory management.

These capabilities may include:

  • AI Copilot
  • AI Regulation Parser
  • AI Policy Analyzer
  • AI Risk Analyzer
  • AI Audit Assistant
  • AI Evidence Collector
  • AI Recommendation Engine
  • AI Report Generator
  • AI Knowledge Graph

Information submitted to AI-powered services may be processed to:

  • Generate recommendations
  • Analyze regulations
  • Identify risks
  • Map controls
  • Generate reports
  • Support audits
  • Improve workflow efficiency

AI-generated outputs are designed to assist users and should not be considered legal, regulatory, accounting, tax, audit, investment, or professional advice.

Organizations remain responsible for reviewing and validating all AI-generated outputs before making decisions based on such information.


7. Legal Basis for Processing

Where applicable, ComplianceHQ processes personal information based on:

Contractual Necessity

To provide requested services and fulfill contractual obligations.

Legitimate Interests

To improve services, maintain security, prevent fraud, and operate our business.

Consent

Where consent is required by applicable law.

Legal Obligations

To comply with legal, regulatory, audit, tax, and governmental requirements.

Protection of Rights

To establish, exercise, or defend legal claims and protect legitimate interests.


8. Sharing of Information

ComplianceHQ does not sell personal information.

We may share information with:

Service Providers

Providers supporting:

  • Hosting
  • Infrastructure
  • Security
  • Monitoring
  • Analytics
  • Communications
  • Customer support

Professional Advisors

  • Auditors
  • Lawyers
  • Accountants
  • Consultants

Regulatory Authorities

Where disclosure is required by law, court order, subpoena, regulatory request, or legal process.

Corporate Transactions

In connection with:

  • Mergers
  • Acquisitions
  • Investments
  • Financing transactions
  • Business reorganizations
  • Asset sales

9. International Data Transfers

ComplianceHQ may process information in multiple jurisdictions depending on service delivery requirements, infrastructure configurations, customer preferences, and business operations.

Where personal information is transferred internationally, ComplianceHQ implements appropriate safeguards designed to protect information and comply with applicable privacy and data protection requirements.


10. Data Retention

ComplianceHQ retains information only for as long as necessary to:

  • Provide services
  • Maintain business operations
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements
  • Maintain security records

Retention periods may vary based on:

  • Regulatory requirements
  • Contractual commitments
  • Customer instructions
  • Operational requirements

Following expiration of applicable retention periods, information may be securely deleted, anonymized, or archived.


11. Security Measures

ComplianceHQ maintains administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, loss, misuse, or destruction.

Security measures may include:

  • Encryption in transit
  • Encryption at rest
  • Role-based access controls
  • Multi-factor authentication
  • Audit logging
  • Security monitoring
  • Vulnerability management
  • Incident response procedures
  • Backup and recovery systems
  • Access management controls
  • Secure software development practices

While we employ reasonable safeguards, no system can guarantee absolute security.


12. Security Incident Management

ComplianceHQ maintains procedures for:

  • Incident detection
  • Investigation
  • Containment
  • Remediation
  • Recovery

Where required by law or contract, affected customers will be notified of confirmed security incidents involving customer information within a reasonable timeframe.


13. Your Privacy Rights

Depending on applicable law, individuals may have rights including:

  • Right to access information
  • Right to correct information
  • Right to delete information
  • Right to restrict processing
  • Right to object to processing
  • Right to data portability
  • Right to withdraw consent
  • Right to grievance redressal

Requests may be submitted to:

info@compliancehq.in

Where ComplianceHQ acts solely as a processor on behalf of a customer, requests should generally be directed to the relevant customer organization.


14. Cookies and Similar Technologies

ComplianceHQ uses cookies and similar technologies to:

  • Authenticate users
  • Maintain sessions
  • Remember preferences
  • Improve performance
  • Analyze usage patterns
  • Enhance security

Users may manage cookie preferences through browser settings where available.

Additional details may be provided in our Cookie Policy.


15. Third-Party Services

Enterprise ComplianceOS may integrate with third-party platforms and services.

ComplianceHQ is not responsible for the privacy practices, content, or policies of third-party services.

Users should review the privacy policies of those services independently.


16. Children's Privacy

Enterprise ComplianceOS is intended for business and enterprise use.

Our services are not directed to children, and we do not knowingly collect personal information directly from children through our products or services.


17. Changes to this Privacy Policy

ComplianceHQ may update this Privacy Policy from time to time to reflect:

  • Product enhancements
  • Legal requirements
  • Regulatory developments
  • Operational changes
  • Security improvements

Updated versions will be published on our website.

Continued use of our services following publication of changes constitutes acknowledgment of the updated Privacy Policy.


18. Contact Us

For privacy, security, compliance, or data protection inquiries, please contact:

ComplianceHQ

Website: https://compliancehq.in

Email: info@compliancehq.in


Our Privacy Commitment

At ComplianceHQ, trust is the foundation of governance, risk management, compliance, and responsible innovation.

We are committed to protecting information, respecting privacy rights, maintaining strong security practices, supporting regulatory compliance, and building technology that organizations can confidently rely upon.

By combining enterprise-grade security, responsible AI, transparent practices, and privacy-by-design principles, ComplianceHQ strives to be a trusted partner for organizations operating in an increasingly complex regulatory environment.