Privacy Policy
Effective Date: July 15, 2026 Last Updated: July 15, 2026
Welcome to ComplianceHQ.
This Privacy Policy explains how ComplianceHQ ("ComplianceHQ", "we", "our", or "us") collects, uses, stores, shares, transfers, and protects personal information when you access or use Enterprise ComplianceOS, our websites, products, services, applications, APIs, integrations, AI-powered features, events, communications, and related offerings.
At ComplianceHQ, we believe privacy, security, transparency, and trust are fundamental principles of modern governance and compliance. We are committed to handling personal information responsibly and in accordance with applicable data protection and privacy laws.
By accessing or using Enterprise ComplianceOS or any ComplianceHQ services, you acknowledge that you have read and understood this Privacy Policy.
1. About ComplianceHQ
ComplianceHQ is the provider of Enterprise ComplianceOS, an AI-powered Enterprise Governance, Risk & Compliance (eGRC) platform designed to help organizations manage compliance obligations, audits, risks, policies, controls, evidence, regulatory requirements, and governance processes.
Website: https://compliancehq.in
Contact Email: info@compliancehq.in
2. Scope of this Privacy Policy
This Privacy Policy applies to:
- Enterprise ComplianceOS
- ComplianceHQ websites
- Customer portals
- Mobile applications
- APIs and integrations
- AI-powered services
- Product demonstrations
- Marketing activities
- Events and webinars
- Customer support services
- Partner programs
This Privacy Policy does not apply to third-party services, websites, products, or platforms that are not owned or controlled by ComplianceHQ.
3. Our Role in Data Processing
Depending on the nature of the relationship, ComplianceHQ may act as either:
Data Controller / Data Fiduciary
ComplianceHQ acts as a controller or data fiduciary when processing information related to:
- Website visitors
- Prospective customers
- Marketing subscribers
- Event attendees
- Business contacts
- Partners
- Vendors
- Job applicants
In these situations, ComplianceHQ determines how and why personal information is processed.
Data Processor / Service Provider
When organizations use Enterprise ComplianceOS, ComplianceHQ generally acts as a processor or service provider on behalf of the customer.
In these cases:
- The customer controls the data.
- The customer determines the purpose of processing.
- The customer decides what information is uploaded into the Platform.
- ComplianceHQ processes information only to provide the services requested by the customer.
4. Information We Collect
Account Information
We may collect:
- Name
- Business email address
- Phone number
- Job title
- Department
- Organization name
- Profile information
- Authentication credentials
Organization Information
We may collect:
- Company details
- Industry information
- Business address
- Regulatory classifications
- Subscription details
- Billing information
Platform Data
Customers may upload or generate information including:
- Policies
- Procedures
- Audit reports
- Risk registers
- Compliance records
- Controls
- Evidence
- Corrective actions
- Vendor assessments
- Incident records
- Governance records
- Regulatory documentation
- Reports
- Training records
Technical Information
We may automatically collect:
- IP addresses
- Browser information
- Device information
- Operating system details
- Session information
- Usage analytics
- Performance metrics
- Security logs
User Activity Information
We may collect information regarding:
- Login events
- Authentication activity
- Searches
- Workflow actions
- Dashboard activity
- Feature usage
- Notifications
- Administrative actions
AI Interaction Data
When users interact with AI-powered features, we may process:
- User prompts
- Uploaded documents
- Questions submitted to AI systems
- AI-generated outputs
- Regulatory analysis requests
- Risk assessment requests
- Policy review requests
- Audit support requests
Integration Data
Where enabled by customers, ComplianceHQ may receive information from integrated systems including:
- Microsoft 365
- Google Workspace
- Slack
- Microsoft Teams
- AWS
- Azure
- Google Cloud
- GitHub
- GitLab
- Bitbucket
- Jira
- ServiceNow
- SAP
- Oracle
- Tally
- Zoho Books
- QuickBooks
- Other approved integrations
5. How We Use Information
We use information to:
Provide Services
- Deliver Platform functionality
- Manage user accounts
- Enable compliance workflows
- Support integrations
- Generate reports
- Provide customer support
Improve the Platform
- Enhance user experience
- Improve performance
- Develop new features
- Improve AI capabilities
- Analyze product usage
Security and Protection
- Prevent fraud
- Detect suspicious activity
- Investigate incidents
- Monitor system security
- Protect customer environments
Communications
- Send service notifications
- Respond to inquiries
- Provide support updates
- Share product announcements
- Deliver security notifications
Legal and Regulatory Compliance
- Meet legal obligations
- Respond to lawful requests
- Protect rights and interests
- Enforce agreements
6. AI Services and Intelligent Processing
Enterprise ComplianceOS includes AI-powered capabilities designed to assist organizations with governance, risk, compliance, audit, privacy, and regulatory management.
These capabilities may include:
- AI Copilot
- AI Regulation Parser
- AI Policy Analyzer
- AI Risk Analyzer
- AI Audit Assistant
- AI Evidence Collector
- AI Recommendation Engine
- AI Report Generator
- AI Knowledge Graph
Information submitted to AI-powered services may be processed to:
- Generate recommendations
- Analyze regulations
- Identify risks
- Map controls
- Generate reports
- Support audits
- Improve workflow efficiency
AI-generated outputs are designed to assist users and should not be considered legal, regulatory, accounting, tax, audit, investment, or professional advice.
Organizations remain responsible for reviewing and validating all AI-generated outputs before making decisions based on such information.
7. Legal Basis for Processing
Where applicable, ComplianceHQ processes personal information based on:
Contractual Necessity
To provide requested services and fulfill contractual obligations.
Legitimate Interests
To improve services, maintain security, prevent fraud, and operate our business.
Consent
Where consent is required by applicable law.
Legal Obligations
To comply with legal, regulatory, audit, tax, and governmental requirements.
Protection of Rights
To establish, exercise, or defend legal claims and protect legitimate interests.
8. Sharing of Information
ComplianceHQ does not sell personal information.
We may share information with:
Service Providers
Providers supporting:
- Hosting
- Infrastructure
- Security
- Monitoring
- Analytics
- Communications
- Customer support
Professional Advisors
- Auditors
- Lawyers
- Accountants
- Consultants
Regulatory Authorities
Where disclosure is required by law, court order, subpoena, regulatory request, or legal process.
Corporate Transactions
In connection with:
- Mergers
- Acquisitions
- Investments
- Financing transactions
- Business reorganizations
- Asset sales
9. International Data Transfers
ComplianceHQ may process information in multiple jurisdictions depending on service delivery requirements, infrastructure configurations, customer preferences, and business operations.
Where personal information is transferred internationally, ComplianceHQ implements appropriate safeguards designed to protect information and comply with applicable privacy and data protection requirements.
10. Data Retention
ComplianceHQ retains information only for as long as necessary to:
- Provide services
- Maintain business operations
- Comply with legal obligations
- Resolve disputes
- Enforce agreements
- Maintain security records
Retention periods may vary based on:
- Regulatory requirements
- Contractual commitments
- Customer instructions
- Operational requirements
Following expiration of applicable retention periods, information may be securely deleted, anonymized, or archived.
11. Security Measures
ComplianceHQ maintains administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, loss, misuse, or destruction.
Security measures may include:
- Encryption in transit
- Encryption at rest
- Role-based access controls
- Multi-factor authentication
- Audit logging
- Security monitoring
- Vulnerability management
- Incident response procedures
- Backup and recovery systems
- Access management controls
- Secure software development practices
While we employ reasonable safeguards, no system can guarantee absolute security.
12. Security Incident Management
ComplianceHQ maintains procedures for:
- Incident detection
- Investigation
- Containment
- Remediation
- Recovery
Where required by law or contract, affected customers will be notified of confirmed security incidents involving customer information within a reasonable timeframe.
13. Your Privacy Rights
Depending on applicable law, individuals may have rights including:
- Right to access information
- Right to correct information
- Right to delete information
- Right to restrict processing
- Right to object to processing
- Right to data portability
- Right to withdraw consent
- Right to grievance redressal
Requests may be submitted to:
Where ComplianceHQ acts solely as a processor on behalf of a customer, requests should generally be directed to the relevant customer organization.
14. Cookies and Similar Technologies
ComplianceHQ uses cookies and similar technologies to:
- Authenticate users
- Maintain sessions
- Remember preferences
- Improve performance
- Analyze usage patterns
- Enhance security
Users may manage cookie preferences through browser settings where available.
Additional details may be provided in our Cookie Policy.
15. Third-Party Services
Enterprise ComplianceOS may integrate with third-party platforms and services.
ComplianceHQ is not responsible for the privacy practices, content, or policies of third-party services.
Users should review the privacy policies of those services independently.
16. Children's Privacy
Enterprise ComplianceOS is intended for business and enterprise use.
Our services are not directed to children, and we do not knowingly collect personal information directly from children through our products or services.
17. Changes to this Privacy Policy
ComplianceHQ may update this Privacy Policy from time to time to reflect:
- Product enhancements
- Legal requirements
- Regulatory developments
- Operational changes
- Security improvements
Updated versions will be published on our website.
Continued use of our services following publication of changes constitutes acknowledgment of the updated Privacy Policy.
18. Contact Us
For privacy, security, compliance, or data protection inquiries, please contact:
ComplianceHQ
Website: https://compliancehq.in
Email: info@compliancehq.in
Our Privacy Commitment
At ComplianceHQ, trust is the foundation of governance, risk management, compliance, and responsible innovation.
We are committed to protecting information, respecting privacy rights, maintaining strong security practices, supporting regulatory compliance, and building technology that organizations can confidently rely upon.
By combining enterprise-grade security, responsible AI, transparent practices, and privacy-by-design principles, ComplianceHQ strives to be a trusted partner for organizations operating in an increasingly complex regulatory environment.
