Your Privacy Matters: PolicyGen Compliance is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information.
1. Introduction
PolicyGen Compliance ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains:
- What information we collect
- How we use your information
- Your rights regarding your data
- How we protect your information
2. Information We Collect
2.1 Information You Provide
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Name, email, password | Account creation and authentication |
| Business Information | Company name, website URLs | Website compliance scanning and monitoring |
| Payment Information | Credit card, billing address | Processing payments (via Stripe) |
| Website Scan Data | URLs scanned, scan results, compliance scores | Providing compliance analysis and monitoring |
| Policy Document Data | Information entered in document forms (future feature) | Generating compliance documents when available |
| Communications | Support messages, feedback | Customer support |
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent
- Device Information: Browser type, operating system, IP address
- Cookies: Small files stored on your device (see Cookie Policy)
- Analytics: How you interact with our Service
2.3 Information from Third Parties
If you sign up using Google or GitHub, we receive:
- Name and email address
- Profile picture (optional)
- No access to your passwords or private data
3. How We Use Your Information
3.1 Primary Uses
- Service Delivery: Scan websites for compliance, monitor compliance status, send alerts, provide recommendations
- Account Management: Create and maintain your account
- Payment Processing: Charge for services, handle refunds
- Communication: Send transactional emails, compliance alerts, updates, support responses
- Improvement: Analyze usage to improve our Service
- Security: Detect fraud, prevent abuse, ensure platform security
3.1.1 Website Scanning Service
When you use our compliance scanner:
- We fetch and analyze publicly available information from the websites you provide
- We store scan results, compliance scores, and recommendations in our database
- For paid monitoring plans, we automatically re-scan your websites and send alerts about compliance changes
- We do NOT store private user data from scanned websites (only public information like policy links)
3.2 Marketing (With Your Consent)
- Send newsletters about new features
- Promotional offers and discounts
- Product updates and tips
You can opt out at any time using the unsubscribe link in emails.
4. How We Share Your Information
We do NOT sell your personal information. We only share data with trusted partners as described below.
4.1 Service Providers
| Provider | Service | Data Shared |
|---|---|---|
| Stripe | Payment processing | Payment info, billing address |
| Google Analytics | Usage analytics | Anonymized usage data |
| Amazon AWS | Hosting & storage | All service data |
| SendGrid | Email delivery | Email address, name |
4.2 Legal Requirements
We may disclose information if required by law or to:
- Comply with legal processes (subpoenas, court orders)
- Protect our rights and property
- Prevent fraud or security threats
- Protect user safety
4.3 Business Transfers
If PolicyGen Compliance is acquired or merged, your information may be transferred to the new entity.
5. Data Retention
We retain your information for as long as necessary to provide services:
- Active accounts: Data retained while account is active
- Deleted accounts: Most data deleted within 30 days
- Legal requirements: Some data retained for tax/legal compliance (typically 7 years)
- Backups: May persist in backups for up to 90 days
6. Your Rights
6.1 GDPR Compliance
We comply with the General Data Protection Regulation (GDPR) for all users in the European Economic Area (EEA). As a data controller, we process your personal data based on lawful basis including legitimate interest for service delivery and your consent for marketing communications. When we work with third-party service providers who process data on our behalf, they act as data processors under our instructions.
Under GDPR, you have comprehensive data subject rights including:
- Right to access: Request a copy of your personal data we hold
- Right to rectification: Correct any inaccurate or incomplete data
- Right to erasure (right to be forgotten): Request deletion of your personal data under certain circumstances
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to restriction: Limit how we process your personal data
- Right to object: Object to data processing based on legitimate interest
- Right to withdraw consent: Opt out of marketing communications at any time
6.2 CCPA Rights (California Users)
- Know: What personal information we collect
- Delete: Request deletion of your data
- Opt-Out: We don't sell data (nothing to opt out of)
- Non-Discrimination: Equal service regardless of privacy choices
6.3 How to Exercise Your Rights
Email us at [email protected] with your request. We'll respond within 30 days.
7. Data Security
We implement industry-standard security measures:
- Encryption: SSL/TLS for data in transit
- Secure Storage: Encrypted databases
- Access Controls: Limited employee access
- Regular Audits: Security assessments and updates
- Payment Security: PCI-DSS compliant via Stripe
No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Cookies and Tracking
8.1 Types of Cookies We Use
- Essential Cookies: Required for service functionality (login, security)
- Analytics Cookies: Help us understand usage (Google Analytics)
- Preference Cookies: Remember your settings
- Marketing Cookies: Track ad effectiveness (with consent)
8.2 Managing Cookies
You can control cookies through your browser settings. Note that disabling essential cookies may affect service functionality.
9. Children's Privacy
PolicyGen Compliance is not intended for users under 18. We do not knowingly collect data from children. If you believe we have collected data from a minor, contact us immediately.
10. International Data Transfers
PolicyGen Compliance is based in the United States. If you access our Service from outside the US:
- Your data may be transferred to and stored in the US
- We comply with applicable data protection laws
- We use standard contractual clauses for EU transfers
11. Third-Party Links
Our Service may contain links to third-party websites. We are not responsible for their privacy practices. Review their privacy policies before providing information.
12. Changes to This Policy
We may update this Privacy Policy periodically. We'll notify you of significant changes via:
- Email notification
- Notice on our website
- In-app notification
Continued use after changes constitutes acceptance.
13. Data Protection Officer
For privacy-related inquiries, contact our Data Protection Officer:
Email: [email protected]
14. Complaints
If you believe we've mishandled your data, you have the right to lodge a complaint with your local data protection authority:
- EU: Your local supervisory authority
- US (California): California Attorney General
- UK: Information Commissioner's Office (ICO)
Contact Us
If you have questions about this Privacy Policy or our data practices:
Email: [email protected]
Website: https://policygen.org
Summary: We collect necessary information to provide our service, protect your data with industry-standard security, don't sell your information, and respect your privacy rights. You control your data and can request access, correction, or deletion at any time.