Privacy Policy

Contents

Who We Are
Information We Collect
How We Use It
Data Sharing
Data Security
Data Retention
Your Rights
Cookies
International Transfers
AI & Your Data
Contact Us

🔒

Short version: Your audit data is yours. We never sell it, never use it to train AI models, and you can delete it anytime. We take that responsibility seriously.

1. Who We Are

AssurAI is operated by AssurAI Inc., a Delaware C-Corporation, operating from San Jose, California, USA. We provide an AI-native GRC platform for audit, compliance, and risk professionals.

Data Controller: AssurAI Inc. · San Jose, California
Privacy contact: privacy@getassurai.com

2. Information We Collect

Account Information

Name, email, company name, and role when you create an account.

Usage Data

Features accessed, AI tools used, session duration — used to improve the platform.

Audit & Compliance Data

Controls, evidence, findings, and workpapers you create. This data belongs entirely to you.

Evidence Files

Documents uploaded are processed by AI, stored encrypted, and never shared or used for training.

Technical Data

IP address, browser type, device information, and cookies for security and functionality.

3. How We Use Your Information

Purpose	Legal Basis
Providing and improving AssurAI	Contract performance
Processing AI requests on your behalf	Contract performance
Service notifications and updates	Contract performance
Security monitoring and fraud prevention	Legitimate interest
Product analytics	Legitimate interest
Marketing emails (with consent)	Consent
Legal compliance	Legal obligation

5. Data Security

All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
Row-level security (RLS) ensures strict data isolation between organisations
SOC 2 compliance in progress
Regular security assessments and penetration testing
Multi-factor authentication available
Breach notification within 72 hours (GDPR)

Full details at getassurai.com/security.

6. Data Retention

We retain your data while your account is active. On cancellation:

Data retained 90 days to allow reactivation
After 90 days — all personal data permanently deleted
Immediate deletion available on request at any time

7. Your Rights

Depending on your location you may have rights to access, correct, delete, port, restrict, or object to processing of your data, and to withdraw consent at any time.

Email privacy@getassurai.com. We respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management, and Google Analytics 4 for product analytics. You can control cookies via browser settings.

9. International Data Transfers

AssurAI is based in the United States. EEA, UK, and Swiss users: transfers to the US are covered by Standard Contractual Clauses (SCCs) with all sub-processors. For our DPA, email privacy@getassurai.com.

10. AI & Your Data

🤖

Your data is never used to train AI models. When you use AssurAI's AI features, your documents and queries are processed to generate outputs for you — and only you. This is contractually guaranteed with Anthropic.

11. Contact Us

Privacy requests: privacy@getassurai.com
General: hello@getassurai.com

EU/UK residents: if we haven't resolved your concern, you may complain to your local data protection authority.

Privacy questions?

We respond to every privacy request within 30 days.

privacy@getassurai.com

1. Who We Are

2. Information We Collect

Account Information

Usage Data

Audit & Compliance Data

Evidence Files

Technical Data

3. How We Use Your Information

4. Data Sharing

5. Data Security

6. Data Retention

7. Your Rights

8. Cookies

9. International Data Transfers

10. AI & Your Data

11. Contact Us

Privacy questions?