Privacy Policy

Effective: May 2026

1. What we collect

When you create a workspace, we collect your email address, company name, and the product profiles you choose to upload for compliance analysis. We collect page-view analytics (which pages you visit) to understand how the product is used.

We never sell your data. We never share your compliance evidence or gap analysis results with third parties.

2. How we use it

Your data is used exclusively to:

3. Who we share with

We share the minimum necessary data with:

4. Your rights

You have the right to:

To exercise any of these rights, email privacy@regulink.xyz.

5. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys are stored as SHA-256 hashes — plaintext keys are never persisted. Evidence artifacts are logically isolated per workspace and retained for 90 days by default.

6. Cookies

We use a single cookie to remember your cookie consent preference. We do not use third-party tracking cookies or advertising pixels.

7. Updates

If we change this policy, we will notify you by email and update the effective date above. Continued use of the platform after changes constitutes acceptance.

Questions? privacy@regulink.xyz