ComplianceEngine
Sign inStart assessment
Placeholder text. Final legal copy is being prepared by the board / outside counsel and will replace this page before public launch on 2026-05-20. See COM-1 for the legal-text sourcing ask.

Privacy Policy

Last updated: pending board-supplied text.

What we collect

  • Account data (name, email) supplied during sign-up and managed by Clerk.
  • Billing data (last four digits, billing address) processed by Stripe — we do not store card numbers.
  • Assessment content and uploaded evidence files, stored in tenant-isolated Supabase Storage.
  • Standard server logs (IP, user agent, request paths) for security and uptime monitoring.
  • Error telemetry via Sentry (stack traces, request context). PII is scrubbed where feasible.

How we use it

  • To operate the Service, render your SSP / POA&M, and provide customer support.
  • To bill you and prevent fraud.
  • To debug, secure, and improve the Service.
  • We do not sell your data. We do not use customer assessment content to train any third-party model.

Sub-processors

  • Clerk (authentication)
  • Supabase (database, storage)
  • Stripe (billing)
  • Vercel (hosting)
  • Sentry (error monitoring)

Retention

Active accounts: data is retained while your subscription is active. Closed accounts: data is available for export for 30 days post-cancellation, then deleted within 60 days unless legally required to retain.

Your rights

You may request access, correction, or deletion of your data at support@compliance-engine.example (placeholder). California, EU/UK, and other jurisdiction-specific rights apply where applicable.

Contact

support@compliance-engine.example (placeholder).