We protect all customer data transmitted to the servers over public networks using strong encryption tools. All connections are mandated to the servers using Transport Layer Security (TLS 1.2/1.3) encryption with strong cyphers. This is for all connections including web access, and IMAP/POP/SMTP email client access.
Customer data is encrypted at rest using 256-bit Advanced Encryption Standard (AES).
Part I – Information RISC Compass collects and controls
We only collect the information that we actually need. Some of that is information that you actively give us when you sign up for an account, ask for customer support, buy or request something from us. We store your name and contact information, but we don't store credit card numbers (except with your permission and only in one of our secured payment gateways).
When you visit one of our websites or use our software, we automatically log some basic information like how you got to the site, where you navigated within it, and what features and settings you use. We use this information to improve our websites and services and to drive new product development.
What we do with your information
We use your information to provide the services you've requested, create and maintain your accounts, and keep an eye out for unauthorized activity on your accounts. We also use it to communicate with you about the products you're currently using, your customer support requests, new products you may like, chances for you to give us feedback, and policy updates. We analyze the information we collect to understand user needs and to improve our websites and services.
We're required to have a legal basis for collecting and processing your information. In most cases, we either have your consent or need the information to provide the service you've requested from us. When that's not the case, we must demonstrate that we have another legal basis, such as our legitimate business interests.
You can decline certain kinds of information use either by not providing the information in the first place or by opting out later. You can also disable cookies to prevent your browser from giving us information, but if you do so, certain website features may not work properly. Third-party cookies are disabled from all websites and products.
We limit access to your personal information to our employees and contractors who have a legitimate need to use it. If we share your information with other parties (like developers, service providers, domain registrars, and reselling partners), they must have appropriate security measures and a valid reason for using your information, typically to serve you.
The European Economic Area (EEA) provides certain rights to data subjects (including access, rectification, erasure, restriction of processing, data portability, and the right to object and to complain). We undertake to provide you the same rights no matter where you choose to live.
We keep your personal information for as long as it is required for the purposes stated in this Privacy Policy. When we no longer have a legitimate need to process your information, we will delete, anonymize, or isolate your information, whichever is appropriate.
Part II – Information that RISC Compass processes on your behalf
If you handle other people's data using RISC Compass, such as information about your customers or employees, you are entrusting that data to us for processing. The data you entrust to us for processing is called service data.
You own your service data. We protect it, limit access to it, and only process it according to your instructions. You may access it, share it through third-party integrations, and request that we export or delete it at any time.
We hold the data in your account as long as you choose to use RISC Compass. After you terminate your account, your data will be automatically deleted from our active database within 6 months and from our backups within 3 months after that.
If you are in the European Economic Area and you believe that someone has entrusted your information to us for processing (for instance, your employer or a company whose services you use), you can request certain actions from us regarding your data. To exercise those data rights, please contact the person or company that entrusted the data to us and we will work with them on your request.
Part III – General
There are some limitations to the privacy we can promise you. We will disclose personal information if it's necessary to comply with a legal obligation, prevent fraud, enforce an agreement, or protect our users' safety. We do not currently honor Do Not Track signals from internet browsers; when a universal standard for processing them emerges, we will follow it.
Third-party websites and social media widgets have their own separate privacy policies. Always check the relevant privacy policy before sharing personal information with third parties.
You can always contact us to: ask questions about our privacy practices, request a GDPR-compliant Data Processing Addendum, alert us if you believe we have collected personal data from a minor, or ask to have your personal information removed from our blogs or forums. You can also check the Security Policy, Compliance Certifications and Privacy Policy of Zoho, a Software as a Service (SaaS) we use as the framework to create our custom applications.
We will contact you to let you know if we make any major changes to our privacy policy, or in the highly unlikely event that we ever decide to sell our business.
