Privacy Policy

Privacy Overview

I respect your privacy. This Privacy Policy explains how RiskRegisterHQ collects, uses, and protects your personal information when you use RiskRegisterHQ Cloud. Please read this policy carefully.

Key Principle: I collect only the minimal information necessary to provide RiskRegisterHQ Cloud. I do not sell your personal data.

1. Information Collection

Information You Provide

I collect information you voluntarily provide:

• • Account Information: Email, name, organization name, phone number (optional)
• • Payment Information: Billing address, payment method details (processed by Paddle, I don't store full card numbers)
• • Communication Data: Messages, support requests, feedback, and feature requests
• • Profile Data: Profile picture, bio, preferences

Automatically Collected Information

I automatically collect certain information when you use RiskRegisterHQ Cloud:

• • Device Information: Device type, operating system, browser type, IP address
• • Usage Data: Features accessed, pages visited, time spent, actions taken, login frequency
• • Technical Data: Error logs, crash reports, performance metrics
• • Location Data: Approximate location based on IP address

Cookies & Tracking Technologies

RiskRegisterHQ Cloud uses cookies and similar tracking technologies:

• • Essential Cookies: For authentication and session management
• • Preference Cookies: To remember your settings and preferences
• • Analytics Cookies: Google Analytics to understand usage patterns

What I Do NOT Collect

• • Your risk register data content (you own this)
• • Sensitive personal data (SSN, medical records, financial information beyond payment)
• • Data from individuals under 18 (intentionally)
• • Biometric or genetic data

2. How I Use Your Information

I use collected information for these purposes:

• • Service Delivery: Providing and maintaining RiskRegisterHQ Cloud
• • Account Management: Creating and managing your account, authentication, password reset
• • Payment Processing: Billing, subscription management (via Paddle)
• • Communication: Responding to your inquiries, sending service announcements and updates
• • Service Improvement: Analyzing usage patterns, identifying bugs, optimizing performance
• • Fraud Prevention: Detecting and preventing fraudulent or abusive activity
• • Legal Compliance: Complying with laws, regulations, and legal obligations

Marketing Communications: I do not send marketing emails without your explicit consent. You can opt out of promotional communications at any time.

3. Data Sharing

I do not sell or share your personal information with third parties except in these limited cases:

Service Providers

• • Paddle: Payment processor (handles billing, complies with PCI-DSS)
• • Google Analytics: Website analytics (anonymized data only)
• • Email Providers: For sending transactional emails (confirmation, receipts)

Legal Requirements

I may disclose your information if required by law, court order, government request, or to protect rights, privacy, safety, or property.

Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the Bahrain. These countries may have different data protection laws.

No Consent Required For:

• • Service providers necessary to operate the platform
• • Legal or regulatory requirements
• • Protection of rights, safety, or property

4. Security & Data Protection

I implement industry-standard security measures:

• • Encryption in Transit: 256-bit TLS/SSL for all data transmission
• • Encryption at Rest: Encryption for sensitive personal data
• • Access Controls: Role-based access, multi-factor authentication support
• • Data Backups: Daily automated backups stored redundantly
• • Monitoring: Security monitoring and intrusion detection
• • Regular Audits: Security reviews and vulnerability testing

Data Location

Your information is stored in Germany. If you are in the EU/UK, data transfers comply with GDPR requirements.

Security Limitations

While I use industry-standard security, no method is 100% secure. I cannot guarantee absolute security of your data. You are responsible for maintaining secure passwords and account access.

5. Data Retention

During Active Subscription

I retain your account information and personal data while your RiskRegisterHQ Cloud subscription is active.

After Cancellation

• • Grace Period: 30 days (you can reactivate or export data)
• • Permanent Deletion: After 30 days, account data is securely deleted
• • Legal Requirements: I may retain data longer if legally required

Backup Data

Backup copies may persist for up to 60 days after deletion due to backup schedules.

Account Information

Email and name are retained for 7 years after cancellation for tax, legal, and compliance purposes.

6. Your Privacy Rights

Universal Rights

You have the right to:

• • Access: Obtain a copy of your personal data
• • Correction: Correct inaccurate or incomplete information
• • Deletion: Request deletion of your data (right to be forgotten)
• • Portability: Receive your data in a portable, machine-readable format
• • Opt-Out: Withdraw consent for marketing communications or analytics

EU/UK Users (GDPR)

If you are in the European Union or United Kingdom, you have additional rights under GDPR:

• • Right to restriction of processing
• • Right to object to processing
• • Right to lodge a complaint with your data protection authority

California Users (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act:

• • Right to know what personal information is collected
• • Right to delete personal information
• • Right to opt-out of data sales
• • Right to non-discrimination for exercising your rights

How to Exercise Your Rights

Email privacy@riskregisterhq.com with:

• • Your request (access, deletion, correction, portability)
• • Your account email
• • Proof of identity if requested

I will respond within 5 business days. Requests may take up to 30 days to fulfill.

7. Cookies & Analytics

Cookie Management

You can control cookies through your browser settings. Disabling cookies may affect some features of RiskRegisterHQ Cloud.

Google Analytics

RiskRegisterHQ uses Google Analytics to track website usage. This data is anonymized and aggregated. You can opt out of Google Analytics tracking by:

• • Installing the Google Analytics Opt-Out Browser Add-on
• • Disabling JavaScript in your browser
• • Requesting opt-out via email

Third-Party Cookies

I am not responsible for the practices of third-party services that may set cookies on your device.

8. Contact & Policy Updates

Privacy Questions

If you have questions about this Privacy Policy or my data practices:

RiskRegisterHQ
Email: privacy@riskregisterhq.com
Email: support@riskregisterhq.com
Website: riskregisterhq.com
Response Time: Within 5 business days

Policy Changes

I may update this Privacy Policy at any time. Material changes will be posted with notice. Your continued use of RiskRegisterHQ Cloud constitutes acceptance.

Data Breach Notification

If a security breach affects your personal information, I will notify you within 72 hours via email. The notification will include:

• • Nature and scope of the breach
• • Information affected
• • Steps taken to investigate and remediate
• • Recommended actions you should take