Back to home

Privacy Policy

Last Updated: June 17, 2025

1. Introduction

PriviSync (“we”, “us”, or “our”) operates an enterprise privacy risk scoring platform at privisync.com (the “Platform”). This Privacy Policy explains how we collect, use, store, and protect information in connection with your use of the Platform and any communications you initiate with us, including demo requests and sales enquiries.

By visiting privisync.com or submitting a contact form, you acknowledge and agree to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide Directly

  • Name and job title (when you request a demo or enquiry)
  • Business email address
  • Organisation name and industry
  • Any other information you choose to include in your message

2.2 Information Collected Automatically

  • IP address and approximate location (country/region)
  • Browser type and operating system
  • Pages visited and time spent on the Platform
  • Referring URL

2.3 Platform Usage Data (Authenticated Users)

For users who have been granted access to the PriviSync Platform, we collect assessment submissions, scoring inputs, and audit log entries. This data is owned by your organisation and is processed in accordance with any applicable Data Processing Agreement (DPA) in place between PriviSync and your organisation.

3. How We Use Your Information

We use the information we collect to:

  • Respond to demo requests and sales enquiries
  • Schedule and conduct product demonstrations
  • Provide and improve the PriviSync Platform
  • Send operational communications (e.g., account setup, security alerts)
  • Comply with applicable legal obligations
  • Protect against fraud and unauthorised access

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Legitimate Interests — to respond to your enquiry and improve our services
  • Contractual Necessity — to fulfil a contract or pre-contractual obligations
  • Legal Obligation — to comply with applicable laws
  • Consent — where explicitly obtained for specific communications

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy or as required by law. Enquiry data is typically retained for 24 months. Platform usage data is retained for the duration of the contract with your organisation and deleted within 90 days of contract termination, unless a longer retention period is agreed or required by law.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include HMAC-signed session tokens, encrypted data transmission (TLS), and access controls enforced at the application layer. However, no method of transmission over the internet is 100% secure.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data (GDPR Article 17)
  • Restriction — request that we restrict processing
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • CPRA Rights (California residents) — right to opt-out of sale/sharing, right to correct, right to limit use of sensitive personal information

To exercise any of these rights, contact us at contact@privisync.com. We will respond within 30 days.

8. Third-Party Services

The Platform may use third-party services for infrastructure, analytics, and AI processing. These services are bound by appropriate data processing agreements and are not permitted to use your data for their own purposes. A current list of sub-processors is available upon request.

9. Cookies

The Platform uses strictly necessary session cookies to authenticate users. No third-party tracking or advertising cookies are used. Session cookies expire after 24 hours of inactivity.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified to authenticated users via the Platform. The “Last Updated” date at the top of this page indicates when the policy was last revised.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact:

PriviSync

Email: contact@privisync.com

We will acknowledge your request within 5 business days.