Privacy Policy

1. Introduction

PolicyRiskCenter.com ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://policyriskcenter.com (the "Site") and use our services, including the Compliance Risk Assessment Wizard and other tools.

By accessing or using our Site, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Site.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you:

• Use Our Tools: When using the Compliance Risk Assessment Wizard, you may provide information about your organization, including industry type, company size, and risk assessment responses.
• Create an Account: If you register for a premium account, we collect your name, email address, and payment information.
• Contact Us: When you submit inquiries through our contact form, we collect your name, email address, and message content.
• Subscribe to Newsletters: We collect your email address when you subscribe to our mailing list.
• Make Purchases: For premium services, we collect billing information necessary to process your payment through our third-party payment processor (Stripe).

2.2 Information Collected Automatically

When you visit our Site, we automatically collect certain information, including:

• Device Information: Browser type, operating system, device type, and screen resolution.
• Log Data: IP address, access times, pages viewed, referring URL, and clickstream data.
• Location Data: General geographic location based on your IP address.
• Usage Information: How you interact with our Site, including features used, time spent on pages, and navigation patterns.

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Payment processors (Stripe) regarding transaction status
• Analytics providers regarding Site usage
• Marketing partners if you've consented to share your information

3. How We Use Your Information

We use the information we collect to:

Purpose	Legal Basis
Provide and maintain our services	Contract performance
Process transactions and send related information	Contract performance
Generate risk assessment reports	Contract performance
Send administrative information and updates	Legitimate interest
Respond to inquiries and provide customer support	Legitimate interest
Send marketing communications (with consent)	Consent
Analyze usage patterns to improve our services	Legitimate interest
Prevent fraud and ensure security	Legitimate interest
Comply with legal obligations	Legal obligation

4. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your activity on our Site. Cookies are small data files placed on your device that help us improve your experience.

4.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Essential	Required for basic Site functionality, security, and user authentication	Session / 1 year
Functional	Remember your preferences and settings	1 year
Analytics	Understand how visitors interact with our Site (Google Analytics)	2 years
Marketing	Deliver relevant advertisements (if applicable)	Varies

4.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

• View what cookies are stored and delete them individually
• Block third-party cookies
• Block all cookies from all sites
• Delete all cookies when you close your browser

Please note that blocking certain cookies may impact your experience on our Site and limit functionality.

5. Data Sharing & Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share data with third-party service providers who perform services on our behalf, including:

• Stripe: Payment processing
• Google Analytics: Website analytics
• Email Service Providers: Email delivery and marketing
• Hosting Providers: Website hosting and data storage

These providers are contractually obligated to protect your information and may only use it for the services they provide to us.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies).

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and your options regarding your information.

5.4 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Information: Retained while your account is active and for 3 years after deletion
• Assessment Data: Retained for 2 years for registered users, 30 days for guest users
• Transaction Records: Retained for 7 years for tax and legal compliance
• Analytics Data: Retained for 26 months
• Marketing Preferences: Retained until you unsubscribe

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

7.1 General Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a portable format
• Objection: Object to certain processing of your information
• Restriction: Request restriction of processing in certain circumstances

7.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by businesses
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your CCPA rights

7.3 European Residents (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including all rights listed above plus:

• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

7.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@policyriskcenter.com. We will respond to your request within 30 days (or as required by applicable law).

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• SSL/TLS encryption for data in transit
• Encryption of sensitive data at rest
• Regular security assessments and vulnerability testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

9. Children's Privacy

Our Site is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that a child under 16 has provided us with personal information, we will delete such information from our systems.

10. International Data Transfers

Our Site is hosted in the United States. If you access our Site from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated.

By using our Site, you consent to the transfer of your information to the United States. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.

11. Third-Party Links

Our Site may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

Third-party services we link to may include:

• Regulatory agency websites (OSHA, EPA, SEC, etc.)
• Industry standards organizations (ISO, NIST, etc.)
• Professional associations and training providers
• Compliance software vendors

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to registered users (for significant changes)
• Displaying a prominent notice on our Site

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

For data protection inquiries from the European Union, you may also contact your local data protection authority.