Last updated: June 17, 2025
1. Introduction
Riskuity (“we”, “us”, “our”) is committed to safeguarding the personal information of our users (“you”). This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal data when you access or use Riskuity via our website, application, or services.
2. Information We Collect
A. Information You Provide
- Contact & account details: name, email, job title, organization, phone.
- Credentials and profile information.
- Preferences, support inquiries, feedback.
B. Usage & Technical Information
- Login activity, IP address, device/browser data.
- Platform usage logs (feature access, timestamps).
- Cookies and analytics.
C. Data Entered into Riskuity
- Customer risk assessments, governance and compliance records.
- Reports, attachments, audit logs, metadata.
3. How We Use Your Information
We process your data to:
- Provide, maintain, and support the Riskuity GRC platform.
- Authenticate and authorize your access.
- Improve and personalize our service.
- Communicate updates or support requests.
- Monitor analytics for performance and usage trends.
- Ensure security and audit compliance.
- Support and enforce multi-factor authentication (MFA) protocols.
- Deliver notifications via email and SMS for system alerts, security events, and user-defined triggers.
4. Lawful Basis for Processing
- Contractual necessity – to fulfill service agreements.
- Legitimate interest – for security, service improvement, and user support.
- Consent – for optional communications and alerts.
5. Data Sharing & Disclosure
We may share your information with:
- Service Providers for cloud hosting, analytics, authentication (including MFA), messaging, and support.
- Business partners supporting your organization’s Riskuity deployment.
- Legal authorities, when required by applicable law.
- Buyers/Successors, in the event of a corporate transaction.
6. MFA and Notifications
Multi-Factor Authentication (MFA)
Riskuity supports and may require MFA for enhanced account security. MFA methods may include time-based one-time passcodes (TOTP), SMS verification codes, or email authentication links. Your phone number and/or email address may be used solely for this purpose.
Email and SMS Notifications
You may receive email or SMS messages for:
- Login attempts and MFA verification.
- Password resets and account activity alerts.
- Administrative updates or role-based task notifications.
- Workflow triggers, system errors, or policy review reminders.
You can manage notification preferences in your account settings or by contacting us at support@riskuity.com.
7. Data Storage & Retention
Data is stored securely in compliant data centers within the United States (or designated regions under customer contracts). Retention periods depend on contractual obligations and regulatory requirements.
8. Security Measures
Riskuity uses industry-standard security controls, including:
- Encryption (in transit and at rest)
- MFA enforcement and identity verification
- Role-based access controls (RBAC)
- Intrusion detection and monitoring
- Regular penetration testing and code reviews
9. Your Privacy Rights
You have the right to:
- Access, correct, or delete personal information
- Request data portability
- Object to or restrict certain processing
- Withdraw consent for optional features
- File complaints with regulatory authorities
To exercise any rights, email: privacy@riskuity.com
10. Cookies & Tracking
Cookies are used for authentication, feature persistence, and usage analysis. You can configure your browser to manage cookie settings.
11. International Transfers
Data may be processed or stored in jurisdictions outside your country of residence, with safeguards like Standard Contractual Clauses in place.
12. Children’s Privacy
Riskuity is designed for enterprise use and not intended for individuals under 18.
13. Policy Updates
We may update this policy to reflect changes in our practices. We will notify users of significant changes via email or in-app message.
Contact Us
For privacy-related inquiries, contact:
privacy@riskuity.com