🔒 Privacy

Privacy Policy

📅 Last updated: March 30, 2026 📍 AegisComply, Inc. ✉️ privacy@aegiscomply.io
This Privacy Policy describes how AegisComply, Inc. ("AegisComply", "we", "us", or "our") collects, uses, and protects the personal information you provide when using our compliance automation platform and website. By using our Services, you agree to this policy.

📋Information We Collect

We collect information that is necessary to provide and improve our compliance automation services. We are intentional about what we collect and why. Here is a detailed breakdown:

Account Data

When you create an account or sign up for a trial, we collect your name, work email address, company name, job title, phone number (optional), and billing information. This information is used to provision your account, communicate with you, and process payments.

Usage Data

We automatically collect data about how you interact with our platform, including pages visited, features used, time spent, button clicks, error reports, and performance metrics. This data is collected via server-side logging and browser-based telemetry and helps us improve the product.

Integration Credentials

When you connect third-party services (AWS, GitHub, Okta, etc.), we store the OAuth tokens, API keys, or read-only credentials required to pull compliance evidence. All credentials are encrypted at rest using AES-256 and are never accessible in plain text to any AegisComply employee.

Log Data

Our servers automatically record log data including your IP address, browser type, operating system, referral URLs, request timestamps, and API call patterns. Logs are retained for 90 days for security and debugging purposes and are then automatically deleted.

Customer Content

You may upload policies, evidence documents, risk assessments, vendor questionnaires, and other compliance artifacts to our platform. This content belongs entirely to you. We process it only to provide the service, and never use it for training AI models without explicit written consent.

⚙️How We Use Your Information

We use the information we collect for specific, limited purposes:

  • Provide and operate the Service: Authenticate users, run evidence collection, generate reports, and deliver all platform features.
  • Improve the product: Analyze usage patterns to identify friction points, prioritize features, and fix bugs. Analytics are aggregated and de-identified where possible.
  • Security monitoring: Detect and prevent fraud, abuse, unauthorized access, and security incidents on our platform.
  • Communications: Send transactional emails (receipts, alerts, account notices), product updates, and marketing emails. You can unsubscribe from marketing at any time.
  • Customer support: Respond to inquiries, troubleshoot issues, and provide technical assistance.
  • Legal compliance: Fulfill our obligations under applicable law, respond to lawful government requests, and enforce our terms.
  • Billing: Process subscription payments, send invoices, and manage renewals via our payment processor (Razorpay / Stripe).

We will not use your data for purposes beyond those listed above without notifying you and, where required, obtaining your consent.

🤝Data Sharing

We take your data privacy seriously. Here is our clear commitment on sharing:

We never sell your personal data. Your information is not a product. We do not sell, rent, or trade personal data to any third party for marketing or commercial purposes.

We share data only in the following limited circumstances:

  • Service providers and subprocessors: We work with vetted third-party vendors (e.g. AWS for hosting, Razorpay/Stripe for payments, Postmark for email, Datadog for monitoring) who process data solely on our behalf under data processing agreements.
  • Legal requirements: We may disclose information when required by law, court order, or government regulation, or when we believe disclosure is necessary to prevent imminent harm or protect the safety of users.
  • Business transfers: If AegisComply is acquired or merges with another company, your information may be transferred as part of that transaction. We will provide notice and, where possible, the option to delete your data before any transfer.
  • With your consent: We may share information with third parties if you specifically request it or grant explicit permission.

A full list of our data subprocessors is available at aegiscomply.io/subprocessors.

🔐Data Security

Security is at the core of everything we build. AegisComply holds SOC 2 Type II certification and implements the following technical and organizational measures:

🔒
AES-256 Encryption at RestAll data stored in our databases and object storage is encrypted using AES-256 GCM with hardware security module (HSM)-managed keys.
🌐
TLS 1.3 in TransitAll data in transit is protected with TLS 1.3. We enforce HTTPS across all services and use HSTS with a 2-year max-age preload policy.
👤
Access ControlsEmployee access to customer data is role-based, need-to-know, and logged. Production access requires MFA and is reviewed quarterly.
📜
Audit LoggingEvery access to customer data by AegisComply employees is logged, timestamped, and retained for 12 months. Logs are immutable and stored separately from application data.
🛡
Vulnerability ManagementWe conduct quarterly penetration tests by independent security firms, run continuous SAST/DAST scans, and maintain a responsible disclosure program at aegiscomply.io/security.

Despite our strong security measures, no method of transmission over the internet is 100% secure. We encourage you to use strong, unique passwords and enable MFA on your account.

📦Data Retention

We retain your data for as long as your account is active or as needed to provide our services. Here is our specific retention schedule:

  • Active account data: Retained for the duration of your subscription, plus a 90-day grace period after cancellation to allow for reactivation.
  • Deleted account data: Permanently deleted within 30 days of contract end or a verified deletion request. This includes all customer content, integration credentials, and personal data.
  • Billing records: Retained for 7 years as required by Indian financial regulations (Companies Act, 2013).
  • Server logs: Automatically purged after 90 days.
  • Security audit logs: Retained for 12 months.
  • Backup data: Encrypted backups are retained for 30 days and then automatically deleted.

You may request the deletion of your account and all associated data at any time by emailing privacy@aegiscomply.io. We will complete the deletion within 30 days and send confirmation.

⚖️Your Rights

Depending on your jurisdiction, you have the following rights with respect to your personal data. We honor these rights regardless of where you are located.

👁
Right to Access
Request a copy of all personal data we hold about you.
✏️
Right to Correction
Ask us to correct inaccurate or incomplete data.
🗑
Right to Deletion
Request deletion of your personal data ("right to be forgotten").
📤
Right to Portability
Receive your data in a machine-readable format (JSON/CSV).
🚫
Right to Object
Object to processing for direct marketing or profiling.
Right to Restrict
Request restriction of processing in certain circumstances.

These rights apply under GDPR (EU/UK), CCPA (California), India's Digital Personal Data Protection Act (DPDPA) 2023, and other applicable privacy regulations.

To exercise any of these rights, email us at privacy@aegiscomply.io. We will respond within 30 days. If you are an EU resident and we fail to respond satisfactorily, you may lodge a complaint with your local Data Protection Authority.

🍪Cookies Policy

We use cookies and similar tracking technologies on our website and application to improve your experience and understand how people use our product.

  • Essential cookies: Required for authentication, session management, and security (e.g. CSRF protection). These cannot be disabled.
  • Analytics cookies: We use privacy-respecting analytics (Plausible Analytics) that do not use third-party cookies, do not track across sites, and do not sell data.
  • Preference cookies: Store your UI preferences like theme selection and dashboard layout.
  • Marketing cookies: If you consent, we may use these to measure the effectiveness of our marketing campaigns. You can opt out at any time.

You can manage cookie preferences through your browser settings or via the Cookie Settings panel accessible in our platform footer. Note that disabling essential cookies may impair platform functionality.

👶Children's Privacy

AegisComply is a B2B compliance platform designed exclusively for business use. Our services are not directed at, and we do not knowingly collect personal information from, individuals under the age of 18.

If you are a parent or guardian and believe that a minor has provided us with personal information, please contact us immediately at privacy@aegiscomply.io. We will investigate and, if confirmed, promptly delete such data from our systems.

✉️Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or the handling of your personal data, please contact our Privacy team:

  • Email: privacy@aegiscomply.io
  • Response time: We aim to respond within 5 business days for general queries and 30 days for formal rights requests.
  • Postal address: AegisComply, Inc., 4th Floor, BHIVE Workspace, 112, AKR Tech Park, Krishnarajapuram, Bangalore – 560036, Karnataka, India.
  • Data Protection Officer: dpo@aegiscomply.io

For EU/EEA data subjects, AegisComply's EU representative can be reached at eu-rep@aegiscomply.io for matters related to GDPR compliance.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of the service after changes take effect constitutes acceptance of the revised policy.