EffortlessRiskBack to Home

Privacy Policy

Last Updated: January 1, 2025

At EffortlessRisk, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our third-party risk management platform. We do not sell or share your personal information with third parties for marketing purposes.

1. Information We Collect

1.1 Information You Provide

When you register for and use EffortlessRisk, we collect:

  • Account Information: Name, email address, password, company name, company size, industry, and department
  • Billing Information: Payment card details, billing address (processed securely through Stripe)
  • Risk Assessment Data: Vendor information, risk requests, assessments, questionnaires, and related business data you input into the platform
  • Communications: Support requests, feedback, and correspondence with us

1.2 Automatically Collected Information

When you use our Service, we automatically collect:

  • Usage Data: Pages visited, features used, time spent, and interaction patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, error logs, and system activity
  • Cookies: Authentication tokens and session management (see Section 7)

2. How We Use Your Information

We use your information solely to provide, maintain, and improve our Service:

  • Service Delivery: Create and manage your account, process transactions, and deliver the risk management features you request
  • AI Processing: Generate risk assessments and research using our AI models (your data is never used to train third-party AI models)
  • Communication: Send service updates, security alerts, and respond to your inquiries
  • Improvement: Analyze usage patterns to improve features, fix bugs, and enhance user experience
  • Security: Detect and prevent fraud, unauthorized access, and security threats
  • Compliance: Meet legal obligations and enforce our Terms and Conditions

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties.

We only share your information in the following limited circumstances:

3.1 Service Providers

We work with trusted third-party service providers who help us operate our Service:

  • Stripe: Payment processing (PCI-DSS compliant)
  • OpenAI: AI-powered risk assessment generation (data is not used for model training)
  • Supabase/PostgreSQL: Secure database hosting
  • Vercel: Cloud infrastructure and hosting

These providers are contractually obligated to protect your data and may only use it to provide services to us.

3.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal processes such as subpoenas, court orders, or government requests.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

4. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit using TLS/SSL and at rest using AES-256
  • Authentication: Secure password hashing with bcrypt and session management
  • Access Controls: Role-based access controls and organization-level data isolation
  • Infrastructure: Hosted on secure, SOC 2 compliant cloud providers
  • Monitoring: Continuous security monitoring and regular security audits
  • Updates: Regular security patches and software updates

While we implement strong security measures, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services:

  • Active Accounts: Data is retained while your subscription is active
  • Closed Accounts: Data is deleted within 30 days of account closure, unless retention is required by law
  • Backups: Backup copies may persist for up to 90 days for disaster recovery purposes
  • Legal Holds: Data subject to legal proceedings may be retained longer as required

6. Your Privacy Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate information through your account settings
  • Deletion: Request deletion of your account and associated data
  • Export: Download your data in a portable format
  • Opt-Out: Unsubscribe from marketing communications (service-related emails cannot be opted out)
  • Restrict Processing: Request limits on how we process your information

To exercise these rights, contact us at privacy@effortlessrisk.com.

7. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Authentication, session management, and security (required for the Service to function)
  • Functional Cookies: Remember your preferences and settings
  • Analytics: Understand usage patterns to improve the Service (anonymized data only)

You can control cookies through your browser settings, but disabling essential cookies may affect Service functionality.

8. Third-Party Links

Our Service may contain links to third-party websites or services (e.g., vendor websites in research sources). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

9. Children's Privacy

EffortlessRisk is intended for business use and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our Service, you consent to such transfers. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

12. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation including:

  • Right of access and data portability
  • Right to rectification and erasure
  • Right to restrict processing
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification to registered users
  • Displaying a notice in the Service

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@effortlessrisk.com

Support: support@effortlessrisk.com

Security: security@effortlessrisk.com

Our Commitment to You

  • We will never sell your personal information to third parties
  • We will never share your data for marketing purposes
  • We use your data solely to provide and improve our Service
  • We implement strong security measures to protect your information
  • We respect your privacy rights and make it easy to exercise them
Back to Home