Privacy Policy for AuditRixx

1. Introduction

AuditRixx (“we”, “our”, “us”) provides advanced audit analytics and workflow tools for enterprises. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information. It also includes GDPR/UK GDPR and Cookie Policy disclosures and outlines alignment with Canadian privacy requirements (e.g., PIPEDA and applicable provincial laws).

2. Data Controller and Contact

The data controller is AuditRixx. For questions or rights requests, contact privacy@auditrixx.com.

3. Information We Collect

  • Account data: name, business email, role, authentication credentials, and organization details.
  • Workspace content: records you upload or generate (e.g., ledgers, logs, attachments, comments) and related metadata.
  • Usage data: preferences, settings, feature interactions, timestamps, and activity logs.
  • Support data: messages and files submitted via help channels.
  • Technical data: IP address, device identifiers, browser type/version, pages viewed, and diagnostics.

4. Purposes and Legal Bases (GDPR/UK GDPR)

  • Contract: create accounts, authenticate users, and deliver core platform features.
  • Legitimate interests: maintain security and reliability, prevent misuse, improve features, and run aggregated analytics that respect user rights.
  • Consent: where required for certain cookies or analytics; consent may be withdrawn at any time.
  • Legal obligations: meet applicable regulatory and record-keeping duties.

5. How We Use Personal Information

  • Operate, maintain, and improve the platform and its features.
  • Host, process, and organize workspace content at your direction.
  • Generate dashboards, summaries, and exports you request.
  • Provide support and service notices, including important updates.
  • Detect, prevent, and address security incidents or misuse.

6. Retention

We retain personal information as long as necessary to provide services, comply with legal requirements, resolve disputes, and enforce agreements. On request and where legally permissible, we delete specific records or your account; residual data may persist in backups for a limited period consistent with our backup policy.

7. Sharing and Service Providers

  • Vetted providers for hosting, infrastructure, analytics, customer support, and security.
  • Processing occurs only under our documented instructions; confidentiality applies.
  • We do not sell personal information.

8. International Transfers

Where information is transferred across borders, we implement appropriate safeguards (e.g., Standard Contractual Clauses or comparable mechanisms) to protect personal information in accordance with applicable law.

9. Security

We apply administrative, technical, and organizational measures designed to protect personal information against unauthorized access, alteration, and loss. No method of transmission or storage is entirely risk-free; we regularly assess and improve our safeguards.

10. Your Rights

  • Access and correction: request a copy of your personal information and corrections to inaccurate data.
  • Deletion: request deletion subject to legal exceptions.
  • Restriction/objection (where applicable): request limits on certain processing.
  • Portability (GDPR/UK GDPR): receive certain data in a commonly used, machine-readable format.
  • Consent withdrawal: adjust cookie/analytics choices at any time.
  • Complaint: contact the Office of the Privacy Commissioner of Canada or your local authority.

11. Cookie Policy

Cookies are small files stored on your device to support functionality and improve your experience.

  • Essential: login, session continuity, and core features.
  • Preferences: language, layout, and interface settings.
  • Analytics: aggregated insights used to enhance usability and performance.

Consent: Where required, we display a consent banner. You may manage choices via the cookie settings link in the footer. Blocking certain cookies may limit functionality.

12. Children’s Privacy

Our platform is intended for business use and is not directed to children. If a minor’s data has been provided, contact us for removal.

13. Changes to this Policy

We may update this Policy to reflect operational, legal, or regulatory changes. We will post the revised version with an updated “Effective date.”

14. Contact

Privacy inquiries and rights requests: privacy@auditrixx.com.