Privacy Policy
Last Updated: December 12, 2025
At AI Auditor Assistant, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
1. Information We Collect
We collect information that you provide directly to us, including:
- Account Information: Username, email address, and encrypted password when you create an account
- Organization Information: Organization name, system descriptions, and assessment scope details
- Assessment Data: Responses to compliance assessments, chat conversations, and System Security Plan content
- Usage Data: Token usage, login times, and feature usage statistics
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Process and complete compliance assessments
- Generate AI-powered compliance guidance and recommendations
- Track usage for billing and quota management
- Send important service-related communications
- Detect and prevent security threats and fraud
3. AI and Data Processing
Our service uses AI (powered by OpenAI and Anthropic) to provide compliance guidance. When you interact with our AI features:
- Your queries and context are sent to AI providers for processing
- AI responses are generated based on your input and compliance frameworks
- We do not use your data to train AI models
- Conversations may be stored for your reference and to improve service quality
4. Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Encryption of data in transit using TLS/SSL
- Secure password hashing using industry-standard algorithms
- Multi-factor authentication (MFA) support
- Regular security assessments and monitoring
- Access controls and audit logging
5. Data Retention
We retain your information for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data by contacting us. Some data may be retained for legal or legitimate business purposes.
6. Information Sharing
We do not sell your personal information. We may share information in the following circumstances:
- Service Providers: With third-party services that help us operate (cloud hosting, AI providers)
- Legal Requirements: When required by law or to protect our rights
- Business Transfers: In connection with a merger, acquisition, or sale of assets
- With Your Consent: When you explicitly authorize sharing
7. Your Rights
Depending on your location, you may have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your information
- Object to or restrict certain processing
- Data portability
8. Cookies and Tracking
We use session cookies to maintain your login state and provide essential functionality. We may also use analytics tools to understand how users interact with our service and to improve user experience.
9. Children's Privacy
Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us at:
- Email: privacy@aiauditorassistant.com
- Support: support@aiauditorassistant.com