Privacy Policy

This Privacy Notice for Asellus LLP (doing business as Audiment) – referred to as "we," "us," or "our" – describes how and why we access, collect, store, use, and share your personal information when you use our services, including when you:

• Visit our website at audiment.vercel.app or any website of ours that links to this Privacy Notice
• Use our audit management platform
• Engage with us in other related ways, including marketing or events

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. For questions, contact us at privacy@audiment.io.

Key Points

• What we collect: Personal information you provide when registering or using our services
• Sensitive info: We do not process sensitive personal information
• Third parties: We do not collect information from third parties
• Why we process: To provide, improve, and secure our services, and to comply with law
• Who we share with: Specific service providers (Firebase, Google Cloud, Vercel) under contract
• Your rights: Depending on your location, you may review, change, or delete your data at any time
• How to exercise rights: Submit a data subject access request or contact privacy@audiment.io

What Information Do We Collect?

Personal information you disclose to us

In short: We collect personal information that you provide to us.

We collect personal information you voluntarily provide when you register on the Services, express an interest in our products, participate in activities on the Services, or otherwise contact us. The personal information we collect may include:

Sensitive Information. We do not process sensitive information.

All personal information you provide must be true, complete, and accurate. Please notify us of any changes.

Information automatically collected

We automatically collect certain information when you visit, use, or navigate the Services – such as IP address, browser and device characteristics, operating system, language preferences, referring URLs, and information about how you interact with our Services. This data does not reveal your specific identity but may include device and usage information.

Google API

Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

How Do We Process Your Information?

In short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• Account creation and authentication: To create and manage your account and keep it in working order
• Service delivery: To provide the features and functionality of our audit management platform
• Communication: To respond to your inquiries and send service-related notifications
• Security and fraud prevention: To identify and prevent fraudulent activity and protect the security of our Services
• Usage trends: To understand how our Services are used so we can improve them
• Legal compliance: To comply with applicable laws and regulations

When and With Whom Do We Share Your Information?

In short: We may share information in specific situations and with the following third parties.

We have contracts in place with all third parties, designed to help safeguard your personal information. They cannot use your personal information unless we have instructed them to do so.

We may also share your information in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business.

Do We Use Cookies and Other Tracking Technologies?

In short: We may use cookies and other tracking technologies to collect and store your information.

We use cookies and similar tracking technologies (such as web beacons and pixels) to gather information when you interact with our Services. These help us maintain security, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

We also permit service providers to use online tracking technologies on our Services for analytics purposes, including Google Analytics GA4, to help us understand usage patterns and improve our Services.

Specific information about how we use cookies and how you can manage them is set out in our Cookie Policy.

How Long Do We Keep Your Information?

In short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice, unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it. If deletion is not immediately possible (for example, because your information has been stored in backup archives), we will securely store your information and isolate it from further processing until deletion is possible.

How Do We Keep Your Information Safe?

In short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process, including:

• TLS encryption for all data in transit
• Encryption at rest via Firebase (ISO 27001, SOC 1/2/3 certified infrastructure)
• Role-based access control – admin, manager, and auditor roles with scoped permissions
• Firebase Authentication with session cookies and protected middleware
• Rate limiting on authentication endpoints (10 attempts per 15 minutes per IP)
• Content Security Policy (CSP) headers against XSS attacks

However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. You should only access the Services within a secure environment.

Do We Collect Information from Minors?

In short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 years of age.

If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data. If you become aware of any data we may have collected from children under age 18, please contact us at support@audiment.io.

What Are Your Privacy Rights?

In short: You may review, change, or terminate your account at any time, depending on your country, province, or state of residence.

Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time by contacting us using the details in the Contact Us section below. Note that withdrawing consent will not affect the lawfulness of processing before its withdrawal.

Account Information

If you would like to review or change the information in your account or terminate your account, you can:

• Log in to your account settings and update your user account
• Contact us using the contact information provided

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with investigations, enforce our legal terms, or comply with applicable legal requirements.

Cookies and similar technologies: Most web browsers are set to accept cookies by default. You can usually choose to set your browser to remove or reject cookies, though this may affect certain features or services.

If you have questions or comments about your privacy rights, email us at privacy@audiment.io.

Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

Do We Make Updates to This Notice?

In short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this Privacy Notice. If we make material changes, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification.

We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

How Can You Contact Us About This Notice?

If you have questions or comments about this notice, you may contact us:

How Can You Review, Update, or Delete the Data We Collect From You?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information.

To request to review, update, or delete your personal information, please submit a data subject access request via the button below or email us directly at privacy@audiment.io.