Section 1: Purpose of This Privacy Policy and Commitment to Data Protection
This Privacy Policy is established to explain how the platform collects, uses, processes, stores, and protects personal and organizational information obtained through access to and use of the platform. The platform is designed as a compliance documentation and governance support system, and privacy protection is a core principle underlying its operation. This policy applies to all users of the platform, including administrators, companies, members, and visitors interacting with platform services or associated web interfaces.
The platform recognizes that users entrust sensitive information to the system, including personal identifiers, organizational details, meeting-related documentation, and compliance records. This policy is intended to provide transparency regarding how such information is handled and to outline the measures adopted to protect privacy while enabling lawful and effective platform functionality. The platform’s data handling practices are guided by applicable data protection laws, regulatory expectations, and industry standards, while also reflecting the platform’s limited role as a technology service provider.
The primary purpose of data collection within the platform is to enable secure access, role-based participation, documentation of compliance-related activities, and maintenance of auditable records. The platform does not collect personal data for unrelated purposes such as advertising, behavioral profiling, or commercial resale. Any information collected is processed strictly within the scope of providing platform services, maintaining system security, supporting compliance documentation workflows, and fulfilling legal or regulatory obligations where applicable.
This Privacy Policy applies only to data processed within the platform environment. It does not govern how companies or members handle information outside the platform or how meetings are conducted in real-world settings. The platform does not control or monitor offline activities, physical meetings, or external data exchanges carried out by users. Responsibility for compliance with privacy obligations outside the platform remains with the respective organizations and individuals.
The platform does not act as a data owner with respect to organizational content submitted by companies. Instead, it functions as a data custodian or processor, handling information on behalf of users in accordance with their instructions and platform configuration. Ownership of content and responsibility for lawful data collection rest with the submitting company. The platform does not independently determine the legal basis for data inclusion in meeting records or compliance documents and relies on users to ensure that necessary consents and authorizations have been obtained.
Privacy protection within the platform is supported by technical, administrative, and organizational safeguards designed to prevent unauthorized access, disclosure, or misuse of data. While reasonable measures are implemented to protect information, no digital system can guarantee absolute security. Users acknowledge that data protection involves shared responsibility, including responsible access management and adherence to internal governance practices.
By accessing or using the platform, users acknowledge that they have reviewed this Privacy Policy and understand how their information may be processed within the scope of platform services. Continued use of the platform signifies acceptance of the privacy practices described herein. This policy serves as the foundational statement of the platform’s approach to privacy and data protection and should be read in conjunction with related legal documents such as the Terms of Use and Data Policy.
Section 2: Categories of Personal and Organizational Information Collected
The platform collects personal and organizational information that is necessary to provide secure access, role-based participation, and compliance documentation services. Information is collected directly from users during registration, account management, invitation workflows, and usage of platform features. The nature and extent of information collected depend on the role of the user, the configuration of the company account, and the actions performed within the system.
Personal information may include identifiers such as names, email addresses, phone numbers, login credentials, authentication details, and profile-related information provided by administrators, company representatives, or members. This information is used to establish identity, enable secure authentication, manage invitations, and facilitate communication related to platform usage. The platform does not intentionally collect sensitive personal data unless such information is voluntarily included by users within uploaded content or documentation.
Organizational information may include company names, registration details, internal role assignments, departmental structures, reporting hierarchies, and other business-related identifiers. This information is necessary to create isolated company environments within the platform and to support internal governance workflows. The platform treats organizational information as confidential and processes it solely to deliver platform functionality.
In addition to direct user input, the platform may collect technical information related to system access and usage. This may include login timestamps, IP addresses, device or browser metadata, and system interaction logs. Such information is collected to support security monitoring, auditability, troubleshooting, and system performance optimization. This data is not used for tracking user behavior outside the platform or for profiling purposes.
Content-related data is collected when users upload documents, audio recordings, video files, or text for compliance documentation and reporting. This content is provided at the discretion of the user and may contain personal or third-party information. The platform does not independently determine what information is included in uploaded content and does not filter or alter content except for technical processing required to generate reports or structured outputs.
By using the platform, users acknowledge that the information they provide is collected for legitimate platform purposes and that responsibility for ensuring lawful inclusion of personal data within uploaded content rests with the submitting organization or individual.
Section 3: Purpose and Legal Basis for Processing Information
The platform processes personal and organizational information solely for purposes that are necessary to operate and maintain the service as a compliance documentation and governance support system. Information is processed to enable user authentication, account administration, role-based access control, invitation workflows, content management, report generation, audit logging, and system security. Processing activities are aligned with the platform’s limited role as a technology service provider.
Personal information is processed to fulfill contractual obligations arising from the user’s acceptance of the Terms of Use and to provide access to platform features requested by the user or their organization. Processing may also occur to comply with applicable legal obligations, such as responding to lawful requests from authorities, maintaining audit records, or enforcing platform policies. Where required by law, processing may be based on user consent, which is provided through voluntary submission of information and continued use of the platform.
The platform does not process personal data for purposes unrelated to compliance documentation or system operation. It does not engage in targeted advertising, behavioral analytics for marketing, or sale of personal data. Any processing of data through automated or artificial intelligence systems is conducted solely to transform user-provided content into usable documentation formats and does not involve independent data enrichment or external profiling.
Organizational content and meeting-related documentation are processed strictly in accordance with instructions provided by authorized users. The platform acts as a processor or custodian of such data and does not determine the purpose or legal basis for its inclusion. Companies are responsible for ensuring that personal data included in compliance records is collected and processed lawfully under applicable data protection laws.
Processing activities are limited to what is reasonably necessary to achieve platform functionality. The platform does not retain data longer than required for operational, compliance, or legal purposes. Users acknowledge that lawful processing may continue even after account suspension or termination where required to meet legal or audit obligations.
By using the platform, users acknowledge that processing of information is integral to service delivery and that such processing occurs within the boundaries defined by this Privacy Policy and applicable law.
Section 4: Data Storage, Location, and Cross-Border Processing
The platform stores and processes personal and organizational information using secure digital infrastructure designed to support compliance documentation and governance workflows. Data may be stored on servers located in one or more jurisdictions depending on operational requirements, system architecture, and service availability. The platform does not guarantee that all data will be stored exclusively within a single geographic location, and users acknowledge that cross-border data processing may occur as part of normal platform operations.
Cross-border processing is undertaken solely to deliver platform functionality, ensure system resilience, and maintain service continuity. When data is processed across jurisdictions, reasonable measures are applied to protect information in accordance with applicable data protection laws and industry standards. The platform does not transfer personal data for purposes unrelated to service delivery and does not permit international transfers for commercial exploitation.
Companies using the platform are responsible for determining whether cross-border processing aligns with their regulatory obligations. The platform does not assess jurisdiction-specific restrictions on data transfer and does not provide legal advice regarding cross-border compliance. Where required by law, companies must obtain necessary consents or implement appropriate safeguards before submitting data to the platform.
Data stored within the platform is logically segregated by organization to prevent unauthorized access between companies. Administrative access to data is limited to operational and security purposes and does not imply ownership or unrestricted use. The platform acts as a custodian of stored information and processes data only as instructed by authorized users or as required by law.
By using the platform, users acknowledge that digital data storage inherently involves geographic distribution and accept that such distribution is necessary to provide reliable and secure services.
Section 5: Access Controls, Confidentiality, and Internal Data Protection
The platform implements access controls designed to restrict information access to authorized users based on role, permission, and organizational association. These controls are fundamental to maintaining confidentiality and protecting personal and organizational data from unauthorized disclosure. Users may only access information that has been explicitly made available to them through platform configuration.
Companies are responsible for managing internal access rights and for ensuring that members are granted appropriate permissions. The platform enforces access settings as configured but does not evaluate whether such settings align with internal governance or confidentiality policies. Any unauthorized access resulting from improper permission management is the responsibility of the company.
Confidentiality of data is supported by technical safeguards, including authentication mechanisms, encryption where appropriate, and activity logging. However, confidentiality also depends on responsible user behavior. Users must ensure that credentials are protected and that access to devices and systems is appropriately controlled. The platform is not responsible for disclosures resulting from user negligence or external compromise beyond its reasonable control.
Administrators may access certain data for system maintenance, troubleshooting, or security monitoring. Such access is limited, logged, and governed by internal controls. Administrative access does not permit use of data beyond operational necessity and does not override confidentiality obligations.
By using the platform, users acknowledge that confidentiality is a shared responsibility and that effective data protection requires both technical safeguards and appropriate organizational controls.
Section 6: Use of Automated Processing and Artificial Intelligence
The platform may use automated processing technologies, including artificial intelligence, to assist users in transforming and organizing information submitted to the system. Such processing is applied to content voluntarily provided by users, including documents, audio, video, and text, and is performed solely to enable transcription, text extraction, summarization, formatting, and report generation. Automated processing is an assistive function designed to improve efficiency and usability within the scope of compliance documentation and governance support.
Automated systems operate strictly on the inputs provided by users and do not independently collect additional personal data or generate content unrelated to the submitted material. The platform does not use automated processing to make decisions that produce legal effects concerning individuals, nor does it engage in profiling, behavioral analysis, or predictive assessment of users. Any outputs generated through automated processing are intended for review and validation by users prior to approval or reliance.
The platform does not treat automated outputs as authoritative or definitive representations of real-world events. Errors or omissions may occur due to technical limitations, quality of input data, or contextual ambiguity. Responsibility for reviewing, correcting, and approving automated outputs rests entirely with the user or the submitting organization. The platform does not assume responsibility for outcomes resulting from reliance on automated processing without independent verification.
Automated processing may involve the temporary use of third-party technologies to perform specific functions. Such use is limited to operational necessity and is governed by confidentiality and data protection safeguards. Automated processing does not alter data ownership, does not expand the scope of data use, and does not permit reuse of content beyond platform services.
By using features that involve automated processing, users acknowledge and consent to such processing within the boundaries described in this Privacy Policy and accept that automated assistance does not replace professional judgment, legal review, or organizational oversight.
Section 7: Data Sharing, Disclosure, and Third-Party Access
The platform does not sell, rent, or commercially share personal or organizational information with third parties. Data sharing occurs only where necessary to operate the platform, comply with legal obligations, or protect the rights and security of users and the system. Any disclosure of information is limited in scope and purpose and is conducted in accordance with this Privacy Policy.
Data may be shared with service providers engaged to support platform functionality, such as infrastructure hosting, authentication services, communication delivery, or automated processing tools. Such service providers act under contractual obligations to process data solely on behalf of the platform and in accordance with confidentiality and data protection requirements. They are not permitted to use data for independent purposes or retain it beyond what is necessary to perform their services.
Information may be disclosed when required by applicable law, regulation, court order, or lawful request from a government authority. In such cases, disclosure is limited to the information legally required and does not extend beyond the scope of the request. Where permitted by law, the platform may notify affected users or companies of such disclosures.
The platform may also disclose information to protect against fraud, security threats, misuse of the platform, or violations of governing terms. Such disclosures are undertaken to safeguard users, maintain system integrity, and enforce platform policies. These actions do not constitute routine data sharing and are limited to circumstances where disclosure is reasonably necessary.
By using the platform, users acknowledge that limited data sharing is essential to service operation and legal compliance and that such sharing occurs within the controlled and purpose-bound framework defined by this Privacy Policy.
Section 8: User Rights, Access Requests, and Data Control
The platform recognizes that users may have rights regarding their personal information under applicable data protection laws. These rights may include the ability to access, correct, update, or request restriction of certain personal data processed within the platform. The exercise of such rights is subject to verification of identity and authority to ensure that personal information is disclosed only to authorized individuals.
Requests relating to personal data are handled within the operational and legal constraints of the platform. Where a user submits a request to access or correct personal information, the platform may require additional information to confirm the requester’s identity and role. The platform does not disclose organizational data to individuals who are not authorized representatives of the relevant company, even if such data contains personal information.
Users acknowledge that certain data may not be eligible for modification or deletion due to compliance, audit, or legal retention obligations. This includes historical records, audit logs, approvals, and documentation required to preserve traceability and accountability. In such cases, the platform may restrict processing of data rather than deleting it entirely, in accordance with applicable law.
Companies using the platform act as primary decision-makers with respect to organizational data. Members seeking to exercise rights relating to data contained within company records must direct such requests to the relevant company. The platform acts as a technical facilitator and does not independently adjudicate disputes or requests between companies and their members.
By using the platform, users acknowledge that data rights are exercised within a structured governance framework and that fulfillment of requests may be subject to legal, technical, and organizational limitations.
Section 9: Data Retention Periods and Secure Disposal Practices
The platform retains personal and organizational information for periods necessary to fulfill operational, compliance, audit, and legal purposes. Retention durations vary depending on the nature of the data, system configuration, and applicable regulatory requirements. The platform does not retain data indefinitely without purpose and applies retention practices aligned with its role as a compliance documentation system.
Certain records, including audit trails, approval histories, and compliance documentation, may be retained even after account suspension or termination to preserve record integrity and meet legal obligations. Such retention does not imply ongoing processing for active use but reflects the necessity of maintaining historical records for accountability and dispute resolution.
When data is eligible for disposal, the platform applies secure deletion or anonymization practices consistent with industry standards and operational constraints. Due to technical architecture, backups, or archival systems, complete and immediate erasure may not always be feasible. The platform does not restore disposed data except where required for legal or operational reasons.
Companies may configure internal retention or auto-deletion settings for certain types of content where such functionality is provided. These settings operate within the platform’s technical limits and do not override mandatory legal retention requirements. Responsibility for defining appropriate retention periods rests with the company.
By using the platform, users acknowledge that data retention and disposal are governed by a balance between operational necessity, legal obligations, and data protection principles, and that secure disposal occurs within these defined boundaries.
Section 10: Data Security Measures and Risk Management Practices
The platform implements technical, administrative, and organizational measures designed to protect personal and organizational information against unauthorized access, loss, misuse, alteration, or disclosure. These measures are intended to safeguard data processed within the platform while supporting its function as a compliance documentation and governance support system. Security practices are aligned with industry standards and are periodically reviewed to address evolving risks and operational requirements.
Technical safeguards may include access controls, authentication mechanisms, encryption where appropriate, network security controls, and system monitoring tools. These safeguards are designed to restrict access to authorized users and to detect anomalous activity that may indicate a security risk. Administrative measures include internal policies governing data handling, access management, and incident response procedures. Organizational controls ensure that only authorized personnel are permitted to access data for legitimate operational purposes.
Despite the implementation of reasonable security measures, no digital system can guarantee absolute protection against all threats. Users acknowledge that risks such as cyberattacks, unauthorized access, or data loss may occur despite safeguards. The platform does not warrant that security measures will prevent all incidents and disclaims liability for breaches resulting from factors beyond its reasonable control, including user negligence, compromised credentials, or external service failures.
Users play an essential role in maintaining data security by protecting login credentials, using secure devices, and promptly reporting suspected security incidents. The platform may restrict access, suspend accounts, or take corrective action where necessary to mitigate risk and protect system integrity. Such actions are preventive in nature and do not constitute an admission of fault or liability.
By using the platform, users acknowledge that data security is a shared responsibility and that the platform’s safeguards operate within the inherent limitations of digital environments.
Section 11: Data Breach Response and Incident Notification
The platform maintains procedures to identify, assess, and respond to data security incidents that may affect personal or organizational information. A data breach refers to an incident involving unauthorized access, disclosure, or loss of data processed within the platform. Upon becoming aware of a potential breach, the platform undertakes reasonable steps to investigate the incident, contain its impact, and restore system security where feasible.
Incident response measures are designed to assess the nature and scope of the breach, identify affected data, and determine appropriate remedial actions. These measures may include system isolation, access restriction, password resets, or coordination with external service providers. The platform does not guarantee that all incidents can be fully mitigated but endeavors to respond promptly and responsibly.
Where required by applicable law, the platform may notify affected companies or users of a data breach involving their information. Notifications are provided based on available information at the time and may be updated as further details become known. The platform does not assume responsibility for notifying third parties not directly associated with the affected data unless legally mandated.
Companies remain responsible for evaluating whether breach notification obligations apply under their own regulatory frameworks and for communicating with affected individuals where required. The platform’s notification does not replace or satisfy such obligations unless expressly stated by law.
By using the platform, users acknowledge that incident response and notification are governed by legal requirements and practical limitations and that no system can entirely eliminate the risk of security incidents.
Section 12: Children Says that It Does Not Intentionally Collect Children’s Data
The platform is intended for use by organizations, administrators, and authorized members who are legally capable of entering into binding agreements. It is not designed for use by minors, and the platform does not knowingly collect, process, or store personal data relating to children. Access to the platform requires registration, role assignment, and organizational authorization, which presuppose legal capacity and professional or corporate involvement.
If personal data relating to a child is inadvertently submitted to the platform as part of user-generated content, such submission occurs at the sole discretion and responsibility of the submitting user or organization. The platform does not independently verify the age of individuals referenced within uploaded documents, meeting records, or compliance materials and does not filter content based on age-related criteria. Responsibility for ensuring lawful inclusion of personal data rests entirely with the submitting company.
Where the platform becomes aware that personal data of a child has been collected or processed in violation of applicable data protection laws, reasonable steps may be taken to restrict processing or remove such data where legally permissible. Such actions are subject to verification, legal obligations, and operational feasibility. The platform does not assume responsibility for determining parental consent requirements or age-related compliance obligations applicable to user-submitted content.
By using the platform, users acknowledge that it is not intended for children and that they must ensure compliance with applicable laws regarding the collection and processing of personal data relating to minors.
Section 13: Cookies, Session Data, and Platform Analytics
The platform may use cookies, session identifiers, and similar technologies to enable essential functionality, maintain secure sessions, and improve user experience. These technologies are used to support authentication, session continuity, access control, and system performance monitoring. The platform does not use cookies or tracking mechanisms for targeted advertising, behavioral profiling, or third-party marketing purposes.
Session data may include information necessary to maintain secure access during a user’s interaction with the platform. Such data is typically temporary and is discarded when a session ends or expires. Persistent cookies may be used only where necessary to support user preferences or security features and are not designed to track users beyond the platform environment.
Analytics data may be collected to understand system usage patterns, diagnose technical issues, and improve platform functionality. This data is aggregated and analyzed in a manner that does not identify individual users beyond what is required for operational purposes. The platform does not combine analytics data with external datasets to create user profiles or track activity outside the platform.
Users may have limited ability to control cookies through browser settings. However, disabling cookies may affect platform functionality and access. By using the platform, users acknowledge that essential cookies and session data are necessary for secure and reliable operation and consent to their use within the scope described in this Privacy Policy.
Section 14: Third-Party Links, External Platforms, and Responsibility Boundaries
The platform may contain links to third-party websites, services, or external platforms that are provided solely for user convenience or operational necessity. Such links may appear within documentation references, communication modules, or system notifications. The presence of a third-party link does not constitute endorsement, sponsorship, or approval of the linked platform, its content, or its privacy practices. The platform does not control and is not responsible for the data handling practices of external websites or services.
When users choose to access third-party platforms through links provided within the system, they do so at their own discretion and risk. Any personal or organizational information shared with external platforms is governed by the privacy policies and terms of those third parties, not by this Privacy Policy. The platform does not monitor or regulate how third-party services collect, use, or protect data once users leave the platform environment.
The platform is not liable for any loss, misuse, or unauthorized disclosure of data that occurs on external platforms. Users are encouraged to review the privacy policies of any third-party services before interacting with them or submitting information. Responsibility for assessing the adequacy of third-party privacy protections rests with the user or their organization.
By using the platform, users acknowledge that third-party links are provided without warranty and that the platform’s privacy obligations apply only to data processed within its own systems and controlled environments.
Section 15: Policy Updates, Changes, and Ongoing Applicability
This Privacy Policy may be updated, modified, or revised from time to time to reflect changes in legal requirements, regulatory guidance, operational practices, or platform functionality. Updates are intended to ensure continued transparency and alignment with applicable data protection standards. The platform reserves the right to make such changes at its discretion while maintaining its commitment to protecting user privacy.
Revised versions of this Privacy Policy become effective upon publication within the platform or on associated web interfaces unless otherwise stated. Continued use of the platform after an update constitutes acceptance of the revised policy. Users who do not agree with updated terms must discontinue use of the platform in accordance with account termination procedures.
Policy updates do not retroactively alter obligations relating to data processed prior to the effective date of the change, except where required by law. Historical data handling remains governed by the policy in effect at the time of processing, ensuring fairness and consistency.
The platform may provide notifications of significant policy changes through electronic communications, dashboard alerts, or system messages. However, failure to receive such notification does not affect the enforceability of updated policies. Responsibility for reviewing policy changes rests with the user.
This Privacy Policy operates in conjunction with related legal documents, including the Terms of Use and Data Policy. Together, these documents define the framework for lawful, secure, and transparent data handling within the platform.
Section 16: Regulatory Compliance and Data Protection Obligations
The platform is designed to operate in alignment with applicable data protection and privacy laws relevant to the jurisdictions in which it is offered. While the platform endeavors to follow generally accepted privacy principles and regulatory expectations, it does not act as a legal advisor or compliance authority for its users. Compliance with jurisdiction-specific data protection laws remains the responsibility of the companies and individuals using the platform.
The platform processes personal and organizational information in a manner intended to support lawful use, transparency, and accountability. Where applicable, processing activities are conducted in accordance with recognized data protection principles such as lawfulness, fairness, purpose limitation, data minimization, and security. However, the platform does not independently assess whether a user’s activities meet all regulatory requirements applicable to their specific industry, location, or operational context.
Companies using the platform may be subject to additional regulatory obligations, including sector-specific privacy requirements or cross-border data transfer restrictions. The platform does not monitor or enforce such obligations and does not guarantee that use of the platform alone satisfies regulatory compliance. Users are encouraged to seek independent legal or professional advice to determine whether their use of the platform aligns with applicable data protection laws.
By using the platform, users acknowledge that regulatory compliance is a shared responsibility and that the platform’s role is limited to providing technical infrastructure and operational safeguards. Any regulatory action, penalty, or enforcement arising from the handling of personal data remains the responsibility of the user or organization.
Section 17: Limitation of Liability Relating to Privacy Practices
The platform takes reasonable measures to protect personal and organizational information but does not warrant absolute security or error-free operation. To the maximum extent permitted by applicable law, the platform disclaims liability for damages arising from unauthorized access, data breaches, loss of data, or misuse of information, except where such liability cannot be excluded under law.
The platform shall not be liable for indirect, incidental, consequential, or special damages resulting from privacy-related incidents, including loss of business, reputational harm, regulatory penalties, or third-party claims. This limitation applies regardless of whether such damages arise from technical failures, third-party services, user negligence, or external threats beyond the platform’s reasonable control.
Users acknowledge that no digital system can guarantee complete protection against all privacy risks and that use of the platform involves inherent risks associated with electronic data processing. The platform’s liability, if any, is limited to the extent required by law and does not extend beyond the scope of its role as a technology service provider.
By using the platform, users expressly accept these limitations and acknowledge that they reflect a reasonable allocation of risk consistent with industry standards and the nature of the services provided.
Section 18: Governing Law, Jurisdiction, and Privacy Disputes
This Privacy Policy shall be governed by and construed in accordance with the laws applicable in the jurisdiction in which the platform is legally established, without regard to principles of conflict of laws. The governing law applies uniformly to all users of the platform, including administrators, companies, members, and visitors, irrespective of their geographic location or place of residence. The purpose of applying a single governing law is to ensure consistency, predictability, and legal certainty in the interpretation and enforcement of privacy obligations.
Any dispute, claim, or controversy arising out of or relating to this Privacy Policy, including matters concerning data handling, processing practices, disclosure, or interpretation of privacy rights, shall fall within the exclusive jurisdiction of the competent courts designated by the platform owner. Users expressly consent to such jurisdiction by accessing or using the platform and waive any objection to venue or forum based on convenience or location, except where prohibited by mandatory law.
The platform does not act as an arbitrator or mediator in privacy disputes between companies and their members or between users and third parties. All such disputes remain the responsibility of the parties involved and must be resolved independently. The platform’s role in privacy-related disputes is limited to complying with lawful orders and fulfilling its obligations as a technology service provider.
If any provision of this Privacy Policy is determined to be unenforceable by a competent authority, the remaining provisions shall continue in full force and effect. This section ensures that privacy governance remains intact even if specific clauses are affected by changes in law or judicial interpretation.
Section 19: Final Acknowledgment and Acceptance of Privacy Practices
This Privacy Policy represents the complete and authoritative statement of the platform’s privacy practices with respect to the collection, use, processing, storage, and protection of personal and organizational information. By accessing, registering on, or using the platform, users acknowledge that they have read, understood, and accepted the privacy practices described herein. This acknowledgment applies equally to administrators, companies, and members and extends to all interactions with the platform across its interfaces and services.
Users understand that the platform operates as a neutral technology service provider and that responsibility for lawful data collection, consent management, and regulatory compliance rests primarily with the submitting organization or individual. The platform’s obligations are limited to processing data within the scope defined by this Privacy Policy, the Terms of Use, and applicable law.
Acceptance of this Privacy Policy is evidenced electronically and carries the same legal effect as a written agreement. Continued use of the platform following publication of this policy or any updates constitutes ongoing acceptance. Users who do not agree with the privacy practices described herein must discontinue use of the platform.
This final acknowledgment confirms the binding nature of this Privacy Policy and establishes a clear understanding of privacy roles, responsibilities, and limitations. Together with related legal documents, this policy forms a comprehensive framework for transparent and responsible data handling within the platform.
Section 20: Consent, Withdrawal, and Continued Processing Limitations
By accessing or using the platform, users provide consent for the collection, processing, and storage of personal and organizational information as described in this Privacy Policy. Such consent is given voluntarily through registration, data submission, acceptance of invitations, and continued interaction with platform features. Consent applies only within the scope necessary to provide platform services and does not extend to purposes outside those expressly stated in this policy.
Users acknowledge that consent may be withdrawn in certain circumstances by discontinuing use of the platform or by submitting a formal request through appropriate channels. However, withdrawal of consent does not automatically result in the deletion of all data. The platform may continue to process or retain information where such processing is required to fulfill legal obligations, maintain audit records, resolve disputes, or enforce platform policies. In such cases, processing is limited to what is strictly necessary and lawful.
Where a company withdraws consent or terminates its account, personal data contained within compliance documentation or governance records may continue to be retained to preserve record integrity. The platform does not assume responsibility for managing consent on behalf of companies in relation to their members or third parties. Responsibility for ensuring valid consent at the point of data submission rests with the submitting organization.
By using the platform, users acknowledge that consent operates within legal and operational constraints and that certain data processing activities may lawfully continue even after consent is withdrawn.
Section 21: Privacy by Design, Default Settings, and System Architecture
The platform is developed using principles of privacy by design and privacy by default to the extent reasonably practicable. These principles are reflected in system architecture, access controls, data minimization practices, and role-based permissions. The platform seeks to limit data collection to what is necessary for compliance documentation and to restrict access based on organizational need and authorization.
Default system settings are configured to support secure access and controlled visibility of data. Companies may further customize access permissions and workflows according to internal governance requirements. The platform does not override company-defined settings unless required for system security or legal compliance.
Privacy by design does not imply that the platform independently ensures regulatory compliance for users. Instead, it provides technical tools that support responsible data handling. Users remain responsible for configuring the platform appropriately and for aligning system use with their own privacy obligations.
By using the platform, users acknowledge that privacy protection is embedded into system design but that effective data protection also depends on appropriate configuration and responsible use.
Section 22: Contact Information, Privacy Inquiries, and Policy Closure
Users may contact the platform regarding privacy-related questions, concerns, or requests through official communication channels provided within the platform or associated website. Such inquiries may relate to data processing practices, access requests, or clarification of privacy obligations. The platform endeavors to respond to reasonable inquiries within a commercially reasonable timeframe, subject to verification of identity and authority.
The platform does not provide individualized legal advice in response to privacy inquiries and does not interpret regulatory requirements on behalf of users. Responses are limited to explaining platform practices and obligations as defined in this Privacy Policy.
This section serves as the formal closure of the Privacy Policy. Together with preceding sections, it establishes a comprehensive and transparent framework governing how personal and organizational information is handled within the platform. This Privacy Policy should be read in conjunction with the Terms of Use and Data Policy to fully understand the platform’s legal and operational boundaries.
By continuing to use the platform, users reaffirm their understanding and acceptance of this Privacy Policy in its entirety.
Section 23: Relationship Between Platform, Companies, and Data Subjects
The platform operates strictly as a technology service provider that facilitates compliance documentation and governance record management on behalf of its users. It does not determine the purpose or means of processing personal data contained within organizational records submitted by companies. In this context, companies act as the primary decision-makers with respect to personal data included in meeting records, investigations, reports, and compliance documentation, while the platform functions as a custodian or processor of such data.
Members and other individuals whose personal data may appear within platform records are considered data subjects in relation to the submitting organization. The platform does not independently collect personal data about such individuals outside the scope of information voluntarily provided by companies or users. Any rights exercised by data subjects in relation to organizational data must generally be addressed to the relevant company, as the platform does not have authority to alter or delete organizational records without instruction or legal obligation.
The platform does not establish a direct fiduciary, employment, or agency relationship with data subjects whose information appears within user-submitted content. Its obligations are limited to processing data in accordance with this Privacy Policy, the Terms of Use, and applicable law. This structural separation is essential to preserving clarity of responsibility and ensuring that privacy compliance obligations are allocated appropriately between the platform and its users.
By using the platform, companies acknowledge their role as primary custodians of personal data included in compliance documentation and accept responsibility for fulfilling data protection obligations toward individuals referenced in their records.
Section 24: No Automated Decision-Making Affecting Legal Rights
The platform does not engage in automated decision-making processes that produce legal effects or similarly significant consequences for individuals. Any automated processing or artificial intelligence features available within the platform are designed solely to assist in organizing, summarizing, or formatting user-provided content for documentation purposes. Such features do not independently make determinations regarding compliance status, legality, employment outcomes, or individual rights.
Decisions, approvals, rejections, or acknowledgments recorded within the platform are initiated and executed by authorized users acting on behalf of their organizations. The platform does not substitute human judgment, nor does it override or enforce decisions made by users. Automated outputs are provided as informational tools and require human review and validation before being relied upon.
Users acknowledge that the absence of automated decision-making affecting legal rights is a fundamental aspect of the platform’s design. Any reliance on platform-generated content without appropriate human oversight occurs at the user’s discretion and risk. The platform disclaims responsibility for outcomes resulting from organizational decisions documented within the system.
This section reinforces the platform’s role as a supportive documentation tool rather than a decision-making authority and ensures transparency regarding the limits of automation within the system.
Section 25: Final Privacy Statement, Binding Effect, and Conclusion
This Privacy Policy constitutes the final and authoritative statement regarding the platform’s privacy practices. It defines the scope, purpose, and limitations of how personal and organizational information is collected, processed, stored, and protected within the platform. Together with the Terms of Use and Data Policy, it forms a comprehensive legal framework governing data handling and privacy responsibilities.
By accessing, registering on, or continuing to use the platform, users expressly acknowledge that they have read, understood, and agreed to this Privacy Policy in its entirety. This acceptance is effective from the moment of first access and remains binding for as long as the platform is used, including periods following account suspension or termination where relevant obligations survive.
The platform reserves the right to enforce this Privacy Policy in accordance with applicable law and to cooperate with lawful authorities where required. Nothing in this policy shall be interpreted as limiting statutory rights that cannot be waived under applicable data protection laws.
This concluding section confirms the platform’s commitment to transparency, responsible data handling, and clear allocation of privacy responsibilities. Users who do not agree with this Privacy Policy must discontinue use of the platform. Continued use signifies ongoing acceptance and acknowledgment of the privacy practices described herein.