Privacy Policy

1. Introduction

At Ask the Human LLC ("Own Your Compliance," "we," "us," or "our"), we respect your privacy and are committed to protecting your personal information. This Privacy Policy describes the types of information we collect through your use of the Own Your Compliance platform and services (the "Services"), and how we collect, use, maintain, protect, and disclose that information.

2. Information We Collect

We collect several types of information, including:

• Account Information: Such as your name, email address, company name, and other identifiers you provide during registration or engagement.
• Business Information: Information about your organization's compliance needs, frameworks of interest, and industry context.
• Policy Content: The compliance policies and documentation created through our Services, which you own.
• Device and Usage Information: IP address, browser type, operating system, and platform usage data collected automatically.
• Communications: Records of correspondence when you contact us for support or inquiries.

3. How We Use Your Information

We use the information collected to:

• Provide, operate, and improve the Services.
• Create and maintain your compliance policy framework.
• Personalize your experience and tailor policies to your organization.
• Communicate with you about the Services, updates, and support.
• Respond to your inquiries and provide customer support.
• Comply with applicable legal and regulatory obligations.
• Improve our methodologies and service offerings using aggregated, de-identified data.

4. Information Sharing

We may disclose your information to:

• Service Providers: Third parties that help us deliver the Services, including GitHub (Microsoft) for repository hosting and Cloudflare for website hosting.
• Compliance Reviewers: Human compliance professionals who review AI-generated policy drafts as part of our service delivery.
• Legal Authorities: To comply with court orders, laws, or legal processes, or to protect our rights or the safety of others.

We do not sell your personal information to third parties.

5. Your Policy Content

The compliance policies created for your organization are stored in GitHub repositories under your control. You own this content. We do not access, share, or use your policy content for purposes other than delivering our Services to you, unless you explicitly authorize us to do so.

6. Hosting and Security

Our platform utilizes industry-leading technology partners:

• GitHub (Microsoft): Your policy repositories are hosted on GitHub, inheriting Microsoft's enterprise security infrastructure including SOC 2 Type II certification, encryption at rest and in transit, and robust access controls.
• Cloudflare: Our documentation sites and web applications are hosted on Cloudflare with enterprise-grade security.
• Supabase: Contact form submissions and CRM data are stored in Supabase with encryption and access controls.

We implement administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and security of your information. However, no method of internet transmission or electronic storage is completely secure. By using the Services, you acknowledge and accept these inherent risks.

7. Data Retention

We retain your information for as long as necessary to:

• Provide the Services.
• Fulfill operational and business purposes.
• Comply with legal obligations.
• Resolve disputes and enforce our agreements.

Your policy repositories remain under your control in GitHub. Upon termination of services, you retain full access to your repositories. We will delete our copies of your business information upon request, subject to legal retention requirements.

8. Your Rights

You have rights regarding your personal information, subject to applicable law. These rights may include:

• Access to the information we maintain about you.
• Correction of inaccuracies.
• Deletion of your personal information.
• Data portability (your policies are always exportable from GitHub).
• Opt-out of marketing communications.

To exercise your rights, please contact us using the information provided below. We will respond to requests in accordance with applicable legal standards.

9. Cookies and Tracking

We use cookies and similar tracking technologies to analyze website traffic and improve our Services. We use Google Tag Manager for analytics. You can control cookie preferences through your browser settings. Our Services will continue to function if you disable cookies, though some features may be limited.

10. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updated versions will be posted on our website with a revised "Effective Date." Continued use of the Services after changes are posted constitutes your acceptance of the revised Privacy Policy. We will make reasonable efforts to notify active clients of material changes.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, you may contact us at:

Email: bert@ownyourcompliance.com