Legal

Privacy Policy

How C'S3 Consultancy Corp collects, uses, and protects your personal information when you use the Auditerra platform.

Effective Date:May 1, 2025  · Last Updated: May 1, 2025

Contents

Questions?

privacy@auditerra.com →
📋

Introduction

This Privacy Policy describes how C'S3 Consultancy Corp ("Auditerra," "we," "our," or "us") collects, uses, and discloses personal information when you access or use the Auditerra platform, websites, and related services (collectively, the "Services"), as well as your rights and choices regarding your information.

🔍

Scope of This Privacy Policy

This Privacy Policy applies to personal information collected by Auditerra when acting as a data controller, including through:

  • Auditerra websites
  • Platform access and usage
  • Customer support interactions
  • Events, communications, and inquiries
Note: A separate agreement governs the processing of Customer Data. In those cases, Auditerra acts as a data processor on behalf of the customer. This Privacy Policy does not apply to third-party services integrated into Auditerra.
📥

Information We Collect

1. Information You Provide

Account Information

  • Name, email address, phone number
  • Company name and role
  • Login credentials
  • Billing and payment details

Customer Content

  • Documents, certifications, and compliance data uploaded
  • Assessment responses, audit evidence, and uploaded files

Support & Communications

  • Messages, support tickets, and attachments
  • Meeting recordings (where applicable and with consent)

2. Information Collected Automatically

  • Platform interactions, assessment activity, and integration usage
  • IP address, browser type, access times, and device information
  • Approximate location derived from IP address
  • Cookies and similar tracking technologies for functionality and analytics

3. Information from Third Parties

  • Business partners and service providers
  • Analytics providers
  • Public or commercial databases
  • Integration partners (when enabled by the user)
⚙️

How We Use Information

  • Provide, operate, and improve Auditerra Services
  • Manage accounts and billing
  • Deliver compliance assessments and reporting
  • Communicate with users (support, updates, notifications)
  • Develop new features and functionality
  • Monitor usage and improve platform performance
  • Prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We may also use data in aggregated or de-identified form for analytics and business insights.

🗓️

Data Retention

We retain personal information only as long as necessary to:

  • Provide the Services
  • Meet legal and regulatory obligations
  • Resolve disputes and enforce agreements
🤝

How We Share Information

Service Providers
Third parties supporting hosting, analytics, payments, and operations under appropriate data processing agreements.
Business Partners
For co-hosted services, integrations, or events where you have indicated interest.
Affiliates
Entities under common ownership or control with Auditerra, subject to this Privacy Policy.
Legal Authorities
When required by applicable law, court order, or legitimate legal process.
Corporate Transactions
In the event of a merger, acquisition, or asset sale, subject to confidentiality obligations.
With Your Consent
When you explicitly authorize us to share your information with a third party.
🔒 We do not sell personal data. Auditerra does not sell, rent, or trade your personal information to third parties for their marketing purposes.
🛡️

Security

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 for all data in transit
  • Role-based access controls and least-privilege enforcement
  • Annual third-party penetration testing
  • Continuous vulnerability monitoring and patching

However, no system is completely secure, and we cannot guarantee absolute protection against all threats.

🌍

International Data Transfers

Your information may be transferred to and processed in countries outside your home jurisdiction, including the United States. We implement:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • EU-US Data Privacy Framework participation
  • Data processing agreements with all sub-processors
👤

Your Rights

👁️
Access

Request a copy of the personal data we hold about you.

✏️
Correction

Request correction of inaccurate or incomplete information.

🗑️
Deletion

Request deletion of your personal data.

⏸️
Restriction

Request that we restrict processing in certain circumstances.

🚫
Objection

Object to processing based on legitimate interests.

📦
Portability

Receive your data in a structured, machine-readable format.

Contact privacy@auditerra.com to exercise your rights. We will respond within 30 days.
🧒

Children's Privacy

Auditerra is not intended for individuals under the age of 16. We do not knowingly collect personal data from minors.

🔄

Changes to This Policy

  • Updated policy posted on this page with a revised effective date
  • Email or in-platform notification for significant changes
📬

Contact Us

Legal Entity

C'S3 Consultancy Corp
Attn: Data Privacy

Data Privacy Inquiries

📧 privacy@auditerra.com →