Privacy Policy

1. Introduction and Scope

This Privacy Policy describes how AccessPolicyIQ, Inc. ("Company", "we", "us", or "our") collects, uses, processes, and protects personal data in connection with our Unified Network Access Policy Management Platform (the "Service"). This policy applies to all users, including customers, administrators, and end-users accessing the platform. We are committed to complying with the GDPR, CCPA, and other applicable privacy regulations worldwide.

2. Information We Collect

We collect information from multiple sources to operate and improve our Service: (1) Account Information — name, email address, company name, phone number, and billing address when you create an account; (2) Network Policy Data — firewall rules, ACLs, network device configurations, and security policies you upload or connect to our platform; (3) Usage Data — interactions with the platform, features accessed, API calls made, and time spent on specific sections; (4) Technical Data — IP address, browser type, device information, operating system, and pages visited; and (5) Communication Data — messages sent through support channels, feedback, and support tickets.

3. Legal Basis for Processing

We process personal data based on: contract performance (providing and operating the Service you have purchased); legitimate interests (improving security, preventing fraud, and optimizing platform performance); consent (for marketing communications and optional analytics); and compliance (with legal obligations and regulatory requirements).

4. How We Use Your Information

We use collected information to: (1) provide, maintain, and improve the Service; (2) process transactions and send billing information; (3) respond to customer inquiries and support requests; (4) detect, investigate, and prevent fraudulent transactions and other illegal activity; (5) analyze usage patterns to optimize performance; (6) send transactional and administrative emails; (7) comply with legal obligations; and (8) with your consent, send marketing communications about new features and offerings.

5. Data Sharing and Disclosure

We do not sell your personal data. We share data only when necessary: (1) Service Providers — third-party vendors who assist with hosting, analytics, customer support, and payment processing under strict data processing agreements; (2) Legal Requests — when required by law, court order, or regulatory authority; (3) Business Transfers — in the event of merger, acquisition, or sale of assets; and (4) Compliance — to enforce our Terms of Service and protect our rights, privacy, safety, and property.

6. Data Retention

We retain personal data only as long as necessary to provide the Service. Account information is retained while your account is active and for 12 months after termination. Transactional data is retained for 7 years for compliance purposes. Usage analytics are retained for up to 24 months. You may request deletion of your personal data at any time, subject to legal retention requirements.

7. Data Security

We implement industry-standard security measures to protect your information, including encryption (TLS 1.2+), role-based access controls, multi-factor authentication, regular security audits, and intrusion detection. AccessPolicyIQ has completed SOC 2 Type II certification. However, no security system is impenetrable, and we cannot guarantee absolute security of all data.

8. Your Rights

Depending on your jurisdiction, you have rights including: right to access (request a copy of your personal data); right to rectification (correct inaccurate information); right to erasure ("right to be forgotten"); right to restrict processing (limit how we use your data); right to data portability (receive your data in a portable format); right to object (opt-out of certain processing activities); and right to withdraw consent (revoke previously given consent at any time). To exercise these rights, contact [email protected].

9. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to enhance your experience, analyze usage, and maintain security. Essential cookies are required for platform functionality. Analytics cookies help us understand how you use our Service. You can control cookie preferences through your browser or our Cookie Preferences panel. See our Cookie Policy for full details.

10. Third-Party Links

Our platform may contain links to third-party websites and services that are not operated by AccessPolicyIQ. We are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services before providing your information.

11. Children's Privacy

AccessPolicyIQ is designed for business and professional use. We do not knowingly collect personal data from children under 13. If we discover that we have collected data from a child under 13, we will delete it immediately and notify the parent or guardian.

12. International Data Transfers

If you are located in the European Economic Area or other jurisdictions with data protection laws, your personal data may be transferred to countries outside your jurisdiction for processing. We implement appropriate safeguards such as Standard Contractual Clauses and Binding Corporate Rules to ensure adequate protection of your information.

13. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via email or through a prominent notice on our website. Your continued use of the Service after modifications indicates acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or wish to exercise your privacy rights, please contact us at [email protected], or by mail at AccessPolicyIQ, Inc., 1500 Technology Drive, San Jose, California 95110, USA. Our Data Protection Officer can be reached at [email protected].