Armcap ControlOps ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our governance, risk, and compliance (GRC) platform at armcapops.com (the "Service").

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. If you sign in via Google, we receive your name and email from Google's authentication service.

Platform Data

Data you enter into the Service — including risk registers, audit records, incident reports, compliance requirements, evidence, vendor assessments, business continuity plans, and related documents — is stored securely and treated as confidential.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, browser type, IP address, and timestamps. This data helps us improve the Service.

2. How We Use Your Information

Provide, operate, and maintain the Service
Authenticate your identity and manage your account
Process and respond to demo requests and support inquiries
Generate AI-assisted analysis (e.g., contract review, gap analysis) using third-party AI providers
Send service-related communications and updates
Monitor and improve the security and performance of the Service
Comply with legal obligations

3. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

Service providers — hosting (Vercel), database (Supabase), and AI processing (Anthropic) providers that help us operate the Service, bound by confidentiality obligations
Legal compliance — when required by law, court order, or government request
Business transfers — in connection with a merger, acquisition, or sale of assets, with notice to you

4. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS), encrypted storage, role-based access controls, and regular security reviews. While no system is 100% secure, we take reasonable steps to safeguard your information.

5. Data Retention

We retain your account and platform data for as long as your account is active or as needed to provide the Service. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., audit logs).

6. Your Rights

Depending on your jurisdiction, you may have the right to:

Access and receive a copy of your personal data
Correct inaccurate or incomplete data
Request deletion of your personal data
Object to or restrict certain processing
Export your data in a portable format

To exercise any of these rights, contact us at contact@armcapops.com.

7. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies. You can configure your browser to block cookies, but some features of the Service may not function properly.

8. Third-Party AI Processing

Certain features of the Service use AI models provided by Anthropic to analyze documents and generate insights. Data sent to AI providers is processed in accordance with their privacy policies and is not used to train their models. We only send the minimum data necessary to perform the requested analysis.

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or sending you an email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

contact@armcapops.com