Privacy Policy

Introduction

Policy Change Radar ("we," "us," or "our") operates policychangeradar.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

Data Controller: [COMPANY_NAME], [ADDRESS]

What Data We Collect

Account Information

• Email address (required for account creation)
• Name (optional)
• Password (stored encrypted)
• Company name (optional)

Document Monitoring Data

• URLs and files you submit for monitoring
• Document versions and change history
• Your annotations, tags, and alert preferences
• Review and acknowledgment history

Billing Information

• Payment card information (processed and stored by Stripe, not by us)
• Billing address and contact information
• Transaction history

Usage Information

• IP address and browser information
• Pages visited and features used
• Session duration and interaction patterns
• Device and operating system information

Communications

• Support tickets and correspondence
• Email preferences and notification settings
• Feedback and survey responses

How We Use Your Data

We use your personal information for the following purposes:

Service Delivery

• Create and manage your account
• Monitor documents and detect changes as requested
• Send alerts and notifications about document changes
• Process payments and maintain billing records
• Provide customer support

Service Improvement

• Analyze usage patterns to improve features
• Test and develop new functionality
• Identify and fix bugs and performance issues

Security and Compliance

• Prevent fraud and unauthorized access
• Enforce our Terms of Service
• Comply with legal obligations
• Protect our rights and property

Communications

• Send service-related announcements
• Respond to inquiries and support requests
• Send marketing communications (with your consent, opt-out available)

Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide the Service you've subscribed to
• Legitimate Interests: Service improvement, fraud prevention, and security
• Legal Obligation: Compliance with tax, accounting, and legal requirements
• Consent: Marketing communications and optional features (you can withdraw consent anytime)

Data Sharing and Third Parties

We do not sell your personal information. We share data with third parties only as described below:

Service Providers (Subprocessors)

• Stripe: Payment processing (USA) - Privacy Policy
• Email Service Provider: Transactional emails and alerts (USA)
• Cloud Infrastructure: Data hosting and storage (USA)

See our Subprocessors page for a complete list.

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to:

• Comply with legal process
• Protect our rights, property, or safety
• Investigate fraud or security issues
• Enforce our Terms of Service

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and subject to a different privacy policy.

Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements
• Logging and monitoring of access to personal data
• Employee confidentiality obligations
• Incident response procedures

While we strive to protect your data, no method of transmission or storage is 100% secure. See our Security page for more details.

Data Retention

We retain your personal data for as long as necessary to provide the Service and comply with legal obligations:

• Account Data: Until you delete your account, plus 30 days for recovery
• Document Monitoring Data: According to your plan's history retention limit
• Billing Records: 7 years for tax and accounting purposes
• Usage Logs: 90 days for security and troubleshooting
• Support Communications: 3 years for quality and training purposes

After the retention period, we securely delete or anonymize your data.

Your Rights

Depending on your location, you have the following rights regarding your personal data:

Access and Portability

• Request a copy of your personal data
• Export your data in a machine-readable format

Correction and Deletion

• Update inaccurate or incomplete information
• Request deletion of your personal data (subject to legal retention requirements)

Restriction and Objection

• Restrict processing of your data in certain circumstances
• Object to processing based on legitimate interests
• Opt out of marketing communications anytime

Withdrawal of Consent

• Withdraw consent for processing that requires consent (doesn't affect prior processing)

Complaints

• Lodge a complaint with your local data protection authority

How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@policychangeradar.com. We will respond within 30 days (or as required by applicable law).

Cookies and Tracking

We use cookies and similar technologies for authentication, preferences, and analytics.

For detailed information about our use of cookies, see our Cookie Policy.

International Transfers

Your data is primarily stored and processed in the United States. If you are located outside the United States, your data may be transferred to and processed in the United States or other countries where our service providers operate.

We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all subprocessors
• Compliance with applicable data protection frameworks

Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at privacy@policychangeradar.com.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new policy on this page with an updated "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice on our Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

Contact Us

For questions about this Privacy Policy or our data practices, contact us at:

• Email: privacy@policychangeradar.com
• Mailing Address: [COMPANY_NAME], [ADDRESS]
• Support: support@policychangeradar.com