Audit Node Logo

Privacy Policy

Your privacy is fundamental to our mission. Learn how we protect, use, and manage your personal information.

Last updated: January 15, 2024

Our Commitment to Privacy

At Audit Node, we understand that trust is the foundation of any successful audit relationship. This Privacy Policy explains how we collect, use, protect, and share your personal information when you use our enterprise audit management platform.

We are committed to transparency and compliance with global privacy regulations, including GDPR, CCPA, and other applicable data protection laws. This policy applies to all users of our platform, regardless of location.

Key Principles:

  • We only collect data necessary for our services
  • Your data is never sold to third parties
  • You maintain control over your information
  • Enterprise-grade security protects your data

Information We Collect

Account Information

Information you provide when creating an account or using our services.

Examples Include:

  • Name and contact information
  • Email address and phone number
  • Company and job title
  • Account credentials and preferences
Purpose:Account management and service delivery
Retention:Duration of account plus 7 years for compliance

Usage Data

Information about how you interact with our platform and services.

Examples Include:

  • Pages visited and features used
  • Time spent on platform
  • Click patterns and navigation
  • Audit workflow activities
Purpose:Service improvement and user experience optimization
Retention:2 years for analytics, indefinitely for aggregate trends

Audit Data

Professional data you upload or create within our audit management platform.

Examples Include:

  • Audit documentation and reports
  • Compliance records and findings
  • Team collaboration data
  • Custom configurations and templates
Purpose: Service delivery and compliance
Retention: As long as required by law or your retention policies

Communication Data

Records of our communications and support interactions.

Examples Include:

  • Support tickets and correspondence
  • Training session recordings
  • Feedback and survey responses
  • Marketing communication preferences
Purpose: Customer support and service improvement
Retention: Up to 3 years for support purposes

How We Use Your Information

We use your personal information only for legitimate business purposes related to providing and improving our audit management services:

Service Delivery:

  • • Provide access to our platform and features
  • • Process and store your audit data securely
  • • Enable team collaboration and communication
  • • Generate reports and analytics

Account Management:

  • • Create and maintain your account
  • • Authenticate and authorize access
  • • Provide customer support
  • • Send service-related communications

Legal Compliance:

  • • Meet regulatory requirements
  • • Maintain audit trails and records
  • • Respond to legal requests
  • • Protect against fraud and abuse

Service Improvement:

  • • Analyze usage patterns and trends
  • • Develop new features and capabilities
  • • Optimize platform performance
  • • Conduct security monitoring

When We Share Your Information

We do not sell, rent, or trade your personal information. We only share your data in limited circumstances:

Service Providers

We work with trusted third-party service providers who help us deliver our services, such as cloud hosting, payment processing, and customer support. These providers are contractually bound to protect your data and use it only for specified purposes.

Legal Requirements

We may disclose your information when required by law, court order, or government regulation, or when necessary to protect our rights, property, or safety, or that of our users or the public.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections outlined in this policy.

Your Privacy Rights

You have important rights regarding your personal information. Here's how you can exercise them:

Access Your Data

Request a copy of all personal data we hold about you in a portable format.

Correct Your Data

Update or correct any inaccurate or incomplete personal information.

Delete Your Data

Request deletion of your personal data, subject to legal retention requirements.

Data Portability

Receive your data in a structured, machine-readable format for transfer.

Restrict Processing

Limit how we process your personal data in certain circumstances.

Withdraw Consent

Withdraw consent for data processing where consent is the legal basis.

How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Team using the information below. We will respond to your request within 30 days and may require verification of your identity.

Data Security & Protection

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

Technical Safeguards:

  • • 256-bit AES encryption in transit and at rest
  • • Multi-factor authentication requirements
  • • Regular security audits and penetration testing
  • • Automated threat detection and response

Operational Controls:

  • • Role-based access controls and permissions
  • • Employee security training and background checks
  • • Incident response and breach notification procedures
  • • Regular data backup and disaster recovery testing

International Data Transfers

As a global platform, we may transfer your personal information to countries outside your jurisdiction. We ensure appropriate safeguards are in place for all international transfers:

Adequacy Decisions

We prioritize transfers to countries with adequacy decisions from relevant data protection authorities.

Standard Contractual Clauses

For other transfers, we use Standard Contractual Clauses approved by the European Commission.

Additional Safeguards

We implement additional technical and organizational measures to ensure data protection during transfers.

Children's Privacy

Our services are designed for business and professional use and are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 16, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will post the updated policy on our website with a new "Last Updated" date
  • For material changes, we will provide additional notice via email or platform notification
  • Your continued use of our services after changes take effect constitutes acceptance
  • We encourage you to review this policy periodically

Contact Our Privacy Team

If you have any questions about this Privacy Policy or our data practices, please contact our Privacy Team:

Mailing Address

2240 Lakeshore Boulevard West
Etobicoke, Ontario, Canada M8V0B1

Business Hours: Monday - Friday: 9:00 AM - 5:00 PM EST