Privacy Policy

Last updated: October 30, 2024

1. Introduction

IsoDORA ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-driven ISO certification and compliance platform.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

  • Name and contact information (email address, phone number)
  • Account credentials (username and password)
  • Organization information
  • Professional information
  • Payment information (processed securely through third-party providers)

2.2 Usage Information

We automatically collect certain information when you use our services:

  • Log data (IP address, browser type, operating system)
  • Device information
  • Usage patterns and preferences
  • Cookies and similar tracking technologies

2.3 Content and Documents

When you use our platform, we collect and process:

  • Documents you upload for compliance analysis
  • Interview responses and chat conversations
  • Assessment data and compliance records
  • Reports and analytics you generate

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process your transactions and send related information
  • Send you technical notices, updates, and support messages
  • Respond to your comments and questions
  • Analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our Terms of Service

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the specific context:

  • Contract Performance: Processing necessary to perform our contract with you
  • Consent: You have given us explicit consent to process your information
  • Legitimate Interests: Processing necessary for our legitimate business interests
  • Legal Compliance: Processing necessary to comply with legal obligations

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Legal Requirements: When required by law or to protect our rights
  • With Your Consent: When you explicitly authorize us to share your information

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication
  • Employee training on data protection
  • Incident response procedures

7. Your Data Protection Rights

Under GDPR and other data protection laws, you have the following rights:

  • Access: Request copies of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Restriction: Request restriction of processing
  • Data Portability: Request transfer of your data
  • Objection: Object to our processing of your data
  • Withdraw Consent: Withdraw consent at any time

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When we no longer need your information, we will securely delete or anonymize it.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

Email: privacy@isodora.se
Data Protection Officer: dpo@isodora.se