Skip to main content
    Legal

    Privacy Notice

    This Notice explains what we collect on riskremedy.io and how we handle it. You can change your cookie choices any time from the link in the footer. See also our Terms of Use.

    1. Scope

    This Privacy Notice ("Notice") describes how RiskRemedy, Inc. ("RiskRemedy," "we," "us," or "our") collects, uses, discloses, and protects information when you visit riskremedy.io (the "Site"), interact with our marketing forms (Contact, Try, Snapshot, demo requests, newsletter), or otherwise engage with us as a prospective or actual customer. It applies to information processed on our own behalf. It does not apply to information we process on behalf of a customer under a separate written agreement, where the customer is the controller and we act as a processor.

    2. Information We Collect

    We collect information in three ways: (a) information you provide directly to us; (b) information we collect automatically; and (c) information we receive from third parties.

    Categories include:

    • Identifiers and contact information. Name, business email, company name, role, phone (if provided), and similar information you submit through our forms or send to us by email.
    • Content you submit. Documents, text, files, and other material you upload to a RiskRemedy tool (for example, a policy document submitted to the Policy Snapshot tool). Use of those tools is also governed by their own terms; see for example the Snapshot Terms of Use at /terms-snapshot.
    • Technical and usage information. IP address, user agent, device and browser type, referring URL, pages viewed, links clicked, timestamps, approximate location derived from IP, and similar information collected via server logs and cookies.
    • Cookies and analytics. See Section 4. With your consent (where required), we use Google Analytics 4 to measure aggregate site traffic.
    • Marketing data. Records of communications you send us, your engagement with our emails, and inferences we draw about whether you are likely to be interested in our services.

    3. How We Use Information

    We use the information described above to:

    • Operate, secure, and improve the Site and our services;
    • Respond to your inquiries, schedule demos, and provide requested information;
    • Generate, deliver, and support outputs of any tool you submit content to (such as Policy Snapshot reports);
    • Send transactional and operational messages (for example, a Snapshot report delivery email);
    • Send marketing communications where permitted by law (you can opt out at any time);
    • Measure and analyze usage of the Site and the effectiveness of our marketing;
    • Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our terms;
    • Comply with legal obligations, respond to lawful requests, and enforce our agreements;
    • Carry out corporate transactions such as financings, audits, mergers, or asset sales.

    4. Cookies, Analytics, and Similar Technologies

    We use a small set of cookies and similar technologies. Strictly necessary cookies are used to operate the Site and cannot be disabled. Analytics cookies are off by default and load only after you provide consent through our cookie banner.

    You can change your choice at any time by clicking "Cookie preferences" in the footer of any page. We honor the Global Privacy Control (GPC) browser signal as a request to opt out of any sale or sharing of personal information for cross-context behavioral advertising, where applicable.

    Other third-party technologies that load on the Site, in addition to cookies, include: (a) Google Fonts, which serves web fonts from Google's CDN and, as part of resource loading, transmits your IP address and user agent to Google; (b) Cloudflare Turnstile, a bot-protection challenge that loads on pages where you can submit content (for example, the Policy Snapshot upload page) and transmits your IP address, user agent, and a short behavioral signal to Cloudflare for fraud and abuse prevention; and (c) Google Analytics 4, described above, which loads only with your consent. None of these technologies are used for cross-context behavioral advertising.

    Cookies set on this Site
    NameProviderPurposeExpiration
    _gaGoogleDistinguishes unique visitors for analytics.Up to 2 years
    _ga_*GooglePersists session state for Google Analytics 4.Up to 2 years
    cc_cookieRiskRemedyStores your cookie-consent choices so the banner does not reappear.Up to 6 months

    5. How We Share Information

    We do not sell personal information for money. We do not share personal information for cross-context behavioral advertising. We disclose information only in the limited circumstances described below.

    • Service providers and subprocessors. We share information with vendors that perform services on our behalf under written agreements or applicable terms of service that restrict their use of the information. These include cloud hosting and infrastructure (Amazon Web Services, including AWS Amplify); web analytics (Google Analytics 4, loaded only with your consent); web font delivery (Google Fonts); bot-protection and abuse prevention (Cloudflare Turnstile, loaded on pages that accept content submissions); form submission processing for our Contact form (Formspree); large language model providers used to generate tool outputs from content you submit to our tools; and email delivery, error and performance monitoring, and similar operational service providers. We may update this list from time to time as we change vendors.
    • Within our group. We share information with our affiliates and subsidiaries that are subject to this Notice or to terms at least as protective.
    • Professional advisors. We share information with our auditors, attorneys, accountants, and insurers as reasonably necessary.
    • Corporate transactions. We may transfer information in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business. We will require the recipient to honor commitments we have made in this Notice.
    • Legal and safety. We may disclose information if we believe in good faith that disclosure is necessary to comply with applicable law or legal process, to enforce our terms, to protect the rights, property, or safety of RiskRemedy, our users, or others, or to investigate fraud, security incidents, or technical issues.
    • With your direction. We share information when you instruct us to do so.

    6. AI Models and Training

    We use third-party large language model providers to power features such as the Policy Snapshot tool. We do not authorize those providers to use content you submit to train their foundation models, and we do not use customer-submitted documents to train models offered to other customers. We may use de-identified or aggregated information, and metadata about how our tools are used, to operate, evaluate, and improve our services.

    7. Data Retention

    We retain personal information for as long as reasonably necessary for the purposes described in this Notice, including to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and context. Documents submitted to the Policy Snapshot tool are retained on the schedule described in the Snapshot Terms of Use. Analytics data is retained according to the default settings of Google Analytics 4 (currently up to 14 months for event-level data). When information is no longer needed, we delete or de-identify it.

    8. Security

    We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction, including encryption in transit, encryption at rest for stored documents, access controls, logging, and vendor diligence. No method of transmission or storage is perfectly secure. You are responsible for keeping any credentials we issue confidential and for promptly notifying us of any suspected unauthorized access.

    9. International Transfers

    RiskRemedy is based in the United States. If you access the Site from outside the United States, your information will be transferred to, stored in, and processed in the United States and other jurisdictions where we or our service providers operate. These jurisdictions may have data protection laws that differ from those in your country. By using the Site, you consent to such transfers. Where required by law, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses for international transfers from the EEA, UK, or Switzerland.

    10. Your Privacy Rights

    Depending on where you live, you may have the rights described below. To exercise any of these rights, contact us at privacy@riskremedy.io. We will respond within the time period required by applicable law. We may need to verify your identity before fulfilling a request. We will not discriminate against you for exercising any of these rights.

    Subject to applicable law and verification, you may have the right to:

    • Access. Request confirmation of whether we process personal information about you and a copy of that information.
    • Correction. Request correction of inaccurate personal information.
    • Deletion. Request deletion of personal information, subject to exceptions in applicable law.
    • Portability. Request a copy of personal information in a portable, machine-readable format.
    • Opt-out of sale or sharing. We do not sell personal information and we do not share personal information for cross-context behavioral advertising. The GPC browser signal will be treated as an opt-out request where applicable.
    • Limit use of sensitive personal information. We do not knowingly collect sensitive personal information through the Site.
    • Withdraw consent. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
    • Lodge a complaint. EEA, UK, and Swiss residents have the right to lodge a complaint with their local data protection authority.

    You may authorize an agent to submit a request on your behalf in accordance with applicable law. We may require the agent to provide proof of authorization and may require you to verify your own identity.

    11. Notice to California Residents

    This section supplements the rest of this Notice and applies to California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"). In the preceding twelve (12) months, we have collected the categories of personal information identified in Section 2: identifiers, internet/network activity information, commercial information, professional or employment-related information (for example, your job title), and inferences. We collect this information from the sources described in Section 2 and use it for the business purposes described in Section 3. We disclose these categories to the recipients described in Section 5. We do not sell personal information and we do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA.

    California residents have the rights to know, delete, correct, opt out of sale or sharing, and limit use of sensitive personal information, subject to verification and applicable exceptions. To exercise these rights, email privacy@riskremedy.io with the subject line "California Privacy Request." You may also designate an authorized agent to submit a request on your behalf.

    12. Children

    The Site is intended for business users and is not directed to children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child under 16 has provided us with personal information, please contact us and we will take steps to delete it.

    13. Third-Party Sites and Services

    The Site may contain links to third-party websites, services, and resources. We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy notices before providing them with any information.

    14. Changes to This Notice

    We may update this Notice from time to time. When we do, we will post the updated version on this page and update the "Last updated" date below. If changes are material, we will provide additional notice (for example, by email or a prominent notice on the Site). Your continued use of the Site after the changes take effect constitutes acceptance of the updated Notice.

    15. Contact Us

    Questions, requests, or complaints about this Notice or our privacy practices may be sent to privacy@riskremedy.io. You may also reach us by mail at RiskRemedy, Inc., attn: Privacy, at the address listed on our Contact page.

    Last updated: May 26, 2026. Questions: privacy@riskremedy.io.