Auditshoreauditshore

Privacy Policy

Last updated: May 6, 2026

1. Introduction

This Privacy Policy describes how Auditshore LLC ("we," "us," or "our") collects, uses, and protects your information when you use Auditshore ("the Service"). We are committed to protecting the confidentiality and security of your data.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Organization name
  • Password (stored securely — we never store plaintext passwords)

Uploaded Content

When you use the Service, you may upload:

  • SOC reports (PDF documents)
  • Client and vendor information
  • Internal control frameworks
  • Review notes and annotations

Usage Data

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Feature usage patterns (for product improvement)
  • Error reports for reliability monitoring (no SOC report content is included)

3. How We Use Your Information

We use your information to:

  • Provide the Service: Process SOC reports, run AI analysis, and display results
  • AI Processing: Send document content to AI processing providers to generate the analysis you request. See Section 4 for retention principles
  • Communicate: Send transactional emails (invitations, status updates, password resets)
  • Improve the Service: Analyze usage patterns and fix errors
  • Maintain Security: Detect and prevent unauthorized access

4. Data Sharing

We do not sell your data. We share data only with the categories of service providers required to operate the Service:

  • AI Processing Providers: Document content is sent for AI analysis. These providers may retain API inputs and outputs for limited periods for trust and safety purposes, and do not use your data to train their models.
  • Infrastructure: Hosting, database, authentication, file storage, and traffic analytics
  • Job Orchestration: Asynchronous pipeline execution for long-running analysis
  • Demo Scheduling: Information you provide when booking a demo (name, email, scheduling preferences)
  • Error Monitoring: Technical error data for reliability — no SOC report content is included
  • Legal Requirements: If required by law, court order, or to protect our rights

For the current list of specific subprocessors with vendor-specific retention details, see our Subprocessors page. Customers requiring a Data Processing Agreement (DPA) may request one from legal@auditshore.io.

5. Data Security

We protect your data through:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest (database-level encryption)
  • Row-level security ensuring organization-level data isolation
  • Role-based access control within organizations
  • Secure authentication with hashed credentials
  • Regular security reviews

Report a vulnerability: security@auditshore.io.

6. Data Retention

We retain your data for as long as your account is active. Upon account termination, you may request data export within 30 days. After that period, we will delete your data within 90 days, except where retention is required by law.

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information via your account settings
  • Deletion: Request deletion of your account and associated data
  • Export: Request a machine-readable export of your data
  • Objection: Object to certain processing activities

To exercise these rights, contact us at legal@auditshore.io.

8. Cookies

  • Authentication: First-party authentication session cookies. Essential for the Service to function and cannot be disabled.
  • Analytics: We use a cookieless analytics provider — no tracking cookies are set for analytics.
  • Demo booking: Our demo scheduling provider may set third-party cookies, but only if and when you interact with the demo booking widget.

We do not use tracking, advertising, or cross-site behavioral cookies.

9. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete personal information, the right to correct inaccurate personal information, and the right to non-discrimination for exercising these rights.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. To exercise your California rights, contact legal@auditshore.io.

10. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites.

11. Children's Privacy

The Service is not intended for use by individuals under 18. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification at least 30 days before they take effect.

13. Contact

For privacy-related inquiries, contact us at legal@auditshore.io.

Auditshore LLC
Email: legal@auditshore.io