ComplianceONE
Log inFree Trial
ComplianceONE
Free Trial
Login
HOME/PRIVACY POLICY

Last Updated: April 7, 2026

Platformone Group Inc. ("ComplianceONE," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at complianceone.ai and use our compliance management platform (collectively, the "Service").

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide, including:

  • Account Information: Name, email address, company name, job title, phone number when you register or contact us.
  • Billing Information: Payment details processed through our third-party payment processor. We do not store full credit card numbers.
  • Compliance Data: Information you input into the platform such as control implementations, policies, procedures, system descriptions, technology inventories, and assessment results.
  • Communications: Messages sent through contact forms, support tickets, or email correspondence.
  • Feedback: Suggestions, feature requests, or survey responses you submit.

1.2 Information Collected Automatically

When you access our Service, we automatically collect:

  • Usage Data: Pages visited, features used, time spent, click patterns, and navigation paths.
  • Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
  • Log Data: Server logs including access times, referring URLs, and error logs.

1.3 Information from Third-Party Integrations

When you connect third-party tools (e.g., CrowdStrike, Tenable, Microsoft Entra ID, Splunk, AWS), we collect compliance posture summaries such as endpoint coverage percentages, vulnerability counts, MFA adoption rates, and policy compliance status. We do not collect raw security data, individual user credentials, source code, or personally identifiable information from these integrations.

2. How We Use Your Information

We use collected information for the following purposes:

  • Provide, operate, and maintain the Service
  • Process your account registration and manage your subscription
  • Generate compliance documentation, assessments, and reports
  • Process AI-powered analysis using Azure OpenAI within GCC High
  • Send transactional communications (account confirmations, security alerts, billing notices)
  • Provide customer support and respond to inquiries
  • Improve and optimize the Service through analytics
  • Detect, prevent, and address fraud, abuse, or security issues
  • Comply with legal obligations

3. AI and Data Processing

ComplianceONE uses Azure OpenAI Service deployed within Microsoft Azure Government Cloud (GCC High) for AI-powered features. Important details about our AI data processing:

  • Your data is processed entirely within the GCC High boundary
  • Your data is never used for model training by OpenAI, Microsoft, or any third party
  • Your data never leaves the government cloud environment
  • AI prompts and responses are not stored by the AI provider
  • All AI processing meets IL4/IL5 requirements

4. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for the Service to function (authentication, session management, security).
  • Analytics Cookies: Help us understand how users interact with the Service to improve functionality and user experience.
  • Marketing Cookies: Used to deliver relevant advertising and measure campaign effectiveness. You may opt out of marketing cookies at any time.

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

5. How We Share Your Information

We do not sell your personal information. We may share information with:

  • Service Providers: Third-party vendors who assist in operating the Service (hosting, payment processing, analytics, customer support), bound by contractual obligations to protect your data.
  • Integration Partners: Only when you explicitly connect a third-party integration, and only the compliance posture data described in Section 1.3.
  • Legal Requirements: When required by law, subpoena, court order, or government request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.
  • With Your Consent: When you explicitly authorize sharing with a specific party.

6. Data Security

We implement industry-standard security measures to protect your information:

  • Hosted exclusively on Microsoft Azure Government Cloud (GCC High), a FedRAMP High authorized infrastructure
  • FIPS 140-2 validated encryption for data at rest and in transit
  • US-only datacenters operated by screened US personnel
  • Role-based access control (RBAC) with 9 built-in role types
  • Comprehensive audit logging with IP tracking
  • Data Sensitivity Guard with dual-layer scanning for CUI detection

While we strive to use commercially acceptable means to protect your data, no method of transmission over the Internet or electronic storage is 100% secure.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy. Specifically:

  • Active accounts: Data is retained for the duration of your subscription.
  • Free trial data: Retained for 7 days after the trial ends, then deleted.
  • Cancelled accounts: Data is retained for 30 days after cancellation to allow for reactivation, then permanently deleted.
  • Legal obligations: Certain data may be retained longer to comply with legal, tax, or regulatory requirements.

8. Your Privacy Rights

8.1 General Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal obligations.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing of your personal data for certain purposes.
  • Restriction: Request restriction of processing under certain circumstances.

8.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by us
  • Right to opt out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your CCPA rights

8.3 European Residents (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the rights listed in Section 8.1 above. Our legal basis for processing is contractual necessity (to provide the Service), legitimate interest (to improve the Service), and consent (for marketing communications).

To exercise any of these rights, contact us at info@platformoneinc.com. We will respond within 30 days.

9. International Data Transfers

Your information is processed and stored in the United States on Microsoft Azure Government Cloud (GCC High). If you are accessing the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

10. Children's Privacy

Our Service is not intended for anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under 18. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

11. Third-Party Links

Our Service may contain links to third-party websites or services not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. For significant changes, we may also notify you by email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us:

  • Email: info@platformoneinc.com
  • Address: Platformone Group Inc., 12110 Sunset Hills Rd Suite 600, Reston, VA 20190
  • Website: https://complianceone.ai