SOC Review

Privacy Policy

Last Updated: January 18, 2025

Introduction

SOC Review ("we", "our", or "us") is committed to protecting your privacy and the security of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SOC 1 Type II report analysis platform.

We understand that you're trusting us with sensitive audit data, and we take that responsibility seriously. This policy outlines our practices and your rights regarding your personal and business information.

Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Company/organization name
  • Password (encrypted and never stored in plain text)
  • Billing information (processed securely through Stripe)

Uploaded Documents

When you use our platform, we process:

  • SOC 1 Type II reports you upload for analysis
  • Extracted data from those reports
  • Your annotations, comments, and review notes
  • Assessment configurations and settings

Usage Information

We automatically collect:

  • IP address and browser information
  • Pages viewed and features used
  • Time spent on the platform
  • Error logs and performance metrics

How We Use Your Information

We use your information to:

  • Provide and improve our SOC review analysis services
  • Process and analyze uploaded SOC reports
  • Manage your account and billing
  • Send service-related notifications and updates
  • Provide customer support
  • Detect and prevent fraud or security issues
  • Improve our AI models and platform functionality
  • Comply with legal obligations

Data Security

We implement bank-level security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Strict role-based access controls and authentication
  • Secure Storage: Documents stored in isolated, encrypted cloud storage
  • Regular Audits: Periodic security assessments and penetration testing
  • Monitoring: 24/7 security monitoring and threat detection
  • Backup: Regular encrypted backups with disaster recovery procedures

Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

  • Account Data: Retained until you delete your account
  • Uploaded Documents: Stored until you delete them or close your account
  • Transaction Records: Retained for 7 years for tax and compliance purposes
  • Usage Logs: Retained for 90 days for security and performance monitoring

Data Sharing and Disclosure

We do not sell your data. We only share information in these limited circumstances:

  • Service Providers: Trusted third parties who assist in operations (e.g., cloud hosting, payment processing) under strict confidentiality agreements
  • AI Processing: OpenAI for document analysis (subject to their enterprise privacy terms and zero data retention policy)
  • Legal Requirements: When required by law, court order, or legal process
  • Business Transfers: In the event of a merger, acquisition, or sale of assets (with notice to users)

We never use your uploaded SOC reports to train our AI models or share them with other users.

Your Privacy Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Download your data in a portable format
  • Opt-Out: Unsubscribe from marketing communications
  • Object: Object to certain data processing activities

To exercise these rights, contact us at privacy@soc-review.com.

Cookies and Tracking

We use essential cookies to:

  • Maintain your login session
  • Remember your preferences (e.g., theme selection)
  • Provide security features
  • Analyze platform usage and performance

You can control cookies through your browser settings, but disabling them may affect platform functionality.

International Data Transfers

Our servers are located in the United States. If you access our services from outside the US, your data will be transferred to and processed in the US. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable laws.

Children's Privacy

SOC Review is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or platform notification. Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

Email: privacy@soc-review.com

Support: support@soc-review.com