RegMapAI

Privacy Policy

Last Updated: May 2026

Table of Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. Data Retention
  5. Data Sharing and Disclosure
  6. Data Security
  7. Your Rights and Choices
  8. International Data Transfers
  9. CCPA and State Privacy Rights
  10. Children's Privacy
  11. Cookies and Tracking
  12. Third-Party Services
  13. Policy Changes
  14. Contact Us

1. Introduction

RegMapAI, Inc. ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (the "Site") and use our services (the "Services").

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Services. By accessing and using RegMapAI, you signify that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

2. Information We Collect

We collect information in various ways, including when you voluntarily provide it to us, when third parties provide it, and through automatic tracking technologies.

2.1 Information You Provide Directly

Account Registration: When you create an account, we collect your name, email address, company name, phone number, job title, and password.

Billing Information: To process payments, we collect credit card number, billing address, and transaction history. Payment processing is handled by PCI-compliant third-party processors who do not share your card information with us.

Support Communications: When you contact our support team, we collect the content of your messages, email address, phone number, and any attachments.

Feedback and Surveys: We may collect information when you respond to surveys, provide product feedback, or participate in user research.

2.2 Information Collected Automatically

Usage Data: When you access our Services, we automatically collect information about your interactions, including pages viewed, features used, search queries, referring URL, browser type, operating system, and device identifiers.

Log Data: Our servers automatically log information including IP address, access times, request methods, response codes, and bytes transferred.

Device Information: We collect information about your device including model, OS version, unique device identifiers, and mobile network information.

2.3 Connector-Generated Data

Infrastructure Metadata: When you deploy our connector to discover network assets, we collect metadata about your infrastructure including IP addresses, hostnames, software versions, security configurations, and compliance-relevant attributes. We do not collect or store actual data payloads, credentials, or personal data from systems being scanned.

Compliance Data: We process information about your compliance status, audit findings, control mappings, and risk assessments to generate reports and recommendations.

3. How We Use Your Information

RegMapAI uses the information we collect for legitimate business purposes:

  • Providing, maintaining, and improving our Services
  • Creating and managing your account
  • Processing transactions and sending transaction-related emails
  • Sending administrative communications, updates, and security alerts
  • Responding to your inquiries and providing customer support
  • Conducting marketing and promotional activities (with your consent)
  • Analyzing usage patterns and service performance optimization
  • Detecting, investigating, and preventing fraud and security incidents
  • Complying with legal obligations and enforcing our agreements
  • Training and improving our AI compliance agent and discovery algorithms
  • Creating anonymized, aggregated reports on compliance trends

4. Data Retention

Account Data: We retain your account information for as long as your account is active. If you close your account, we retain certain data for tax, legal, and legitimate business purposes, but delete personally identifiable information after 90 days unless required by law to retain it longer.

Infrastructure Metadata: Connector-collected infrastructure metadata is retained for 12 months unless you configure a different retention period. Historical compliance snapshots are retained for 7 years to support regulatory reporting and audit trails.

Support Tickets: We retain support conversations and correspondence for 3 years to support compliance investigations and improve our support processes.

Log Data: Server access logs are retained for 90 days. Extended retention is available for Enterprise customers.

Backup Data: We maintain secure backups of customer data for up to 30 days after deletion to prevent accidental loss.

5. Data Sharing and Disclosure

Service Providers: We share information with third-party service providers who perform services on our behalf, including cloud infrastructure providers (AWS), payment processors, analytics services, and customer support platforms. All service providers are bound by confidentiality obligations and data processing agreements.

Business Transfers: If RegMapAI is involved in a merger, acquisition, bankruptcy, or asset sale, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

Legal Requirements: We may disclose your information if required by law, court order, or government authority. We provide notice to customers of legal requests whenever legally permitted.

Security and Protection: We may disclose information to enforce our Terms of Service, prevent fraud, or protect the security of our systems and users.

Aggregated Data: We may share aggregated, anonymized data about compliance trends, usage patterns, and security insights with partners and industry organizations. This data cannot identify you.

6. Data Security

RegMapAI employs comprehensive security measures to protect your information:

  • Industry-standard encryption (AES-256) for data at rest
  • TLS 1.2+ encryption for data in transit
  • Network segmentation and firewall protection
  • Role-based access control and principle of least privilege
  • Multi-factor authentication for administrative accounts
  • Regular penetration testing and security audits
  • Incident response procedures and breach notification protocols
  • Annual SOC 2 Type II audits confirming security controls

While we implement strong security measures, no method of transmission over the internet is 100% secure. We encourage users to maintain strong passwords and enable multi-factor authentication.

7. Your Rights and Choices

Access and Portability: You have the right to request access to your personal data and to receive it in a portable, machine-readable format. Submit requests to [email protected].

Correction: You may update or correct inaccuracies in your account information by logging into your account or contacting support.

Deletion: You may request deletion of your account and associated data. Upon request, we will delete your personal information within 30 days, except where retention is required by law.

Marketing Communications: You may opt out of promotional emails by clicking the unsubscribe link in any email or managing preferences in your account settings. Note that we will continue to send administrative and transactional communications.

Cookie Management: You can control cookies through your browser settings and our cookie preference tool.

8. International Data Transfers

RegMapAI operates globally. Your information may be transferred to, stored in, and processed in countries other than your country of residence, which may have different data protection laws. These countries may include the United States, European Union member states, and Asia-Pacific regions.

When we transfer information internationally, we implement safeguards including Standard Contractual Clauses, Binding Corporate Rules, and adequacy decisions recognized under applicable laws.

By using our Services, you consent to the transfer of your information to countries outside your country of residence, including countries that may not have equivalent data protection laws.

9. CCPA and State Privacy Rights

If you are a California resident or resident of another jurisdiction with privacy laws, you may have certain rights:

Right to Know: You may request what personal information we collect, use, and share.

Right to Delete: You may request deletion of personal information we collected from you, subject to certain exceptions.

Right to Opt-Out: You may opt out of the "sale" or "sharing" of your personal information. RegMapAI does not sell personal information, but we may share it for cross-context behavioral advertising purposes.

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at [email protected] or call +1 (415) 555-0136. We will verify your identity before processing requests.

10. Children's Privacy

RegMapAI Services are not intended for individuals under 13 years of age, and we do not knowingly collect information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete such information and terminate the child's account.

For users between 13 and 18, we provide additional privacy protections and encourage parental involvement.

11. Cookies and Tracking Technologies

RegMapAI uses cookies and similar tracking technologies to enhance your experience:

Essential Cookies: Required for authentication, security, and basic functionality of our Services.

Analytics Cookies: Used to understand how users interact with our Services, helping us improve performance and user experience.

Marketing Cookies: Used with your consent to deliver personalized marketing content and measure campaign effectiveness.

You can control cookies through your browser settings. Some functionality may be limited if cookies are disabled. See our Cookie Policy for detailed information and to manage preferences.

12. Third-Party Services

Our Services may contain links to third-party websites and integrations with external services (e.g., cloud providers, authentication services). This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices. We encourage you to review their privacy policies before providing information.

Common third-party integrations include:

  • Amazon Web Services (AWS) for cloud infrastructure
  • Google Cloud Platform (GCP) and Microsoft Azure for multi-cloud support
  • Okta and Azure AD for identity and access management
  • Stripe for payment processing
  • Slack for notifications and alerts

13. Policy Changes

RegMapAI may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes via email or through a prominent notice on our website. Your continued use of our Services after such notice constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our privacy practices, please contact us:

RegMapAI, Inc.
Data Protection Officer
475 California Ave
San Francisco, CA 94110
[email protected]
+1 (415) 555-0136

We will respond to verified requests within 30 days or as required by applicable law.