Privacy Policy

Introduction and Scope

RiskPath AI Limited ("RiskPath AI," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our SaaS platform, website, and related services. By accessing or using RiskPath AI, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Data Controller Information

RiskPath AI Limited is the data controller responsible for your personal information. Our registered office is located at 24 Glenard Crescent, Salthill, Galway, H91 DC6V, Ireland. For privacy-related inquiries, please contact us at privacy@riskpath.ai or +353 86 284 0619.

Categories of Personal Information We Collect

We collect several categories of personal information to provide, maintain, and improve our services:

Account and Profile Data: Name, email address, job title, company name, phone number, and authentication credentials.

Technical and Usage Information: IP address, browser type and version, device identifiers, operating system, access times, pages viewed, interaction patterns, and clickstream data.

Engineering Data: Log files, incident reports, error messages, project metadata, risk assessments, and aggregated performance metrics that you choose to upload or integrate through our platform.

Payment Information: Billing address and payment method details, which are processed securely through our third-party payment processors.

Communications: Content of messages, support tickets, feedback, and other communications you send to us.

How We Use Your Information

We process your personal information for the following purposes:

Service Delivery: To provide, operate, and maintain our risk management platform, including AI-powered analysis, risk scoring, pattern detection, and roadmap generation.

Account Management: To create and manage your account, authenticate users, and provide customer support.

Platform Improvement: To analyze usage patterns, optimize performance, develop new features, and enhance user experience.

Communication: To send transactional emails, service updates, security alerts, and respond to your inquiries.

Compliance and Security: To comply with legal obligations, enforce our terms, detect and prevent fraud, and protect the security and integrity of our platform.

Business Operations: To process payments, generate audit reports, and maintain accurate business records.

Legal Basis for Processing

We process your personal information based on the following legal grounds under GDPR and applicable data protection laws:

Contractual Necessity: Processing is necessary to perform our contract with you and provide the services you have requested.

Legitimate Interests: We process data for our legitimate business interests, including service improvement, fraud prevention, and direct marketing, provided these interests do not override your fundamental rights.

Legal Compliance: We process data to comply with legal obligations, including tax laws, financial regulations, and data protection requirements.

Consent: Where required by law, we obtain your explicit consent before processing certain categories of personal information.

Data Sharing and Third-Party Disclosures

We may share your personal information with the following categories of recipients:

Service Providers: Cloud infrastructure providers, payment processors, email service providers, analytics platforms, and customer support tools that help us operate our business.

Integration Partners: When you choose to connect third-party services (Jira, GitLab, Slack), we share limited data necessary to enable those integrations.

Professional Advisors: Lawyers, accountants, auditors, and consultants who require access to information to provide professional services.

Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business, your information may be transferred to the acquiring entity.

Legal Requirements: We may disclose information to law enforcement, regulatory authorities, or other third parties when required by law, court order, or to protect our legal rights.

We do not sell your personal information to third parties for their marketing purposes.

International Data Transfers

Your personal information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. When we transfer data internationally, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms to ensure your data receives adequate protection.

Data Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Account data is retained for the duration of your active subscription plus seven years for tax and accounting purposes. Engineering logs and incident data are retained according to your account settings, with a maximum retention period of five years. Marketing communications data is retained until you withdraw consent. We securely delete or anonymize data when it is no longer needed.

Security Measures and Data Protection

We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security practices include encryption in transit and at rest using TLS 1.3 and AES-256, role-based access controls and multi-factor authentication, regular security audits and penetration testing, automated threat detection and monitoring systems, secure data backup and disaster recovery procedures, and employee training on data protection and security best practices. While we strive to protect your data, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Your Privacy Rights and Choices

Under applicable data protection laws, you have the following rights:

Access: You can request a copy of the personal information we hold about you.

Correction: You can request correction of inaccurate or incomplete personal information.

Deletion: You can request deletion of your personal information, subject to certain legal exceptions.

Portability: You can request a machine-readable copy of your personal information to transfer to another service provider.

Objection: You can object to processing based on legitimate interests or for direct marketing purposes.

Restriction: You can request restriction of processing in certain circumstances.

Withdrawal of Consent: Where processing is based on consent, you can withdraw consent at any time.

To exercise these rights, please contact us at privacy@riskpath.ai. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal information appropriately.

Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience, analyze usage patterns, and deliver personalized content. For detailed information about our use of cookies, including types of cookies, purposes, and your choices, please refer to our Cookie Policy.

Children and Minors

RiskPath AI is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have collected information from a child, please contact us immediately.

Marketing Communications and Opt-Out

We may send you marketing communications about our products, services, and events that we believe may interest you. You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails, adjusting your account preferences, or contacting us directly. Please note that even if you opt out of marketing communications, we will still send you transactional and service-related messages.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, the right to opt-out of the sale of personal information (note: we do not sell personal information), and the right to non-discrimination for exercising your privacy rights. California residents can exercise these rights by contacting us at privacy@riskpath.ai or calling +353 86 284 0619.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website, updating the "Last updated" date, and sending an email notification to your registered email address. Your continued use of RiskPath AI after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

Contact Information and Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@riskpath.ai

Phone: +353 86 284 0619

Address: RiskPath AI Limited, 24 Glenard Crescent, Salthill, Galway, H91 DC6V, Ireland

Our Data Protection Officer can be reached at dpo@riskpath.ai for matters specifically related to data protection compliance.