Privacy Policy

1. Introduction

CompleteISO ("we", "us", or "our") respects your privacy and is committed to protecting personal data. This Privacy Policy explains what information we collect, how we use it, and the choices you have when you use our website at completeiso.com, our application at app.completeiso.com, and related services (together, the "Services").

Please read this policy carefully. By using the Services, you acknowledge that you have read and understood this Privacy Policy.

2. Who we are

CompleteISO provides an AI-assisted platform for ISO and related compliance management. For the purposes of applicable data protection law, CompleteISO is the data controller responsible for personal data processed through the Services unless we tell you otherwise in a separate agreement.

If you have questions about this policy or our use of your personal data, contact us at privacy@completeiso.com.

3. Information we collect

We may collect and process the following categories of personal data:

• Account and profile information — name, work email address, company name, job title, and account credentials when you register or are invited to the platform.
• Contact information — details you provide when you contact sales or support, request a demo, subscribe to updates, or complete forms on our website.
• Compliance and business data — information you upload or generate in the platform, such as policies, records, audit evidence, control mappings, and related metadata needed to deliver the Services.
• Usage and technical data — log files, IP address, browser type, device information, pages viewed, feature usage, and similar analytics needed to operate, secure, and improve the Services.
• Communications — content of emails, support tickets, and other messages you send to us.

Where you provide personal data about other individuals (for example, when inviting colleagues to your organisation's account), you are responsible for ensuring you have a lawful basis to do so and for informing them appropriately.

4. How we use your information

We use personal data to:

• Provide, maintain, and improve the Services
• Create and manage user accounts and organisations
• Respond to enquiries, provide customer support, and communicate about the Services
• Send service-related notices, security alerts, and administrative messages
• Monitor usage, troubleshoot issues, and protect against fraud, abuse, or security incidents
• Analyse trends to improve product performance and user experience
• Comply with legal obligations and enforce our terms
• Send marketing communications where permitted by law and according to your preferences

5. Legal bases for processing

If you are in the United Kingdom or European Economic Area, we process personal data on one or more of the following legal bases:

• Contract — where processing is necessary to provide the Services you or your organisation have requested.
• Legitimate interests — to operate, secure, and improve our business, provided those interests are not overridden by your rights (for example, analytics, fraud prevention, and direct business communications).
• Consent — where you have given clear consent, such as for optional marketing emails or non-essential cookies.
• Legal obligation — where we must process data to comply with applicable law.

6. Sharing your information

We do not sell your personal data. We may share information with:

• Service providers — trusted vendors who help us host infrastructure, provide email delivery, analytics, customer support, and other operational services, subject to appropriate contractual safeguards.
• Professional advisers — lawyers, auditors, insurers, and consultants where reasonably necessary.
• Authorities — regulators, courts, or law enforcement when required by law or to protect our rights, users, or others.
• Business transfers — in connection with a merger, acquisition, reorganisation, or sale of assets, subject to continued protection of your data.

Where your organisation uses CompleteISO, administrators within your organisation may access data submitted to your tenant in accordance with your account settings and internal permissions.

7. International transfers

Your information may be processed in countries outside your country of residence. Where we transfer personal data internationally, we implement appropriate safeguards, such as standard contractual clauses or equivalent mechanisms recognised under applicable data protection law.

8. Data retention

We retain personal data for as long as necessary to provide the Services, fulfil the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary depending on the type of data and your relationship with us. When data is no longer required, we delete or anonymise it in accordance with our retention practices.

9. Your rights

Depending on your location, you may have rights including:

• Access to a copy of the personal data we hold about you
• Correction of inaccurate or incomplete data
• Deletion of personal data in certain circumstances
• Restriction or objection to certain processing
• Data portability, where applicable
• Withdrawal of consent where processing is based on consent
• Lodging a complaint with a supervisory authority

To exercise these rights, contact privacy@completeiso.com. We may need to verify your identity before responding. If you are an end user of an organisation's CompleteISO account, some requests may need to be routed through your organisation's administrator.

10. Cookies and similar technologies

Our website and application may use cookies and similar technologies to remember preferences, keep you signed in, measure performance, and improve security. Essential cookies are required for core functionality. Where non-essential cookies are used, we will seek consent where required by law. You can manage cookies through your browser settings, although disabling certain cookies may affect how the Services work.

11. Security

We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, or alteration. These include encryption in transit, access controls, monitoring, and staff training. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

For more detail on our security practices, visit our Trust Center.

12. Children

The Services are intended for business use and are not directed at children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy on this page and revise the "Last updated" date. Where appropriate, we may also notify you by email or through the Services.

14. Contact us

If you have questions about this Privacy Policy or our data practices, contact:

CompleteISO — Privacy
Email: privacy@completeiso.com
General enquiries: Contact Us