Privacy Policy

Welcome to Auditly ("Auditly", "we", "our", or "us").

Auditly provides governance, risk, compliance, audit readiness, vendor risk management, policy management, security monitoring, AI-powered compliance assistance, integrations, APIs, and related services designed to help organizations establish, manage, maintain, and demonstrate trust.

This Privacy Policy describes how we collect, use, process, disclose, transfer, store, and protect information when you access or use our websites, applications, APIs, integrations, AI-powered services, products, and related offerings (collectively, the "Services").

Because Auditly is a compliance and security platform, we may process a significant amount of customer-provided information, compliance records, documentation, security-related data, audit evidence, and operational information necessary to provide our Services.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy applies to: Auditly websites, Auditly applications, Auditly platform services, Auditly APIs, Auditly integrations, KIVO AI assistant, Customer support interactions, Marketing communications, Compliance advisory services, Trust center services, and Audit readiness services.

This Privacy Policy does not apply to third-party websites, products, services, or platforms that may be linked to or integrated with Auditly.

Information You Provide Directly

We may collect information you voluntarily provide, including: Name, Business email address, Phone number, Company name, Job title, Department, Billing information, Account credentials, Communications with our team, Support requests, Survey responses, Meeting information, Demo requests, Contact forms, and Uploaded files and attachments.

Account & User Information

We may process: User profiles, User settings, Authentication information, Access permissions, User roles, Team information, Organizational structure information, and User activity records.

Compliance Program Information

Auditly may process information relating to a customer's governance, risk, compliance, privacy, and security programs, including: Compliance frameworks, Control libraries, Compliance controls, Control mappings, Compliance assessments, Compliance obligations, Framework requirements, Compliance readiness data, Gap assessments, Compliance reports, Remediation activities, and Compliance milestones.

Audit & Assurance Information

We may process: Audit evidence, Audit findings, Audit requests, Audit reports, Auditor communications, Certification records, Attestation records, Supporting documentation, Audit readiness assessments, Auditor comments, and Corrective actions.

Security Program Information

We may process: Security policies, Security procedures, Security standards, Incident response plans, Business continuity plans, Disaster recovery plans, Access review records, Vulnerability information, Security awareness records, Security controls, and Security assessments.

Risk Management Information

We may process: Risk assessments, Risk registers, Risk treatment plans, Risk ownership records, Risk scoring information, Business impact assessments, Residual risk evaluations, and Compliance risk information.

Vendor & Third-Party Information

We may process: Vendor inventories, Vendor contacts, Vendor assessments, Security questionnaires, Vendor risk evaluations, Due diligence information, Vendor compliance documentation, and Contract information.

Documentation & Customer Content

Customers may upload and store information including: Policies, Procedures, Standards, Certifications, Audit reports, Contracts, Statements of Applicability, Compliance evidence, Screenshots, Logs, Reports, Presentations, Spreadsheets, Risk assessments, Governance documentation, Vendor documentation, and other compliance-related content. Auditly processes such content solely to provide and improve the Services.

When users interact with the Services, we may automatically collect: IP addresses, Browser information, Device identifiers, Operating system information, Session information, Referring URLs, Log files, Usage information, Diagnostic information, Performance information, and Security monitoring information. We use this information to maintain platform security, improve functionality, diagnose issues, and optimize performance.

Auditly provides integrations and connectivity capabilities designed to automate compliance operations, evidence collection, and security monitoring. Customers may connect third-party services using APIs, OAuth, service accounts, webhooks, connectors, integrations, or other supported mechanisms.

Cloud Infrastructure Integrations include examples such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, Oracle Cloud Infrastructure, and DigitalOcean.

Identity & Access Management Integrations include examples such as Okta, Microsoft Entra ID, Google Workspace, JumpCloud, and OneLogin.

Development & Source Control Integrations include examples such as GitHub, GitLab, Bitbucket, and Azure DevOps.

Human Resources Integrations include examples such as BambooHR, Rippling, Deel, Workday, and Gusto.

Endpoint & Device Management Integrations include examples such as Jamf, Kandji, Microsoft Intune, and Workspace ONE.

Collaboration Integrations include examples such as Slack, Microsoft Teams, and Google Workspace.

Project Management Integrations include examples such as Jira, ServiceNow, Asana, Linear, and ClickUp.

Security & Monitoring Integrations include examples such as CrowdStrike, SentinelOne, Microsoft Defender, Wiz, Lacework, Snyk, and Datadog.

Custom Integrations allow customers to also connect internal applications, private systems, custom APIs, on-premise environments, proprietary software, and enterprise infrastructure.

Depending on permissions granted by customers, Auditly may retrieve: User information, Group memberships, Access permissions, Authentication settings, MFA status, Device information, Endpoint information, Infrastructure metadata, Repository metadata, Configuration information, Compliance evidence, Audit logs, Activity logs, Security events, Vulnerability information, Change management information, Vendor information, Monitoring information, and Configuration snapshots. Auditly retrieves only the information reasonably necessary to provide the Services.

We use information to: Provide and operate the Services, Authenticate users, Process transactions, Deliver customer support, Manage accounts, Improve platform functionality, Monitor platform performance, Generate reports and analytics, Maintain platform security, Conduct troubleshooting, Detect fraud and abuse, Enforce agreements, Meet contractual obligations, Comply with legal requirements, Communicate service updates, and Deliver product notifications.

Auditly may provide AI-powered functionality through KIVO and other intelligent automation services. KIVO may process user prompts, policies, compliance documents, controls, risk assessments, audit evidence, uploaded files, customer content, and compliance metadata, to provide compliance assistance, policy generation, report generation, risk analysis, audit preparation, documentation support, summarization, search and retrieval, workflow automation, and compliance recommendations. Customers remain responsible for determining what information they submit to AI-powered functionality.

Where required by applicable law, Auditly processes information on one or more of the following legal bases: Performance of a contract, Legitimate business interests, Compliance with legal obligations, Protection of vital interests, Customer consent, and Customer instructions.

We do not sell personal information.

We may share information with Service Providers supporting cloud infrastructure, hosting, analytics, security monitoring, communications, payment processing, customer support, and AI services.

We may share information with Professional Advisors including auditors, legal advisors, consultants, and accountants.

Information may be transferred as part of Business Transfers such as mergers, acquisitions, reorganizations, asset sales, and financing transactions.

We may disclose information when required by Legal Requirements to comply with applicable laws, respond to lawful requests, protect our rights, investigate misuse, detect fraud, and protect users and customers.

Customers retain ownership of their data. Auditly does not acquire ownership rights to customer content, evidence, controls, policies, reports, documentation, risk records, audit materials, or uploaded files. We process customer data solely for the purpose of providing the Services and fulfilling contractual obligations.

Because Auditly is a platform designed to support compliance and security programs, protecting customer information is fundamental to our operations. We maintain administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, destruction, misuse, or alteration.

Infrastructure Security includes network segmentation, firewalls, DDoS protection, infrastructure monitoring, and secure cloud architecture.

Data Protection includes encryption in transit, encryption at rest, secure backups, key management controls, and data isolation mechanisms.

Access Controls include role-based access control, multi-factor authentication, least-privilege access, administrative approval workflows, and access reviews.

Monitoring & Detection includes security monitoring, audit logging, threat detection, security alerting, and vulnerability management.

Secure Development Practices include secure software development lifecycle practices, code reviews, dependency monitoring, security testing, and vulnerability remediation.

We retain information for as long as necessary to provide the Services, maintain customer accounts, meet legal obligations, resolve disputes, enforce agreements, maintain security, and support ongoing compliance activities. Retention periods may vary based on the type of information, contractual obligations, and legal requirements.

Auditly may utilize globally distributed infrastructure and service providers. Information may be processed, stored, transferred, replicated, or backed up across multiple jurisdictions for purposes including service delivery, security monitoring, disaster recovery, business continuity, customer support, and legal compliance. Where required, appropriate safeguards will be implemented for international transfers.

Auditly may use cookies, local storage technologies, analytics tools, and similar technologies to operate the Services, improve functionality, enhance security, understand usage patterns, measure performance, and personalize user experiences. Users may manage cookie preferences through browser settings where available.

Depending on applicable laws, users may have rights including access, correction, deletion, restriction of processing, objection to processing, data portability, and withdrawal of consent. Requests may be submitted using the contact information below.

The Services are intended for business users and organizations. Auditly does not knowingly collect personal information from individuals under the age of 18. If we become aware that information has been collected from a child, we will take reasonable steps to delete such information.

We may update this Privacy Policy periodically. Updated versions will be published on this page with a revised "Last Updated" date. Continued use of the Services following any update constitutes acceptance of the revised Privacy Policy.

If you have questions regarding this Privacy Policy or our privacy practices, please contact us at: DocGen Private Limited, 3rd Floor, Orchid Center, Golf Course Road, Sector 53, Gurugram, Haryana 122002, India. Email: privacy@auditly.ai, Support: support@auditly.ai, Website: https://www.auditly.ai