Product Frameworks Pricing Trust About
Sign in Book a demo

Legal

Privacy Policy

Last updated: April 8, 2026

Overview

EquanimGRC is operated by Atomlab LLC, an Arizona limited liability company. This privacy policy explains how we collect, use, store, and protect personal information when you use our website and platform.

We believe in minimizing data collection. We only collect information necessary to provide our service.

Information we collect

Account information. When you create an account, we collect your name, email address, and organization name. If you subscribe to a paid plan, our payment processor (Stripe) collects billing information — we do not store credit card numbers.

Usage data. We collect basic analytics about how you use the platform to improve our product. This includes pages visited, features used, and session duration. We use Google Analytics for our marketing site.

Compliance data. You may upload policies, evidence documents, vendor information, and other compliance artefacts. This data belongs to you. We process it only to provide the service.

How we use your information

  • To provide and maintain the EquanimGRC platform
  • To process your payments through Stripe
  • To send you product updates and security notifications
  • To improve our product based on usage patterns
  • To respond to your support requests

AI and your data

EquanimGRC uses AI to assist with policy drafting, gap analysis, and compliance recommendations. Your data is processed by AI models to provide these features.

We do not use your compliance data to train AI models. Your documents, policies, and evidence are never used as training data. AI processing happens in isolated, per-tenant environments. See our AI policy for details.

Data storage and security

Your data is stored on Google Cloud Platform infrastructure. All data is encrypted at rest and in transit. We use tenant isolation to ensure your data is separated from other customers.

For enterprise customers on dedicated plans, your data runs on isolated infrastructure with its own database.

Data retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data and compliance artefacts within 30 days. We may retain anonymized usage data for product improvement.

Third-party services

We use the following third-party services that may process your data:

  • Stripe — Payment processing
  • WorkOS — Authentication and SSO
  • Google Cloud — Infrastructure and AI services
  • Cloudflare — CDN, DNS, and DDoS protection
  • Google Analytics — Marketing site analytics

Your rights

You have the right to access, correct, or delete your personal data. You can export all your compliance data at any time through the platform. To exercise these rights or ask questions about this policy, contact us at [email protected].

Changes to this policy

We will notify you of material changes to this policy via email or through the platform at least 30 days before they take effect. Minor changes may be posted here without direct notice.

Atomlab LLC · Phoenix, AZ · [email protected]