DomainGRC Privacy Policy

Effective date: January 17, 2025

Last updated: July 17, 2025

 

This Privacy Policy describes how DomainGRC, Inc (“we," “us,” or “DomainGRC”) collects, uses and shares information that applies to our compliance platform (“the Service”) and your choices about the collection and use of your information. 

​

Scope of this Policy

This Privacy Policy applies to the DomainGRC compliance platform (the “Service”), and other interactions (e.g. customer service inquiries, sales related, etc.) you may have with DomainGRC. In addition, a separate agreement governs delivery, access, and use of the Service (the “MSA”), including the processing of any data submitted through the Service (“Tenant Data”). 

 

This Privacy Policy does not apply to any third-party applications or software that integrate with the Service through the DomainGRC platform (“Third-Party Services”), or any other third-party products, services or businesses. In addition, the organization (e.g., your employer or another entity or person) that agreed to the MSA (“Customer”) controls its instance of the Service and any associated Tenant Data (the “Customer Tenant”).

 

 

The information we collect

Account Creation. At a minimum, an email address is required to provision a new DomainGRC account. We ask for and may collect other information at account creation including contact information (first name, last name, phone number), and employment details (company name, job title).

 

Tenant Data. Individuals granted access to a Customer Tenant by a Customer 

(“Authorized Users”) may submit Tenant Data to DomainGRC when using the Service.

​

How we use the information we collect

Providing you with the Service: We use information about you to provide the Service to you. This includes allowing you to log in to the Service, operating and maintaining the Service, giving you access to your Customer Tenant and billing you for the Service. 

 

For Service improvement (including analytics and machine learning): We may analyze your activity in your account to provide and customize the Service, and to train our algorithms, models and AI products and services using machine learning to develop, improve and provide our Service. You can manage the use of your data for training AI to improve our Service in the privacy settings page under your privacy settings.

 

To communicate with you about the Service: We use your contact information to get in touch with you and to send communications about the Service. For example, we may send you emails about technical issues, security alerts or administrative matters.

​

To promote and drive engagement with the Service: We use your contact information to get in touch with you about taking part in our surveys or about features and offers relating to the Service that we think you would be interested in. 

 

Customer support: We use information about you, information that we collect or and from within your account, information that you provide to our customer support team, and information about your interactions with the Service to resolve technical issues you experience with the Service, and to ensure that we can repair and improve the Service for all users.

 

For matters that you have specifically consented to: From time to time DomainGRC may seek your consent to use your information for a particular purpose. Where you consent to our doing so, we will use it for that purpose. Where you no longer want us to use your information for that purpose you may withdraw your consent to this use.

 

For troubleshooting, error resolution and service improvement: We may need to review your Tenant Data to support your request for help, correct general errors with the Service or improve our services.

 

For matters that we are required to use your information by law: DomainGRC will use or disclose your information where we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms of Use and our Acceptable Use Policy or to protect the security or integrity of our Service; and/or (c) to exercise or protect the rights, property, or personal safety of DomainGRC, our users or others.

 

How we share your information

Delivering the Services. Because of the nature and functionality of the Services, Information will be displayed as part of the Services to Authorized Users in a Customer Tenant (e.g., Customer’s employees names, job titles and systems they have been provisioned access to, etc.)

 

Third-party service providers. DomainGRC may engage third parties to process Information and support our business such as cloud-based computing services. To the extent necessary and applicable, these third-parties will be bound by appropriate and commercially reasonable confidentiality obligations. 

 

Third-Party Services. Customers may enable or permit Authorized Users to enable Third-Party Services. DomainGRC requires each Third-Party Service to disclose all permissions for information access in the Services, but DomainGRC does not guarantee that they do so. When enabled and as requested by Customer, DomainGRC may share Information with Third-Party Services. Third-Party Services are not owned or controlled by DomainGRC and third parties that have been granted access to Information may have their own policies and practices for its collection, use, and sharing. Please review the privacy practices for these Third-Party Services or contact the service provider for any questions.

 

Corporate affiliates. If DomainGRC is involved in a merger, acquisition, sale of all or a portion of its assets, a similar transaction or proceeding, or steps in contemplation of such activities, some or all Information may be shared or transferred to a corporate affiliate, subject to appropriate and commercially reasonable confidentiality arrangements. Should your information be transferred to another entity as part of an acquisition, you will be notified via email and/or a prominent notice on the Services as well as any choices you may have regarding your information. 

 

Aggregated or de-identified data. DomainGRC may disclose or use aggregated or de-identified Information for any purpose, such as product research and development. 

 

To Comply with Laws. In exceptional circumstances, we may share information about you with a third-party if we believe that sharing is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements.

 

Enforcement of our rights. We may disclose information about you to a third-party to enforce our agreements, policies and terms of service, to protect the security or integrity of our Services, and to protect DomainGRC, our customers, or the public from harm or illegal activities.

 

With consent. DomainGRC may share Information with third parties when DomainGRC has consent to do so.

 

Security and retention

We take the security of your information seriously and maintain appropriate security procedures and technical and organizational measures to protect your information against accidental or unlawful destruction, loss, disclosure, alteration, or use.

 

Your information will be generally retained as long as necessary to fulfill the purposes for which we collected the information. Once you and/or your company have terminated the contractual relationship with us, we may retain your information in our systems and records to ensure adequate fulfillment of surviving provisions in terminated contracts or for other legitimate business purposes, such as to evidence our business practices and contractual obligations, to provide you with information about our products and services, or to comply with applicable legal, tax, or accounting requirements. When we have no ongoing legitimate business need nor lawful legal ground to store your information, we will delete, anonymize, or aggregate it. If you want to know more about retention periods applicable to your particular circumstance, please contact us at privacy@domaingrc.com.

 

Questions, concerns, or complaints

If you have questions or concerns about this Privacy Policy or the protection of your information, please contact us using one of the following methods:

 

Email: privacy@domaingrc.com

 

Mail: DomainGRC, Inc.

Attn: Privacy Officer

4 Peabody Ave

Danvers, MA 01923