a. Information You Provide to Us

When you create an account, use our Services, or communicate with us, you may provide:

• ➤Personal information, such as your name, email address, and contact details
• ➤Organization or company information, including company name and role
• ➤Account information, such as usernames and authentication credentials
• ➤Billing and payment information, where applicable
• ➤Support and communications data, including inquiries, feedback, and support requests

b. Information Collected Automatically

When you access or use the Services, we may automatically collect certain information, including:

• ➤IP address and device identifiers
• ➤Device, browser, and operating system information
• ➤Log data, usage metrics, and diagnostic information related to your interaction with the Services

c. Customer Data Processed Through the Platform

When customers use ComplyVigilance to analyze their projects or environments, the Services may process customer-submitted data, including:

• ➤Source code metadata, dependency files, and package manifests
• ➤Open-source license and dependency information
• ➤Software Bill of Materials (SBOM) files
• ➤Vulnerability scan results and related security findings

Such data is processed solely to provide the Services and in accordance with customer instructions and applicable agreements.

We use the information we collect for the following purposes:

• ➤To provide, operate, and maintain the Services, including authentication, access management, and service delivery
• ➤To perform security, license, and compliance analysis, in accordance with customer configurations and instructions
• ➤To generate reports, dashboards, and Software Bills of Materials (SBOMs)
• ➤To monitor, maintain, and improve the functionality, performance, and reliability of the Services
• ➤To communicate with you, including sending service-related notifications, updates, and responding to support requests
• ➤To protect the security and integrity of the Services, prevent fraud or misuse, and enforce our terms, policies, and legal obligations

We process personal data in accordance with applicable data protection laws and based on one or more of the following legal grounds:

• ➤Contractual necessity, where processing is required to provide the Services
• ➤Legitimate business interests, such as improving and securing the Services
• ➤User consent, where required by law
• ➤Compliance with legal obligations, including regulatory and audit requirements

We may share information with trusted third-party service providers that assist us in operating the Services, such as providers for:

• ➤Hosting and infrastructure
• ➤Analytics and monitoring
• ➤Payment processing (where applicable)
• ➤Customer support and communications

Such providers are authorized to process information only as necessary to perform services on our behalf and are subject to confidentiality and security obligations.

We do not sell, rent, or trade personal data or customer data.

We implement industry-standard administrative, technical, and organizational safeguards to protect information from unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to:

• ➤Encryption in transit and at rest
• ➤Access controls and role-based permissions
• ➤Secure infrastructure and monitoring practices

While we strive to protect your information, no security system is completely foolproof.

Depending on your location and applicable law, you may have the right to:

• ➤Access your personal data
• ➤Correct or update inaccurate information
• ➤Request deletion of your personal data
• ➤Restrict or object to certain processing activities
• ➤Withdraw consent, where processing is based on consent

To exercise these rights, please contact us using the details provided below.