PlainAudit
All assessments

Privacy Policy

Last updated: April 2026

What Data We Collect

  • Email address: If you use our assessment tools and provide your email, we collect it to send you your assessment report and optional resources.
  • Assessment inputs: When you use our compliance assessment tools, your selections (framework, control responses, organization details) are processed to generate results. These inputs are not stored unless you choose to save or share your results.
  • Usage analytics: We collect anonymized usage data to understand how visitors interact with the site and improve our tools. See the Analytics section below for details.
  • Ad conversion data: If you arrive via an advertisement, we track the conversion event (e.g., page visit) to measure campaign effectiveness. No personal information is shared with ad networks beyond anonymous event signals.

How We Use Your Data

  • Provide the service: Deliver the tools you use on this site and deliver assessment reports and resources.
  • Improve the product: Analyze usage patterns to prioritize features, fix bugs, and improve the user experience.
  • Measure marketing: Understand which channels bring visitors to PlainAudit so we can invest in the right ones.
  • We do not sell your data. We do not sell, rent, or share your personal information with third parties for their marketing or advertising purposes.

Third-Party Data Processors

The following categories of third-party services process data on our behalf. Each operates under its own privacy policy and data processing agreements:

  • Product analytics service: Tracks anonymized page views, feature usage, and user flows. Users are identified by anonymous IDs. Respects Do Not Track browser settings.
  • Traffic analytics service: Collects traffic analytics to understand how visitors find PlainAudit and measure marketing effectiveness.
  • Ad conversion tracking: Tracks page visits and conversion events for visitors who arrive via advertisements.
  • Database service: Stores email addresses and assessment data in a managed cloud database with encryption at rest (AES-256). All data in transit is encrypted with TLS.
  • Hosting provider: Serves the website. May collect standard server access logs (IP addresses, user agents) for security and performance monitoring.

Data Storage & Security

  • Database: Data is stored in a managed cloud database with encryption at rest (AES-256).
  • Encryption in transit: All data in transit between your browser and our servers is encrypted with TLS.

Data Retention

  • Contact emails: Stored until you unsubscribe or request deletion.
  • Analytics data: Anonymized analytics data is retained according to our service providers' default retention policies. We do not extend retention beyond the defaults.

Cookies

PlainAudit uses cookies and similar technologies from our analytics and advertising services for product analytics, traffic measurement, and ad conversion tracking. We do not use cookies for interest-based advertising or cross-site tracking beyond measuring our own campaign performance.

Your Rights

Under the GDPR, CCPA, and similar data protection laws, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of any inaccurate data.
  • Erasure: Request deletion of your personal data. Email us and we will delete your data within 30 days.
  • Opt out of tracking: Enable Do Not Track in your browser to disable product analytics. Use browser ad-blockers to prevent traffic analytics and ad conversion tracking from loading.

California Privacy Rights

California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. PlainAudit does not sell personal information. To exercise your rights, contact us at the email below.

Children

PlainAudit is not designed for or directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can delete it.

Changes to This Policy

We may update this privacy policy from time to time. Material changes will be noted with an updated “Last updated” date at the top of this page.

Privacy questions or data requests? Contact us at hello@plainaudit.com