PlainAudit
All assessments

Privacy Policy

Last updated: April 2026

What Data We Collect

  • Email address: If you use our assessment tools and provide your email, we collect it to send you your assessment report and optional resources.
  • Assessment inputs: When you use our compliance assessment tools, your selections (framework, control responses, organization details) are processed to generate results. These inputs are not stored unless you choose to save or share your results.
  • Usage analytics: We collect anonymized usage data to understand how visitors interact with the site and improve our tools. See the Analytics section below for details.
  • Ad conversion data: If you arrive via an advertisement, we track the conversion event (e.g., page visit) to measure campaign effectiveness. No personal information is shared with ad networks beyond anonymous event signals.
  • Purchase data: If you purchase a product, we collect your email address, a transaction reference, a secure download token, and the timestamp of your purchase. Payment card details and billing address are collected and processed directly by our third-party payment processor and are never stored on our servers.

How We Use Your Data

  • Provide the service: Deliver the tools you use on this site, process purchases, deliver assessment reports and purchased products, and provide access to your downloads.
  • Improve the product: Analyze usage patterns to prioritize features, fix bugs, and improve the user experience.
  • Measure marketing: Understand which channels bring visitors to PlainAudit so we can invest in the right ones.
  • We do not sell your data. We do not sell, rent, or share your personal information with third parties for their marketing or advertising purposes.

Third-Party Data Processors

The following categories of third-party services process data on our behalf. Each operates under its own privacy policy and data processing agreements:

  • Product analytics service: Tracks anonymized page views, feature usage, and user flows. Users are identified by anonymous IDs. Respects Do Not Track browser settings.
  • Traffic analytics service: Collects traffic analytics to understand how visitors find PlainAudit and measure marketing effectiveness.
  • Ad conversion tracking: Tracks page visits and conversion events for visitors who arrive via advertisements.
  • Payment processor: Processes payments for product purchases. Collects payment card details, billing address, and email address directly — this information is handled entirely by the payment processor and is never stored on our servers. The payment processor is PCI DSS compliant.
  • Database service: Stores email addresses and assessment data in a managed cloud database with encryption at rest (AES-256). All data in transit is encrypted with TLS.
  • Hosting provider: Serves the website. May collect standard server access logs (IP addresses, user agents) for security and performance monitoring.

Data Storage & Security

  • Database: Data is stored in a managed cloud database with encryption at rest (AES-256).
  • Encryption in transit: All data in transit between your browser and our servers is encrypted with TLS.

Data Retention

  • Contact emails: Stored until you unsubscribe or request deletion.
  • Purchase records: Transaction references, download tokens, and associated email addresses are retained for as long as needed to provide access to purchased products and for accounting and legal compliance purposes. You may request deletion of your email address, but anonymized transaction records may be retained as required by law.
  • Analytics data: Anonymized analytics data is retained according to our service providers' default retention policies. We do not extend retention beyond the defaults.

Cookies

PlainAudit uses cookies and similar technologies from our analytics and advertising services for product analytics, traffic measurement, and ad conversion tracking. We do not use cookies for interest-based advertising or cross-site tracking beyond measuring our own campaign performance.

Your Rights

Under the GDPR, CCPA, and similar data protection laws, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of any inaccurate data.
  • Erasure: Request deletion of your personal data. Email us and we will delete your data within 30 days.
  • Opt out of tracking: Enable Do Not Track in your browser to disable product analytics. Use browser ad-blockers to prevent traffic analytics and ad conversion tracking from loading.

California Privacy Rights

California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. PlainAudit does not sell personal information. To exercise your rights, contact us at the email below.

Children

PlainAudit is not designed for or directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can delete it.

Changes to This Policy

We may update this privacy policy from time to time. Material changes will be noted with an updated “Last updated” date at the top of this page.

Privacy questions or data requests? Contact us at hello@plainaudit.com