Privacy Policy
Last updated: February 13, 2026
1. Introduction
AuditCore ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, API, and related services (the "Service").
2. Information We Collect
We collect information in the following categories:
| Category | Examples | Purpose |
|---|
| Account Data | Email address, name, organization | Authentication, billing, communication |
| API Usage Data | Request logs, endpoints called, timestamps | Rate limiting, analytics, debugging |
| Decision Inputs | Data submitted via /api/decide | Processing your decision requests |
| Audit Records | Hash chains, decision outputs, timestamps | Providing immutable audit trails |
| Technical Data | IP address, browser type, device info | Security, performance optimization |
3. How We Use Your Information
We use collected information to:
- Provide, maintain, and improve the Service
- Generate auditable decision outputs and audit trails
- Enforce rate limits and prevent abuse
- Communicate service updates and security notices
- Comply with legal obligations
- Aggregate anonymized usage statistics
4. Data Processing & Decision Inputs
When you submit data through our API for decision processing:
- Inputs are processed in real-time to generate decision outputs
- Decision records are stored in the audit trail with SHA-256 hash chains
- We do not use your decision inputs to train models or for any purpose beyond providing the Service
- Decision inputs are not shared with third parties
5. Data Sharing
We do not sell your personal data. We may share information with:
- Service Providers — Infrastructure hosting (e.g., Render) necessary to operate the Service
- Legal Requirements — When required by law, subpoena, or legal process
- Business Transfers — In connection with a merger, acquisition, or sale of assets
- Implementation Partners — Only with your explicit consent (e.g., when engaging GenUI for custom solutions)
6. Data Retention
We retain your data as follows:
- Account Data — Retained while your account is active, then deleted within 90 days of account closure
- Audit Trail Records — Retained per your plan terms (default: 12 months). You may export records at any time via the API or PDF export
- API Logs — Retained for 90 days for debugging and security purposes
- Technical Data — Retained for 30 days
7. Data Security
We implement industry-standard security measures including:
- TLS encryption for data in transit
- SHA-256 hash chain verification for audit trail integrity
- Access controls and authentication
- Regular security reviews
No system is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access — Request a copy of your personal data
- Correction — Request correction of inaccurate data
- Deletion — Request deletion of your personal data
- Portability — Receive your data in a machine-readable format
- Objection — Object to certain processing of your data
- Restriction — Request restriction of processing
To exercise these rights, contact us at privacy@auditcoreai.com.
9. International Data Transfers
The Service is hosted in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the US. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.
10. GDPR Compliance
For users in the European Economic Area (EEA):
- Our legal basis for processing is contract performance (providing the Service) and legitimate interest (security, improvement)
- You may contact our data protection point of contact at privacy@auditcoreai.com
- You have the right to lodge a complaint with your local supervisory authority
11. CCPA Compliance
For California residents:
- We do not sell personal information
- You have the right to know what data we collect and request its deletion
- We will not discriminate against you for exercising your privacy rights
12. Cookies
The AuditCore dashboard and website use minimal cookies:
- Essential cookies — Required for the Service to function (session management)
- We do not use third-party tracking cookies or advertising pixels
13. Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect data from children. If we learn we have collected data from a child, we will delete it promptly.
14. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via the Service. The "Last updated" date at the top reflects the most recent revision.
15. Contact
For privacy inquiries or data requests:
Email: privacy@auditcoreai.com
Subject: Privacy Request — [Your Name]