Last updated: May 24, 2026
GDPR CompliantCCPA CompliantSOC 2 Ready
Audit Lane LLC (referred to as "Audit Lane," "we," "us," or "our") provides an AI governance and compliance platform. This Privacy Policy explains how we collect, use, process, store, and protect your personal data when you use our website, platform, or services. Audit Lane is the data controller for personal data collected through our website and marketing activities, and acts as a data processor for customer data submitted to the platform.
When you interact with us, you may provide: name, email address, company name, job title, phone number, billing information (processed by our payment processor — we do not store full payment card details), account credentials, and any information you include in communications or support requests.
We automatically collect: IP address, browser type and version, operating system, referring URLs, pages visited, time and date of access, session duration, and device identifiers. We use cookies and similar tracking technologies as described in Section 7.
When you use our Platform to govern your AI systems, we process AI model metadata, deployment configurations, inference logs, and compliance-related data that you submit. This data is processed solely on your instruction and remains your property. We do not use customer data to train or improve our proprietary AI models.
For users in the European Economic Area, we process personal data under the following legal bases:
| Processing Purpose | Legal Basis |
|---|---|
| Providing Platform services | Performance of contract (Article 6(1)(b)) |
| Communication & support | Performance of contract / Legitimate interests |
| Analytics & service improvement | Legitimate interests (Article 6(1)(f)) |
| Marketing (with consent) | Consent (Article 6(1)(a)) |
| Legal compliance | Legal obligation (Article 6(1)(c)) |
We use your information to: (a) provide, maintain, and improve the Platform; (b) process transactions and manage subscriptions; (c) communicate with you about your account, service updates, and security notices; (d) respond to inquiries and support requests; (e) detect, prevent, and address technical issues, fraud, and security threats; (f) comply with legal obligations; and (g) with your consent, send marketing communications about our services.
We do not sell your personal information. We may share data with:
We require all third-party service providers to implement security measures consistent with industry standards and to process data only for the purposes specified by us.
Customers subject to the GDPR or other data protection laws may require a Data Processing Agreement. A DPA is available upon request and is incorporated into these Terms. To request a signed DPA, contact [email protected]. The DPA covers: processing instructions, data security measures, sub-processor lists, data breach notification procedures, cross-border transfer mechanisms (Standard Contractual Clauses), and data deletion procedures.
We use essential cookies for platform functionality and security. We use analytics cookies (with consent where required) to understand Platform usage and improve our service. You can control cookie preferences through your browser settings. Third-party cookies from services we use (analytics, payment processing) are governed by their respective privacy policies.
We retain your personal information for as long as your account is active or as needed to provide services. Governance audit logs and compliance records are retained in accordance with regulatory requirements — typically 3 to 7 years depending on the applicable jurisdiction and regulation. Upon account termination, customer data is securely deleted within 60 days unless legal obligations require longer retention.
Depending on your jurisdiction, you may have the right to: (a) access, correct, or delete your personal data; (b) restrict or object to processing; (c) data portability; (d) withdraw consent at any time (without affecting lawful processing based on consent before withdrawal); (e) lodge a complaint with your data protection authority. EEA users may contact their local Data Protection Authority. To exercise these rights, contact [email protected]. We respond to all legitimate requests within 30 days.
Audit Lane is based in the United States. If you are located outside the US, your data may be transferred to and processed in the US. For EEA users, we ensure adequate protections through Standard Contractual Clauses (SCCs) approved by the European Commission, as part of our DPA. We also comply with the UK International Data Transfer Agreement for UK users.
We implement industry-standard technical and organizational security measures including: encryption at rest (AES-256) and in transit (TLS 1.3); role-based access controls with multi-factor authentication; regular security audits and penetration testing; incident response procedures; employee training on data protection. Our security program aligns with SOC 2 and ISO/IEC 27001 standards.
California residents have the right to: request disclosure of personal information collected, used, or disclosed in the past 12 months; request deletion of personal information; opt out of the sale of personal information (we do not sell personal information); and not be discriminated against for exercising these rights. To exercise your CCPA rights, contact [email protected].
The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information promptly.
We may update this Privacy Policy from time to time. Material changes will be communicated via email to account holders and through a notice on our website at least 30 days before they take effect. We encourage you to review this policy periodically.
Data Protection Officer: [email protected]
Privacy Inquiries: [email protected]
DPA Requests: [email protected]
Postal: Audit Lane LLC, [Registered Address, Wilmington, DE 19801, United States]
Audit