Last updated: 1 February 2026
We collect information you provide directly to us, such as when you create an account, complete your profile, or contact support. This includes your name, email address, organisation name, and professional role. We also collect information automatically when you use our services, including log data (IP address, browser type, pages visited, time spent), device information, and usage analytics. We do not collect or store the content of your risk assessments on any infrastructure other than your own Supabase project.
We use the information we collect to: • Provide, maintain, and improve our services • Send you technical notices, updates, and support messages • Respond to your comments and questions • Monitor and analyse usage patterns to improve user experience • Detect and prevent fraudulent transactions and other illegal activities • Send promotional communications (you may opt out at any time)
Your data is stored on Supabase infrastructure, which provides SOC 2 Type II compliant hosting. All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Row-level security (RLS) is enforced at the database level — your risk data is only accessible by your authenticated user account. Supabase employees cannot access your data without explicit permission.
We do not sell, trade, or rent your personal information to third parties. We may share your information with: • Service providers who assist in our operations (e.g., email providers, analytics platforms) • Law enforcement or government agencies if required by law • Successor entities in the event of a merger or acquisition (with advance notice) All third-party service providers are contractually required to keep your information confidential.
Depending on your location, you may have the right to: • Access the personal data we hold about you • Correct inaccurate data • Request deletion of your data ("right to be forgotten") • Object to or restrict processing of your data • Data portability — receive your data in a machine-readable format To exercise these rights, contact us at privacy@riskmatrixpro.com. We will respond within 30 days.
We use cookies and similar tracking technologies to track activity on our services and retain certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. See our Cookie Policy for full details.
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and, for material changes, by sending you an email notification. Your continued use of the service after changes constitutes your acceptance of the new policy.
If you have questions about this Privacy Policy, please contact us at privacy@riskmatrixpro.com or write to: RiskMatrix Pro, Privacy Team, 1 Canada Square, London, E14 5AB, United Kingdom.