Legal

Privacy Policy

Last updated: June 2026

Overview

ERMIntel is committed to protecting the privacy of the organisations and individuals who use our platform. This policy explains what information we collect, how we use it, and the choices you have regarding your data. ERMIntel is operated by ERMIntel Pty Ltd (ABN pending), based in Australia.

Information we collect

  • Account information: your name, work email address, and organisation name when you register.
  • Review data: documents, URLs, and evidence artefacts you submit for ERM maturity assessments.
  • Usage data: pages visited, features used, and session metadata collected via server logs.
  • Authentication data: securely hashed passwords and, if enabled, two-factor authentication credentials.

How we use your information

  • To deliver and operate the ERMIntel platform and your review workspace.
  • To process ERM maturity assessments and generate reports.
  • To communicate service updates, security notices, and support responses.
  • To comply with applicable Australian privacy laws and regulatory obligations.

Data storage and security

Your data is stored in Supabase-managed PostgreSQL databases with row-level security enforced at the database layer — each workspace is strictly isolated. Data is encrypted in transit (TLS 1.2+) and at rest. We do not sell, rent, or share your data with third parties for marketing purposes.

Third-party services

ERMIntel uses a small number of trusted third-party services to operate: Supabase (database and authentication), Cloudflare (hosting and edge delivery), and Anthropic / OpenAI (AI processing for review workflows). Evidence documents submitted for review may be processed by these AI providers solely for the purpose of generating your assessment. We do not use your data to train third-party AI models.

Data retention

We retain your account and review data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us. Deleted data is removed from live systems within 30 days and from backups within 90 days.

Your rights

Under the Australian Privacy Act 1988 (Cth), you have the right to access, correct, or request deletion of personal information we hold about you. To exercise these rights, contact us at privacy@ermintel.com. We will respond within 30 days.

Cookies

ERMIntel uses session cookies necessary for authentication and platform operation. We do not use tracking or advertising cookies. You may disable cookies in your browser, though this will prevent you from signing in to the platform.

Changes to this policy

We may update this policy from time to time. We will notify registered users of material changes by email. Continued use of ERMIntel after changes are posted constitutes acceptance of the updated policy.

Contact

Questions about this policy? Contact us at privacy@ermintel.com or via the contact link on our home page.