Privacy Policy
Privacy Policy
Last Updated: May 2025
At ControlCore, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, products, and services.
1. Information We Collect
1.1 Personal Information:
Contact information (name, email address, phone number)
Company information
Account credentials
Billing information
1.2 Usage Data:
Log data without any organization data for transaction monitoring (Licensing)
Device information
Analytics data on errors without any organization data
1.3 Policy and Access Management Data:
User roles and permissions*
Access policies*
Audit logs*
*Only on Control Core hosted or Hybrid Cloud service
2. How We Use Your Information
We use your information to:
Provide and maintain our services
Improve and personalize user experience
Process transactions
Send administrative information
Provide customer support
Enforce our policies and comply with legal obligations
3. Data Storage and Security
3.1 Managed Service Hosted on ControlCore Infrastructure:
Your data is stored on secure, isolated environments within our infrastructure.
We implement industry-standard encryption for data at rest and in transit.
Access to your data is strictly limited and controlled through multi-factor authentication and role-based access control.
ControlCore personnel do not have direct access to your data unless explicitly granted by you for support purposes.
All access attempts and activities are logged and auditable.
3.2 Hybrid Infrastructure:
Data may be distributed between your infrastructure and ControlCore's secure environments.
We provide you with tools to manage and monitor data stored in our infrastructure.
For data on your infrastructure, we offer guidance on security best practices but do not have direct access.
Data synchronization between environments is encrypted and secure.
3.3 Data Isolation and Access Control:
Each customer's data is logically isolated to prevent unauthorized access.
You retain full control over access to your data.
ControlCore staff cannot access your data without your explicit permission, which is typically only granted for specific support issues and is time-limited.
3.4 Encryption and Key Management:
All sensitive data is encrypted using industry-standard algorithms.
Encryption keys are managed securely and rotated regularly.
In the Managed Service model, you have the option to manage your own encryption keys.
3.5 Auditing and Monitoring:
We provide comprehensive audit logs of all system and data access.
You have access to real-time monitoring tools to track any access or changes to your data.
Regular third-party security audits are conducted on our infrastructure and processes.
3.6 Data Backups and Disaster Recovery:
Regular backups are performed and stored in geographically separate locations.
Backup data is encrypted and access is strictly controlled.
We maintain a robust disaster recovery plan, which is tested regularly.
3.7 Data Deletion and Retention:
When you delete data, it is immediately made inaccessible and securely erased according to industry standards.
You can define custom data retention policies to comply with your specific regulatory requirements.
4. Data Sharing and Disclosure
4.1 Limited Access for ControlCore Personnel:
ControlCore personnel do not have routine access to your data.
Access is granted only when necessary for support, maintenance, or to comply with legal requirements, and only with your explicit permission.
All access is logged, time-limited, and auditable by you.
4.2 Third-Party Service Providers:
We may engage third-party service providers to assist in providing our services (e.g., cloud infrastructure providers).
These providers are contractually obligated to maintain the confidentiality and security of your data.
They do not have direct access to your unencrypted data.
4.3 Legal Compliance:
We may be required to disclose data to comply with legal obligations.
In such cases, we will notify you unless legally prohibited from doing so.
We will only provide the minimum amount of information necessary to comply with the legal requirement.
We do not sell your personal information.
5. Your Rights and Choices
Depending on your location, you may have rights to:
Access your personal information
Correct inaccurate data
Delete your data
Object to or restrict processing of your data
Data portability
To exercise these rights, please contact us at support@controlcore.io
6. Data Retention
We retain your data for as long as necessary to provide our services and comply with legal obligations. For on-premise solutions, data retention is controlled by you.
7. International Data Transfers
If we transfer data internationally, we ensure appropriate safeguards are in place to protect your information.
8. Children's Privacy
Our services are not intended for children under 13. We do not knowingly collect data from children under 13.
9. Changes to This Policy
We may update this policy from time to time. We will notify you of any significant changes by posting the new policy on our website.
10. Contact Us
If you have any questions about this Privacy Policy, please contact us at support@controlcore.io
11. Specific Provisions for SaaS, On-Premise, Managed Service and Hybrid Solutions
11.1 SaaS:
We host and manage all data
We implement and maintain all security measures
We provide regular backups and disaster recovery
11.2 On-Premise:
You maintain full control over your data
We provide software updates and security patches
We offer guidance on best practices for securing your data, but you are responsible for implementation
11.3 Managed Service:
We host and manage the infrastructure, but you retain control over your data.
You can configure access policies and monitor all access to your data.
We provide tools for you to manage encryption keys if desired.
11.4 Hybrid Infrastructure:
Clear delineation of responsibilities for data management and security.
We provide secure APIs and tools for data synchronization between your infrastructure and ours.
You have visibility and control over data stored in our infrastructure.
12. Compliance and Certifications
We comply with applicable data protection laws and regulations. Complaint to PIPEDA, GDPR (Certifications pending).
13. Data Processing Agreements
For our enterprise customers, we offer data processing agreements that comply with GDPR and other relevant regulations.
14. Audit and Monitoring
We regularly audit our privacy and security practices. For on-premise solutions, we provide tools and recommendations for you to monitor and audit your own systems.
By using ControlCore.io, you agree to the terms outlined in this Privacy Policy.
Last Updated: May 2025
At ControlCore, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, products, and services.
1. Information We Collect
1.1 Personal Information:
Contact information (name, email address, phone number)
Company information
Account credentials
Billing information
1.2 Usage Data:
Log data without any organization data for transaction monitoring (Licensing)
Device information
Analytics data on errors without any organization data
1.3 Policy and Access Management Data:
User roles and permissions*
Access policies*
Audit logs*
*Only on Control Core hosted or Hybrid Cloud service
2. How We Use Your Information
We use your information to:
Provide and maintain our services
Improve and personalize user experience
Process transactions
Send administrative information
Provide customer support
Enforce our policies and comply with legal obligations
3. Data Storage and Security
3.1 Managed Service Hosted on ControlCore Infrastructure:
Your data is stored on secure, isolated environments within our infrastructure.
We implement industry-standard encryption for data at rest and in transit.
Access to your data is strictly limited and controlled through multi-factor authentication and role-based access control.
ControlCore personnel do not have direct access to your data unless explicitly granted by you for support purposes.
All access attempts and activities are logged and auditable.
3.2 Hybrid Infrastructure:
Data may be distributed between your infrastructure and ControlCore's secure environments.
We provide you with tools to manage and monitor data stored in our infrastructure.
For data on your infrastructure, we offer guidance on security best practices but do not have direct access.
Data synchronization between environments is encrypted and secure.
3.3 Data Isolation and Access Control:
Each customer's data is logically isolated to prevent unauthorized access.
You retain full control over access to your data.
ControlCore staff cannot access your data without your explicit permission, which is typically only granted for specific support issues and is time-limited.
3.4 Encryption and Key Management:
All sensitive data is encrypted using industry-standard algorithms.
Encryption keys are managed securely and rotated regularly.
In the Managed Service model, you have the option to manage your own encryption keys.
3.5 Auditing and Monitoring:
We provide comprehensive audit logs of all system and data access.
You have access to real-time monitoring tools to track any access or changes to your data.
Regular third-party security audits are conducted on our infrastructure and processes.
3.6 Data Backups and Disaster Recovery:
Regular backups are performed and stored in geographically separate locations.
Backup data is encrypted and access is strictly controlled.
We maintain a robust disaster recovery plan, which is tested regularly.
3.7 Data Deletion and Retention:
When you delete data, it is immediately made inaccessible and securely erased according to industry standards.
You can define custom data retention policies to comply with your specific regulatory requirements.
4. Data Sharing and Disclosure
4.1 Limited Access for ControlCore Personnel:
ControlCore personnel do not have routine access to your data.
Access is granted only when necessary for support, maintenance, or to comply with legal requirements, and only with your explicit permission.
All access is logged, time-limited, and auditable by you.
4.2 Third-Party Service Providers:
We may engage third-party service providers to assist in providing our services (e.g., cloud infrastructure providers).
These providers are contractually obligated to maintain the confidentiality and security of your data.
They do not have direct access to your unencrypted data.
4.3 Legal Compliance:
We may be required to disclose data to comply with legal obligations.
In such cases, we will notify you unless legally prohibited from doing so.
We will only provide the minimum amount of information necessary to comply with the legal requirement.
We do not sell your personal information.
5. Your Rights and Choices
Depending on your location, you may have rights to:
Access your personal information
Correct inaccurate data
Delete your data
Object to or restrict processing of your data
Data portability
To exercise these rights, please contact us at support@controlcore.io
6. Data Retention
We retain your data for as long as necessary to provide our services and comply with legal obligations. For on-premise solutions, data retention is controlled by you.
7. International Data Transfers
If we transfer data internationally, we ensure appropriate safeguards are in place to protect your information.
8. Children's Privacy
Our services are not intended for children under 13. We do not knowingly collect data from children under 13.
9. Changes to This Policy
We may update this policy from time to time. We will notify you of any significant changes by posting the new policy on our website.
10. Contact Us
If you have any questions about this Privacy Policy, please contact us at support@controlcore.io
11. Specific Provisions for SaaS, On-Premise, Managed Service and Hybrid Solutions
11.1 SaaS:
We host and manage all data
We implement and maintain all security measures
We provide regular backups and disaster recovery
11.2 On-Premise:
You maintain full control over your data
We provide software updates and security patches
We offer guidance on best practices for securing your data, but you are responsible for implementation
11.3 Managed Service:
We host and manage the infrastructure, but you retain control over your data.
You can configure access policies and monitor all access to your data.
We provide tools for you to manage encryption keys if desired.
11.4 Hybrid Infrastructure:
Clear delineation of responsibilities for data management and security.
We provide secure APIs and tools for data synchronization between your infrastructure and ours.
You have visibility and control over data stored in our infrastructure.
12. Compliance and Certifications
We comply with applicable data protection laws and regulations. Complaint to PIPEDA, GDPR (Certifications pending).
13. Data Processing Agreements
For our enterprise customers, we offer data processing agreements that comply with GDPR and other relevant regulations.
14. Audit and Monitoring
We regularly audit our privacy and security practices. For on-premise solutions, we provide tools and recommendations for you to monitor and audit your own systems.
By using ControlCore.io, you agree to the terms outlined in this Privacy Policy.