Customers
Login
Auditboard's logo
Get Started

Privacy Notice

About AuditBoard
AuditBoard’s business model
What does this Privacy Notice Cover?
Quick Links
How we collect and use your personal data
Disclosing your personal data
Protecting your personal data
Transferring your personal data internationally
Retaining your personal data
Minors
Your privacy rights
Contact Information
Changes to this Privacy Notice

The Privacy Notice was last updated on: November 1, 2024

This policy is effective if you are new to working with us. If you have already interacted with us then it will be effective 30 days of posting.

At AuditBoard, Inc., we are committed to respecting your privacy. A reference in this Privacy Notice to “AuditBoard”, “we”, “us”, or “our” is a reference to AuditBoard, Inc.

About AuditBoard

AuditBoard is a leading provider of risk management applications for audit, risk and compliance professionals. This means AuditBoard customers - companies and organizations - use our software applications to manage enterprise, assurance and compliance risks.

To learn more about AuditBoard products, visit our Product page.

AuditBoard’s business model

We operate a Software-as-a-Service (SaaS) business model for enterprise customers, meaning we do not sell our customers’ users’ data or monetize that data by selling advertising. Instead, we sell subscriptions to our services. Our customers control the data they and their end users put into our services and how it is used. How we use and disclose our customer representatives’ data is described in more detail below.

If you use the AuditBoard platform as part of your business or you are an entity that has an agreement with AuditBoard (collectively, an “Organization”), that Agreement will supersede this Privacy Notice in the event of any overlap or conflict with this Privacy Notice.

What does this Privacy Notice Cover?

Some data protection laws in various jurisdictions distinguish between “controllers” and “processors” of personal data. While other jurisdictions may use different terminology, the concept typically remains the same. A controller decides why and how to process personal data. A processor only processes information on behalf of a controller based on the controller’s instruction; the processor does not make decisions about personal data. AuditBoard may be either a controller or a processor depending on the scenario.

This Privacy Notice applies when AuditBoard is the data controller of your personal data (unless a different AuditBoard privacy notice is displayed when we collect your personal data), and explains how AuditBoard collects, uses, and shares your personal data for its own purposes. This Privacy Notice may apply to you when you:

  • Visit an AuditBoard website that links to this Privacy Notice
  • Interact with AuditBoard as a representative of a company that has (or is considering) a business relationship with AuditBoard (e.g., you are a customer or our service provider)
  • Create or use an account offered directly by AuditBoard (as opposed to an account offered by our customers)
  • Register for or attend an AuditBoard marketing, learning, or training event or webinar
  • Provide us feedback about our products or services (e.g., user research surveys and interviews)
  • Receive sales or marketing communication from us, including emails or telephone calls

This Privacy Notice does not cover how we process personal data on behalf of our customers as a processor. If you are an employee or an end user of an organization that uses an AuditBoard product or service and you have questions or concerns about the personal data your organization holds in AuditBoard about you (when AuditBoard is a processor), please direct your request to that organization. AuditBoard cannot respond directly to your request.

If you are an AuditBoard employee or job applicant, information about how we use and protect your information is communicated to you in a separate notice.

If you have any questions or concerns about our use of your personal data, then please contact us using the Contact Information provided at the bottom of this Privacy Notice.

Quick Links

We recommend that you read this Privacy Notice in full to ensure you are fully informed; however, if you only want to access a particular section of this Privacy Notice, then you can click on the relevant link below to jump to that section

How we collect and use your personal data

AuditBoard collects and uses your personal data for various reasons. When we do so, we will use it in accordance with applicable laws.

Some jurisdictions, including the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland, require a legal basis—a reason why AuditBoard is legally allowed to collect and use your personal data.

Below, we describe (1) in what instances we collect your data, (2) the categories of data we collect in those instances, (3) our purposes for collection, and (4) the legal bases for collection. If we need to collect other personal data from you, we will explain which information we need and why at the time we collect it.

Information provided by you

Sometimes, we may ask you to provide personal data voluntarily; for example, we may ask you to provide your contact details to create an account with us (AuditBoard Community), to subscribe to marketing communications from us, and/or to submit inquiries to us. In some cases, we may combine the information you provide.


Information collected automatically

We also collect certain information related to your use of our websites. In some jurisdictions in the United States and countries in the EEA, the UK, and Switzerland, this information may be considered personal data under applicable data protection laws. We may combine this information with personal data provided by you. In particular, we collect the following personal data from you automatically:


Information obtained from other sources

We also collect information about you from other sources including third parties, individuals at your company, or publicly available sources. We may combine this information with personal data provided by you. Specifically, we collect personal data from the following other sources:


Disclosing your personal data

AuditBoard may share or make accessible your personal data to third parties as follows:

  • AuditBoard Affiliates: AuditBoard may disclose any of the categories of personal data described above to affiliates of AuditBoard where necessary to fulfill a request you have submitted or for customer support, marketing, technical operations, event registration, and account management purposes.
  • Service providers: AuditBoard may disclose the categories of personal data described above to third party service providers or vendors contracted to provide services on our behalf (for example, IT and hosting, data analytics, event services, customer support, call recording, chatbot technology, data enrichment, email fulfillment, and payment services). These third party service providers may use personal data we provide to them only as instructed by AuditBoard.
  • Event Sponsors and Partners: When you participate in webinars, events, and other activities where AuditBoard collaborates with third parties such as sponsors and event organizers, we may disclose the information described under “if you register for events and webinars” above, such as your contact information and interests in these offerings or services to these approved third parties to communicate with you.
  • AuditBoard partners: AuditBoard may share your personal data with certain partners that offer supplementary services to those provided by AuditBoard, such as partners that resell AuditBoard services, to the extent you consent to such sharing (where required by applicable law) or direct us to intentionally interact with such third parties.
  • Advertising: When you visit our website, we may enable third parties to use cookies and other trackers to show you ads on third party websites that are more relevant to you. Please see our Cookie Notice for more information about the types of cookies we use or click “Cookie Preferences” (link located in the footer of our Website) to set your preferences and opt-out of targeted advertising.
  • Additional disclosures: AuditBoard may disclose personal data if we have a good faith belief that such action is necessary to (a) conform to legal requirements or comply with legal processes; (b) protect and defend our rights or property; and/or (c) act to protect the interests of our users or others. If AuditBoard goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal data may be among the assets transferred. AuditBoard may also ask for your consent to disclose your information to other unaffiliated third parties that are not described elsewhere in this statement. In accordance with California law, AuditBoard does not “sell” or “share” personal data, unless otherwise noted within this policy (e.g., at the time of a merger or acquisition).

Protecting your personal data

Wherever your personal data may be held with AuditBoard, we take reasonable and appropriate steps to protect the personal data that you share with us from unauthorized access or disclosure. AuditBoard uses commercially reasonable security measures to protect against the loss, misuse, and alteration of your information under our control based on the type of personal data and applicable processing activity, such as data encryption, and enforcement of least privilege and need-to-know principles. We train our employees on data handling practices. We believe the security of your information is a serious issue and we are committed to protecting the information we receive from you. Although AuditBoard complies with its legal obligations with respect to security of your personal data and while we attempt to ensure the integrity and security of personal data, please note that no method of transmission over the internet, or method of electronic storage, is completely secure.

Please note that data that is transported over an open network, such as the internet or e-mail, may be accessible to anybody. We cannot guarantee the confidentiality of any communication or material transmitted via such open networks. When disclosing any personal information via an open network, you should remain mindful of the fact that it is potentially accessible to others, and consequently, can be collected and used by others without your consent.

Transferring your personal data internationally

AuditBoard operates as a global business and complies with applicable legal requirements when we need to transfer, store or process your personal data in a country outside your jurisdiction.

We take appropriate safeguards to protect your privacy, your fundamental rights and freedoms, and the ability to exercise your rights. For example, if we transfer personal information from the EEA, the UK, or Switzerland to another country such as the United States, we will implement an appropriate data transfer solution such as entering into “standard contractual clauses” approved by the European Commission or competent governmental authority (as applicable) with the data importer.

Retaining your personal data

AuditBoard will retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with the Service you have requested or to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

AuditBoard’s Service features allow customers who are authorized users to determine their own policies regarding storage, access, modification, deletion, sharing, and retention of personal data. Customers should regularly check with the admin of the services for your company about the policies and settings it has in place.

Notwithstanding the foregoing, we may retain personal data for longer periods only if such retention is required or necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation.

Minors

AuditBoard’s products and services (including our website) are not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such data. If you become aware that a child has provided us with personal data, please contact us at privacy@auditboard.com.

Your privacy rights

Depending on where you are located and how you interact with AuditBoard, you may have certain legal rights over the personal data we process about you, subject to local privacy laws.

These may include the right, depending on your jurisdiction, to:

  • Obtain information about and access the personal data we process about you
  • Have incorrect personal data updated
  • Have your personal data deleted
  • Restrict the processing of your personal data
  • Object to the processing of your personal data carried out on the basis of our legitimate interests or for direct marketing purposes
  • Receive a copy of your personal data in an electronic and machine-readable format
  • Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or otherwise significantly affects you (“Automated Decision-Making”) Receive the categories of sources from whom we collected your personal data
  • Opt out of marketing communications at any time. You can update your email subscription settings by clicking on the “Manage your Subscriptions” link in marketing emails we send you or by visiting https://go.auditboard.com/preferences-center.html
  • Complain to a regulator or data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority

AuditBoard will not discriminate against you for exercising your rights.

You can exercise the applicable rights by contacting us using the Contact Information at the bottom of this Privacy Notice.

If your personal data has been submitted to us by or on behalf of an AuditBoard customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly.

Contact Information

Please contact us if you have any questions/comments about this Privacy Notice or any of our privacy practices, or you wish to exercise your rights, you can contact AuditBoard's Data Protection Officer, Anthony Plachy, at privacy@auditboard.com or by mail at:


AuditBoard, Inc.
Attention: Privacy
12900 Park Plaza Drive
Suite 200
Cerritos, CA 90703
USA

Toll Free: 1 (877) 769-5444

Changes to this Privacy Notice

This Privacy Notice may be amended or revised from time to time at the discretion of AuditBoard. Changes to this Privacy Notice will be posted on the website and links to the Privacy Notice will indicate that the notice has been changed or updated. If we propose to make any material changes, we will provide notice in accordance with law prior to the change becoming effective. We encourage you to periodically review this Privacy Notice for the latest information on our privacy practices.