auditRAMP(AI)

Privacy Policy

Last updated: June 8, 2026

This Privacy Policy explains how auditRAMP AI, Inc. (“auditRAMP,” “we,” “us”) collects, uses, and protects personal information when you visit auditrampai.com (the “Site”) or access our invitation-only investor data room. It does not cover the Luca audit product, which is governed by a separate agreement and data-processing addendum.

1. Information we collect

Information you provide

  • Pilot and contact requests: your name, work email, role, firm, the domain you select, and the description you write.
  • Investor data-room access: if we invite you, your email and name, plus the authentication and multi-factor data handled by our identity provider (AWS Cognito).
  • Correspondence: anything you send us by email.

Information collected automatically

  • Server logs: standard request data such as IP address, browser and user-agent, referring page, and timestamps, processed by our hosting and content-delivery provider (AWS CloudFront) for security and reliability.
  • Analytics: we use Plausible Analytics, a privacy-friendly, cookieless service that reports aggregate, anonymous usage (such as page views and country). It sets no cookies, does not track you across sites, and does not collect personal information.
  • Anti-bot: when you submit a form, Cloudflare Turnstile runs a challenge to block automated abuse, processing limited technical signals for that purpose.
  • Essential cookie: the investor data room sets a single, strictly-necessary session cookie (ar_dataroom) to keep you signed in. We use no advertising, marketing, or cross-site tracking cookies.

We do not knowingly collect special-category or sensitive personal data, and we do not sell your personal information.

2. How we use information

  • Respond to your inquiry and evaluate pilot interest.
  • Provision, operate, and secure the investor data room.
  • Protect the Site and prevent fraud and abuse.
  • Understand aggregate usage to improve the Site (cookieless analytics).
  • Comply with legal obligations and enforce our Terms.

3. Legal bases (EEA and UK)

Where the GDPR applies, we rely on your consent (when you submit a form or request access), our legitimate interests (securing the Site, preventing abuse, measuring aggregate usage, and responding to you), and compliance with a legal obligation. You may withdraw consent at any time.

4. Cookies and similar technologies

The only cookie we set is the strictly-necessary ar_dataroom session cookie in the investor data room. Because we use no non-essential cookies and our analytics are cookieless, the Site does not require a cookie-consent banner. Embedded YouTube videos load in privacy-enhanced mode (youtube-nocookie.com) and set no cookies unless you press play.

5. How we share information

We share personal information only with service providers (“subprocessors”) that process it on our behalf, and only as needed to run the Site:

  • Amazon Web Services (AWS) — hosting, content delivery, identity (Cognito), storage, and compute (United States).
  • Cloudflare — Turnstile anti-bot challenge.
  • Plausible Analytics — aggregate, cookieless analytics (European Union).
  • Google LLC (YouTube) — embedded video, in privacy-enhanced mode.

We may also disclose information if required by law or to protect our rights, safety, or property, and in connection with a merger, financing, acquisition, or sale of assets (subject to this Policy). We do not sell or share your personal information for cross-context behavioral advertising.

6. International transfers

We are based in the United States and host the Site in the US. If you access the Site from the EEA, UK, or elsewhere, your information may be transferred to and processed in the US. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses.

7. Data retention

We keep pilot and contact submissions for as long as needed to respond and to evaluate a potential relationship, and then delete or anonymize them. Server logs are retained for a limited period for security and diagnostics. Investor data-room accounts are kept while access is active and removed when access ends. You may ask us to delete your information sooner.

8. Your rights

EEA and UK (GDPR). You have the right to access, correct, delete, restrict, or object to processing of your personal data, to data portability, and to withdraw consent. You may also lodge a complaint with your local supervisory authority.

California (CCPA / CPRA). You have the right to know, delete, and correct the personal information we hold, to opt out of the “sale” or “sharing” of personal information, and to limit the use of sensitive personal information. We do not sell or share personal information and do not use sensitive personal information for those purposes, so there is nothing to opt out of — but we will honor your requests and will not discriminate against you for exercising your rights. In the preceding 12 months we have not sold or shared personal information.

To exercise any right, email support@auditrampai.com. We will verify your request and respond within the time required by law.

9. Security

We use industry-standard safeguards: TLS/HTTPS everywhere, least-privilege access, encryption in transit, multi-factor authentication on the investor data room, and edge-enforced access controls. No method of transmission or storage is completely secure, but we work to protect your information.

10. Children’s privacy

The Site is intended for businesses and professionals and is not directed to children. We do not knowingly collect personal information from anyone under 18.

11. Third-party links

The Site may link to third-party sites and services we do not control. Their practices are governed by their own privacy policies.

12. Changes to this Policy

We may update this Policy from time to time. We will revise the “Last updated” date above and, for material changes, take any additional steps required by law.

13. Contact us

auditRAMP AI, Inc.
Durango, Colorado, USA
support@auditrampai.com