Effective Date: 7th April, 2025
Risk Immunity Solutions Inc. (“we”, “us”, “our”)

1. Scope & Applicability

This Policy applies to all personal data we collect and process worldwide—whether you’re in Canada, the EU/EEA, the U.S., Asia, Africa, or elsewhere. We align with:

• GDPR (EU/EEA)
• PIPEDA (Canada)
• CCPA/CPRA (California, USA)
• LGPD (Brazil)
• APPI (Japan)
• Any other applicable local privacy laws

2. Data Controller

Risk Immunity Inc. is the data controller for all data collected via our website, services, or direct interactions.

3. What We Collect

• Identity & Contact: name, title, organization, email, phone, billing address
• Account & Payment: usernames, passwords (hashed), payment details
• Usage & Technical: IP address, browser/device info, pages visited, service logs
• Communications: support tickets, survey responses, marketing preferences
• Cookies & Tracking: essential site cookies, analytics, advertising pixels

4. Legal Bases for Processing

• Consent: e.g. marketing emails, non-essential cookies
• Contract Performance: to deliver the services you request
• Legitimate Interests: fraud prevention, security, product improvement
• Legal Obligations: tax, accounting, compliance with court orders

5. How We Use Your Data

• Provide, operate, and improve our services
• Manage your account, billing, and subscriptions
• Communicate service updates, security alerts, and (with consent) marketing
• Analyze usage patterns and enhance user experience
• Comply with legal and regulatory requirements

6. Disclosure & International Transfers

• Service Providers: hosting, payments, analytics (under Data Processing Agreements)
• Legal Authorities: to comply with subpoenas, court orders, or law enforcement
• Business Transfers: in the event of a merger, acquisition, or asset sale
• Safeguards: Standard Contractual Clauses, adequacy decisions, or other approved mechanisms

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined or as required by law (e.g. financial records for up to 7 years).

8. Your Rights

You may, subject to local law:

• Access your data
• Correct inaccuracies
• Erase or restrict processing
• Object to processing (e.g. direct marketing)
• Port your data to another provider
• Withdraw consent (where used)
• Complain to your local regulator or us at privacy@riskimmunity.com

9. Security

We implement technical (encryption, firewalls) and organizational (access controls, audits) measures to protect your data. No system is perfect; breaches will be reported per applicable laws.

10. Cookies & Tracking

Manage preferences via our cookie banner or your browser settings. Essential cookies are required for core functionality.

11. Third-Party Links

We are not responsible for the privacy practices of external sites linked to our platform.

12. Updates to This Policy

We may revise this Policy. We’ll post the new “Effective Date” and, for material changes, notify you by email or banner.