Privacy Policy

Information We Collect

TechRisk Atlas collects information to provide and improve our AI-powered technology risk management platform. We collect information you provide directly, information we obtain automatically when you use our services, and information from third-party sources.

Account Information

When you create an account, we collect your name, email address, company information, and authentication credentials. This information is essential for account management and service delivery.

Technical Data

Our platform analyzes your software architecture, code repositories, CI/CD pipelines, and development metrics to provide risk assessments. This includes repository metadata, commit history, issue tracking data, and deployment information.

How We Use Your Information

We use collected information to deliver our core services, improve platform functionality, and ensure security. Your data powers our AI analysis engines while maintaining strict privacy controls.

Service Delivery

We process your technical data to generate risk maps, provide sprint optimization recommendations, and deliver vulnerability reduction scenarios tailored to your development environment.

Platform Enhancement

Aggregated and anonymized usage patterns help us improve our AI models, enhance user experience, and develop new features that benefit our entire user community.

Data Processing Legal Basis

Under GDPR and applicable privacy laws, we process your personal data based on legitimate interests, contractual necessity, and your explicit consent where required.

Contractual Necessity

Processing your account information and technical data is necessary to fulfill our service agreement and deliver the risk analysis platform you've subscribed to.

Legitimate Interests

We have legitimate business interests in improving our services, preventing fraud, and ensuring platform security, balanced against your privacy rights.

Information Sharing and Disclosure

We do not sell your personal information. We share information only in specific circumstances outlined below, always with appropriate safeguards and legal protections.

Service Providers

We work with trusted third-party service providers for hosting, analytics, and support services. These providers are contractually bound to protect your information and use it only for specified purposes.

Legal Requirements

We may disclose information when required by law, to protect our rights, prevent fraud, or ensure user safety, always following applicable legal procedures and minimizing disclosure scope.

Data Security Measures

We implement comprehensive security measures to protect your information against unauthorized access, alteration, disclosure, or destruction.

Technical Safeguards

Our platform uses industry-standard encryption, secure data transmission protocols, access controls, and regular security audits to maintain data integrity and confidentiality.

Organizational Controls

We maintain strict internal policies, employee training programs, and access management procedures to ensure only authorized personnel can access your information for legitimate business purposes.

Data Retention Policies

We retain your information only as long as necessary to provide services, comply with legal obligations, and fulfill legitimate business purposes.

Active Account Data

While your account remains active, we retain your profile information and technical analysis data to ensure continuous service delivery and historical trend analysis.

Account Termination

Upon account termination, we delete or anonymize your personal information within 90 days, except where longer retention is required by law or legitimate business interests.

International Data Transfers

As a Finnish company, we primarily process data within the European Economic Area. When international transfers are necessary, we ensure appropriate safeguards are in place.

Transfer Mechanisms

We use Standard Contractual Clauses, adequacy decisions, and other approved transfer mechanisms to ensure your data receives equivalent protection regardless of processing location.

Third Country Processing

When we engage service providers outside the EEA, we conduct thorough due diligence and implement additional safeguards to maintain data protection standards.

Your Privacy Rights

You have comprehensive rights regarding your personal information, including access, correction, deletion, and data portability rights under applicable privacy laws.

Access and Correction

You can access, review, and update your account information through our platform settings. For additional data access requests, contact our privacy team.

Deletion and Portability

You may request deletion of your personal information or data export in machine-readable formats, subject to legal and contractual limitations.

Cookie and Tracking Technologies

We use cookies and similar technologies to enhance platform functionality, analyze usage patterns, and improve user experience. You can control cookie preferences through your browser settings.

Essential Cookies

These cookies are necessary for platform operation, including authentication, security features, and core functionality. They cannot be disabled without affecting service delivery.

Analytics and Performance

We use analytics cookies to understand platform usage, identify improvement opportunities, and optimize performance. These cookies can be disabled through your preferences.

Third-Party Integrations

Our platform integrates with various development tools and services. We carefully manage these integrations to protect your privacy while enabling comprehensive risk analysis.

Git Repository Access

We access repository metadata and commit information through secure APIs, processing only the minimum data necessary for risk analysis and maintaining strict access controls.

CI/CD Pipeline Integration

Integration with your CI/CD systems allows us to analyze deployment patterns and release velocity while respecting your existing security configurations and access permissions.

Children's Privacy Protection

Our platform is designed for professional software development teams and is not intended for use by individuals under 16 years of age.

Age Verification

We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will take immediate steps to delete the information.

Parental Rights

Parents or guardians who believe their child has provided personal information to us should contact our privacy team for immediate assistance and data removal.

Privacy Policy Updates

We may update this privacy policy to reflect changes in our practices, legal requirements, or service enhancements. We will notify you of material changes through appropriate channels.

Notification Process

Significant policy changes will be communicated via email, platform notifications, or prominent website notices, providing adequate time for review before implementation.

Continued Use

Your continued use of our platform after policy updates constitutes acceptance of the revised terms, unless you exercise your right to terminate your account.

Data Protection Officer

Our Data Protection Officer oversees privacy compliance, handles privacy inquiries, and serves as your primary contact for data protection matters.

Contact Information

For privacy-related questions, data subject requests, or concerns about our data practices, contact our DPO at privacy@techriskatlas.com.

Response Timeline

We respond to privacy inquiries within 30 days and provide regular updates on complex requests that require additional processing time.

Supervisory Authority Rights

You have the right to lodge complaints with supervisory authorities if you believe our data processing violates applicable privacy laws.

Finnish Data Protection Authority

As a Finnish company, we are subject to oversight by the Finnish Data Protection Ombudsman. You may contact them directly regarding privacy concerns.

Cross-Border Cooperation

For users in other EU member states, we cooperate with relevant supervisory authorities through established cross-border mechanisms to address privacy concerns.

Contact Information

For questions about this privacy policy or our data practices, please contact us using the information below.