Logo
Back to Home
Legal Document

Privacy Policy

This Privacy Policy describes how RINS.AI collects, uses, processes, stores, and protects personal information when you use our services.

Last Updated: December 9, 2025

1. Scope of This Policy

This Policy applies to:

  • Visitors of our websites (including rins.ai and related subdomains)
  • Registered users of the DPA QuickScan platform
  • Users of the CarbonSight ESG and carbon intelligence module
  • Managed Service Providers (MSPs) and their tenants
  • Enterprise customers and trial users

2. Information We Collect

We collect the following categories of information:

2.1 Information You Provide to Us

  • 1Name, email address, phone number, job title and company information.
  • 2Account login details (passwords are stored using industry-standard encryption).
  • 3Billing details (handled via secure payment providers).
  • 4Support communication, demo requests, and feedback.

2.2 Data Processed Through the Platform

In order to run assessments and provide governance automation, you may upload or connect:

  • 1Policies, DPIAs, ROPAs, vendor contracts and legal documents.
  • 2Logs, system metadata, and architecture diagrams.
  • 3ESG supplier data, carbon-emission factors, and sustainability metrics.
  • 4Evidence files related to privacy, security, and ESG compliance.

You remain the owner of all data you upload or connect. RINS.AI processes this data only to provide the services.

2.3 Automatically Collected Information

  • 1IP address, browser type, device type and operating system.
  • 2Usage data such as pages visited, features used, time spent.
  • 3Authentication events and security logs.
  • 4Cookie and analytics data where consented.

3. How We Use Your Information

We use your information to:

  • 1Operate, maintain and secure the platform.
  • 2Run automated privacy, governance and ESG assessments.
  • 3Generate dashboards, reports, recommendations and analytics.
  • 4Provide customer support and respond to inquiries.
  • 5Improve and develop features, models and services.
  • 6Comply with legal and regulatory requirements.

4. Legal Basis for Processing (GDPR)

Where GDPR or similar laws apply, we rely on the following legal bases:

  • 1Contractual necessity – to provide the services you have subscribed to.
  • 2Legitimate interests – to secure and improve our services.
  • 3Consent – for certain optional features, cookies or marketing.
  • 4Legal obligations – to comply with laws and regulatory inquiries.

5. Data Sharing and Subprocessors

We do not sell personal data. We may share information with:

  • 1Cloud hosting providers and infrastructure partners.
  • 2Payment processors for billing and invoicing.
  • 3Email or communication providers.
  • 4Analytics providers (where consented).
  • 5Regulators or authorities when required by law.

All subprocessors are bound by data protection agreements and security obligations.

6. International Data Transfers

Data may be processed in multiple regions, including the EU, UK, US, KSA, UAE and Singapore. Where required, we use Standard Contractual Clauses (SCCs) or equivalent safeguards to protect personal data transferred across borders.

7. Data Retention

We retain personal data for as long as necessary to provide the services, meet legal obligations, resolve disputes and enforce our agreements. You may request deletion of data subject to certain legal or contractual limitations.

8. Security Measures

RINS.AI applies industry-standard security practices, including encryption in transit and at rest, role-based access control (RBAC), zero-trust architectural principles, logging and monitoring, and regular security reviews. However, no system is completely risk-free and we cannot guarantee absolute security.

9. Your Rights

Depending on your jurisdiction, you may have rights to:

  • 1Access personal data we hold about you.
  • 2Request correction or updating of inaccurate data.
  • 3Request deletion of personal data (subject to legal limits).
  • 4Restrict or object to certain types of processing.
  • 5Request data portability.
  • 6Withdraw consent where processing is based on consent.

To exercise these rights, contact: privacy@rins.ai

10. Cookies and Tracking Technologies

We use essential cookies to operate the platform. Where required by law, we obtain your consent before using analytics or preference cookies. You can manage cookie preferences via your browser or our cookie banner.

11. Children's Privacy

Our services are directed at business users and are not intended for children under the age of 16. We do not knowingly collect personal data from children.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised 'Last Updated' date. Material changes may be communicated via email or in-app notices.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, contact us at: