We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Privacy Policy
Effective Date: February 4, 2026 | Last Updated: February 4, 2026
Introduction
AuroraGRC ("we", "us", or "our") operates auroragrc.com and provides compliance management software to Canadian organizations. We take your privacy seriously and are committed to protecting your personal information in accordance with Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA).
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
Information We Collect
Account Information
When you register for AuroraGRC, we collect:
- Name and email address
- Organization name and business information
- Job title and role
- Password (encrypted and hashed)
Compliance Data
As part of providing our service, you may upload:
- Compliance documentation and evidence files
- Audit reports and assessments
- Control implementation records
- Organization policies and procedures
- Employee training records
Technical Information
We automatically collect:
- IP address and device information
- Browser type and version
- Usage patterns and feature interactions
- Log data and error reports
How We Use Your Information
We use your information to:
- Provide and improve our service: Deliver compliance management features, generate reports, and enhance platform functionality
- Account management: Create and manage your account, process payments, and provide customer support
- Security: Detect and prevent fraud, abuse, and security incidents
- Communications: Send service updates, security alerts, and product announcements
Data Residency and Storage
All customer data is stored in Canada. We use Canadian cloud infrastructure to ensure compliance with Canadian data sovereignty requirements. Your compliance data does not leave Canadian borders unless you explicitly authorize such transfer.
For defence and regulated customers, we offer deployment options on sovereign cloud infrastructure certified for controlled goods and sensitive information.
Data Sharing and Disclosure
We do not sell your personal information. We share data only in limited circumstances:
- Service Providers: Trusted Canadian and international service providers for cloud infrastructure, payment processing, and email delivery
- Legal Requirements: When required by Canadian law, including valid legal process and regulatory obligations
- With Your Consent: When you explicitly authorize us to share your information
Your Privacy Rights
Under PIPEDA and applicable provincial privacy laws, you have the right to:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information (subject to legal retention requirements)
- Portability: Request your data in a machine-readable format
To exercise these rights, contact us at privacy@auroragrc.com . We will respond within 30 days.
Data Security
We implement industry-standard security measures to protect your information:
- Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access controls: Role-based access, multi-factor authentication, and principle of least privilege
- Infrastructure security: Canadian data centers with SOC 2 certification
- Regular audits: Third-party security assessments and penetration testing
Contact Us
For privacy-related questions, concerns, or requests, contact:
AuroraGRC Privacy Officer
Email: privacy@auroragrc.com
For complaints about our privacy practices, you may also contact the Office of the Privacy Commissioner of Canada at priv.gc.ca or 1-800-282-1376.