Introducing AI-Native Trust Infrastructure for SOC 2, ISO, HIPAA & PCI.

Rhodiumhunt
Book a Demo
Legal & Compliance

Privacy Policy

We are committed to protecting your privacy and ensuring the security of your data in compliance with GDPR, CCPA, SOC2, ISO27001, and applicable laws in the USA and India.

Last Updated: April 6, 2026

This Privacy Policy describes how Rhodiumhunt ("we," "us," "our," or "Company") collects, uses, discloses, and otherwise processes your personal information when you use our website, platform, and services (collectively, the "Services"). By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree with our practices, please do not use our Services.

1. Information We Collect

A. Information You Provide: We collect information you provide directly to us, such as when you create an account, fill out a form, request a demo, or communicate with us. This may include your name, email address, company name, phone number, job title, billing address, and payment information.

B. Information We Collect Automatically: When you use our Services, we automatically collect certain information about your device and usage, including IP address, browser type, operating system, pages visited, time spent on our site, referrer information, and device identifiers.

C. Data from Integrated Services: If you connect third-party services (e.g., AWS, GitHub, Okta, Jira) to our platform, we collect metadata and configuration information necessary to provide our compliance automation services. We do not access the content of your proprietary code or sensitive customer data unless explicitly authorized and instructed by you.

D. Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to enhance your experience, analyze usage, and deliver personalized content. See our separate Cookie Policy for details on how to manage cookie preferences.

2. How We Use Your Information

  • To provide, maintain, operate, and improve our Services.
  • To process transactions, manage your account, and send transactional communications.
  • To communicate with you about products, services, updates, offers, events, and news.
  • To monitor, analyze, and understand trends, usage patterns, and activities in connection with our Services.
  • To detect, investigate, and prevent fraudulent transactions and other illegal activities.
  • To comply with legal obligations, enforce our agreements, and protect our rights, privacy, and safety.
  • To conduct marketing analytics and develop targeted marketing campaigns (with your consent where required).

3. Lawful Basis for Processing (GDPR)

For residents of the European Economic Area, we process your personal data under the following lawful bases:

  • Consent:Where you have explicitly provided consent (e.g., newsletter signup, marketing communications, cookies).
  • Contract:To perform our contractual obligations to you under your user agreement and terms of service.
  • Legal Obligation:To comply with applicable laws, regulations, and legal requirements.
  • Legitimate Interests:To improve our Services, prevent fraud, ensure security, analyze usage, and develop new features (balanced against your rights).
  • Vital Interests:To protect your or others' life, safety, physical or mental health, or rights.

You may withdraw consent at any time by contacting privacy@rhodiumhunt.com. Withdrawal does not affect the lawfulness of processing based on other bases.

4. Data Retention Schedule

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

Data TypeRetention Period
Account data (name, email, phone)Duration of account + 3 years post-deletion or termination
Transaction and billing data7 years (for tax and legal compliance)
Usage and analytics data13 months
Support/support tickets3 years post-closure
Marketing communication opt-outs3 years (to honor opt-out requests)
Security/audit logs90 days minimum, up to 2 years as required

When data is no longer needed, we securely delete or anonymize it. Data retained for legal reasons is isolated and not used for any other purpose.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers:With vendors, consultants, and other service providers who need access to such information to carry out work on our behalf under Data Processing Agreements and confidentiality obligations (e.g., cloud hosting, payment processors, email services).
  • Legal Compliance:In response to a request for information if we believe disclosure is in accordance with any applicable law, regulation, legal process, or government request.
  • Business Transfers:In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business.
  • Aggregate Data:We may share aggregated, de-identified, or anonymized data with third parties for research, marketing, analytics, and other purposes.

All service providers are contractually obligated to maintain the confidentiality and security of your information and are prohibited from using it for any other purpose.

6. Security & Data Protection Practices

We take reasonable measures to help protect information about you from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. Our security practices include:

EncryptionTLS 1.3+ for data in transit; AES-256 encryption for data at rest on our servers.
Access ControlRole-based access control (RBAC); multi-factor authentication (MFA) required for admin accounts; principle of least privilege enforced.
Audit LoggingAll access to production systems logged and monitored; audit logs retained for minimum 90 days.
Vulnerability ManagementQuarterly security scans, annual penetration testing, and vulnerability disclosure program.
Incident Response1-hour detection target; 24-hour notification for breaches affecting confidentiality.
Service Availability99.95% monthly uptime SLA; daily backups with 30-day retention; tested disaster recovery procedures.

Important: No internet transmission is completely secure, and we cannot guarantee the absolute security of your data. We recommend using strong passwords, enabling MFA, and keeping your devices secure.

7. Your Privacy Rights & Choices

Depending on your location, you may have certain rights regarding your personal information:

General Rights (Available to All Users)

Access & UpdateYou may update your account information at any time by logging into your account settings.
Opt-OutYou may opt out of receiving promotional communications by following unsubscribe instructions in those messages.
DeletionYou may request deletion of your personal information, subject to legal and contractual exceptions.
Data PortabilityYou may request a copy of your personal data in a structured, commonly used, portable format.

GDPR Rights (EEA Residents)

In addition to the above, you have:

  • Right to Rectification: Correct inaccurate personal data.
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw previously given consent at any time.
  • Right to Lodge a Complaint: File a complaint with your local data protection authority.
  • Automated Decision-Making: Request human review of automated decisions that produce legal effects.

Requests must be made in writing to privacy@rhodiumhunt.com. We will respond within 30 days (extendable to 90 days for complex requests).

CCPA Rights (California Residents)

California residents have the right to:

  • 1. Right to Know: Request what personal information we collect, use, and share about you.
  • 2. Right to Delete: Request deletion of personal information we collected from you.
  • 3. Right to Correct: Request correction of inaccurate personal information.
  • 4. Right to Non-Discrimination: You will not be discriminated against for exercising your CCPA rights (no denial of service, price differences, or diminished quality).

DO NOT SELL MY PERSONAL INFORMATION

We do not sell personal information as defined by CCPA. California residents can submit requests via email to privacy@rhodiumhunt.com

Response Timeline: We will respond to verifiable consumer requests within 45 calendar days. We will verify your identity before processing requests.

USA Multi-State Privacy Rights

For Colorado, Virginia, Utah, Indiana, Tennessee, and Montana residents: You have the right to:

  • • Know what personal information we collect and how we use it
  • • Delete personal information we hold about you
  • • Access and port your personal information
  • • Correct inaccurate personal information
  • • Opt out of targeted advertising and profiling

Submit requests to privacy@rhodiumhunt.com

8. India-Specific Compliance

Data Localization

All personal data of residents of India is stored exclusively on servers located within India and is not transferred outside India without explicit consent or compliance with applicable Indian law.

Grievance Officer (IT Rules 2021)

Name: Not yet configured

Email: grievance@rhodiumhunt.com

Response Timeline: Initial acknowledgment within 48 hours; resolution within 30 days per IT Rules 2021

Complaint Redressal

  • • Complaints acknowledged within 48 hours
  • • Resolution target: 30 days from receipt
  • • All complaints logged and reported to required authorities
  • • Escalation mechanism available for unresolved complaints

9. Data Breach Notification

In the event of a data breach involving your personal information, we will:

  • GDPR (EU/EEA): Notify affected data subjects and supervisory authorities without undue delay and in no case later than 72 hours after discovery of the breach (if it poses a risk to rights and freedoms).
  • CCPA (California): Notify affected residents without unreasonable delay following discovery of the breach.
  • India: Notify affected Indian residents immediately if the breach impacts sensitive personal data.
  • General: Our target is 1-hour internal detection of potential breaches and 24-hour notification for breaches affecting confidentiality.

Notifications will include the nature of the breach, personal data affected, likely consequences, and measures taken to mitigate harm.

10. Third-Party Links & Services

Our Services may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing personal information. Your use of third-party services is governed by their terms and privacy policies, not ours.

11. Data Processing Agreements (DPA)

For customers in jurisdictions requiring Data Processing Agreements (e.g., GDPR), we provide a separate DPA as part of your service agreement. This DPA outlines:

  • Data processing terms and conditions
  • Sub-processor information and requirements
  • Data subject rights mechanisms
  • International data transfer safeguards (Standard Contractual Clauses)
  • Security and compliance obligations

Contact us at privacy@rhodiumhunt.com to request a DPA.

Questions or Concerns?

If you have any questions about this Privacy Policy, our privacy practices, or would like to exercise any of your rights, please contact us:

Privacy Officer (General)

Email: privacy@rhodiumhunt.com

Grievance Officer (India)

Email: grievance@rhodiumhunt.com

GDPR Data Protection Inquiry

Email: dpo@rhodiumhunt.com

Contact Privacy TeamContact Support
Contact Us