Privacy Policy
Last updated: June 18, 2026
Overview
At IABuddy, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you use our AI-powered audit documentation tool. By using our Service, you agree to the collection and use of information in accordance with this policy.
Information We Collect
- Account Information: We collect personal details such as your name and email address when you register.
- Workspace & Team Information: For Business plans, we store team configurations, roles, and workspace settings.
- Usage Data: We track feature usage, token consumption, and system logs to improve performance and billing accuracy.
- Uploaded Content: We store the files, workpapers, and evidence you upload to the platform to provide our core services.
How We Use Information
We use the collected data to:
- Provide, operate, and maintain the Service.
- Generate AI-powered outputs (such as audit tests and recommendations) as requested by you.
- Improve the reliability, security, and functionality of our platform.
- Manage billing, subscriptions, and payments.
AI and Uploaded Content
You maintain full ownership and control over the content you upload. We do not fabricate evidence. To generate results, we may send necessary excerpts of your uploaded documents to our AI providers. We do not sell your content to third parties or use it to train public AI models without your explicit consent.
Data Sharing
We do not sell your personal data. We may share information with trusted service providers who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. This includes hosting providers, analytics services, and payment processors. We may also disclose information when required to comply with the law.
Data Retention
We retain your personal information and content only for as long as your account is active or as needed to provide you with the Service. Upon account deletion, your data will be removed from our active systems following a limited retention period for backup and audit purposes.
Security
We implement industry-standard security measures to protect your data, including encryption in transit and at rest, strict access controls, and regular audit logs. However, no method of transmission over the Internet or method of electronic storage is 100% secure.
Your Rights (GDPR & CCPA)
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the data we hold about you.
- Rectification: Request correction of inaccurate information.
- Erasure: Request deletion of your data ("Right to be Forgotten").
- Portability: Request transfer of your data to another service.
- Objection: Object to processing of your data for direct marketing or legitimate interests.
To exercise these rights, please contact our Data Privacy Officer at privacy@iabuddy.ai.
Sub-processors
We use the following third-party service providers to process data on our behalf:
| Provider | Purpose | Location |
|---|---|---|
| Google Cloud (Firebase) | Hosting, Database, Authentication, AI | United States |
| Creem | Payment Processing | United States |
| EmailJS | Email Delivery (Contact Forms) | United States |
| Resend | Transactional Email Delivery | United States |
| Cal.com | Scheduling | United States |
Data Retention Schedule
We retain data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
| Data Type | Retention Period | Action |
|---|---|---|
| User Account Data | Active + 30 days post-deletion | Permanently Deleted |
| Audit Workpapers | Indefinite (User Managed) | User can delete anytime |
| Activity Logs | 1 Year | Automatically Rotated |
| Billing Records | 7 Years (Legal Requirement) | Archived for Tax/Audit |
Last Updated: June 18, 2026
If you have any questions about this Privacy Policy, please contact us at support@iabuddy.ai.