1. Introduction

ERMapp Limited ("ERMapp", "we") allows businesses to manage risk and compliance. We are committed to protecting your personal data in accordance with the Regulation (EU) 2016/679 (GDPR) and the laws of the Republic of Cyprus.

2. Data Controller vs Processor

For data regarding our direct clients (billing, account admin), ERMapp Limited is the Data Controller. For data uploaded by our clients into the Platform (risk registers, audit logs), we act as a Data Processor.

3. Data We Collect

We collect the following data:

Account Information: Name, Email, Organization.
Usage Data: Logs, IP addresses, Login timestamps.
Payment Data: Processed securely via Stripe (we do not store card details).

4. Data Storage

All data is hosted in secure data centers located within the European Union (EU/EEA).

5. Your Rights

Under GDPR, you have the right to access, rectify, or erase your personal data. Contact our Data Protection Officer (DPO) at info@activeerm.com for requests.

Privacy Policy

1. Introduction

2. Data Controller vs Processor

3. Data We Collect

4. Data Storage

5. Your Rights